[CERT-daily] Tageszusammenfassung - Donnerstag 13-09-2012

Otmar Lendl lendl at cert.at
Mon Sep 17 15:29:23 CEST 2012


=======================
= End-of-Shift report =
=======================
Timeframe:   Donnerstag 13-09-2012 08:00 - Donnerstag 13-09-2012 18:00
Handler:     Stephan Richter
Co-Handler:  L. Aaron Kaplan


*** ICS-CERT Monthly Monitor for August 2012 ***
---------------------------------------------
"Internet facing medical devices may have a very similar security risk
profile to industrial control systems (ICSs). ICSs and medical devices are
valuable equipment, often critical to the viability of the system to which
they are attached. In each case, lives may depend on the devices
functioning correctly...."
---------------------------------------------
http://www.us-cert.gov/control_systems/pdf/ICS-CERT_Monthly_Monitor_August_2012.pdf




*** Vuln: OpenStack Keystone Token Validation CVE-2012-4413 Security Bypass
Vulnerability ***
---------------------------------------------
OpenStack Keystone Token Validation CVE-2012-4413 Security Bypass Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/55524




*** Cyber Defence & Network Security Conference - 28-31 Jan, 2013 ***
---------------------------------------------
"As a quick background, this is the best-attended cyber defence and network
security conference held by Defence IQ - covered by BBC in both 2011 and
2012. This event combines high-level strategic briefings from 26+ senior
international military and cyber experts, combined with valuable and
intimate networking opportunities with heads of CERT, Systems Security,
Military IT, Counter Terrorism, Cyber Crime and Networks professionals...."
---------------------------------------------
http://www.cdans.org/redForms.aspx?id=821954&pdf_form=1




*** Security update released for ColdFusion 10 and earlier (APSB12-21) ***
---------------------------------------------
Today, a Security Bulletin (APSB12-21) has been posted in regards to a
security hotfix for Adobe ColdFusion 10 and earlier versions for Windows,
Macintosh and UNIX. Adobe recommends users update their product
installation using the instructions provided in the security bulletin. This
posting is provided AS IS with no warranties and confers no rights.
---------------------------------------------
http://blogs.adobe.com/psirt/2012/09/security-update-released-for-coldfusion-10-and-earlier-apsb12-21.html




*** Microsoft disrupts traffic associated with the Nitol botnet, (Thu, Sep
13th) ***
---------------------------------------------
There is an interesting article that was just published by Microsofts
Digital Crimes Unit. Attackers have been infecting manufacturer supply
chains to spread their evil warez. Some unnamed manufacturers have been
selling products loaded with counterfeit versions of Windows software
embedded with harmful malware. The article goes on to say that the Malware
allows criminals to steal a persons personal information to access and
abuse their online services, including e-mail, social networking
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=14086&rss




*** PHP 5.5 soll Passwort-Schlamperei eindaemmen ***
---------------------------------------------
http://www.heise.de/security/meldung/PHP-5-5-soll-Passwort-Schlamperei-eindaemmen-1707355.html/from/atom10








More information about the Daily mailing list