[CERT-daily] Tageszusammenfassung - Donnerstag 27-09-2012

Thu Sep 27 18:27:26 CEST 2012

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 26-09-2012 18:00 − Donnerstag 27-09-2012 18:00
Handler:     Stephan Richter
Co-Handler:  L. Aaron Kaplan


*** Vuln: 389 Directory Server Access Bypass Vulnerability ***
---------------------------------------------
389 Directory Server Access Bypass Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/55690


*** Vuln: Zend Framework Multiple Cross Site Scripting Vulnerabilities ***
---------------------------------------------
Zend Framework Multiple Cross Site Scripting Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/bid/55636


*** Do Reverse Proxies Provide Real Security? ***
---------------------------------------------
"In the process of building / designing the infrastructure for a new project the following question was asked: shouldnt we use a reverse proxy to secure or protect the web servers? Of course the first question I asked myself is do reverse proxies provide real security? or is this a best / common practice that has been adopted without foundation?..."
---------------------------------------------
http://www.infosecisland.com/documentview/22458-Do-Reverse-Proxies-Provide-Real-Security.html


*** Maker of Smart-Grid Control Software Hacked ***
---------------------------------------------
"The maker of an industrial control system designed to be used with so-called smart grid networks disclosed to customers last week that hackers had breached its network and accessed project files related to a control system used in portions of the electrical grid. Telvent, which is owned by Schneider Electric, told customers in a letter that on Sept. 10 it learned of the breach into its network. The attackers installed malicious software on the network and also accessed project files for
---------------------------------------------
http://www.wired.com/threatlevel/2012/09/scada-vendor-telvent-hacked/


*** Cisco IOS Security Advisory Bundle - http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep12.html, (Thu, Sep 27th) ***
---------------------------------------------
-Kevin -- ISC Handler on Duty (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=14185&rss
http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep12.html


*** Netzbetreiber sehen Domain Name System durch Attacken zunehmend in Gefahr ***
---------------------------------------------
Groß angelegte Attacken auf DNS-Server sind in den vergangenen Monaten sprunghaft angestiegen. Angriffe, die die Netze mit Datenraten von 50 bis 100 Gigabit/Sekunde in die Knie zwingen, seien an der Tagesordnung, sagte Paul Vixie, Gründer des Internet Systems Consortium (ISC).
---------------------------------------------
http://www.heise.de/security/meldung/Netzbetreiber-sehen-Domain-Name-System-durch-Attacken-zunehmend-in-Gefahr-1719051.html/from/atom10


*** EU Banks Not Prepared for Attacks - Experts Cite Inadequate Controls, Information Sharing ***
---------------------------------------------
"Website outages that so far have targeted five leading U.S. banks should serve as a warning to global institutions of cyberthreats to come. Yet, major European institutions are not prepared to prevent or respond to such attacks, according to fraud and security experts at the European Network and Information Security Agency and Barclays, one of the worlds leading banks."What I see so much in Europe, especially in the U.K., is that no one wants to talk about the attacks theyre...
---------------------------------------------
http://www.bankinfosecurity.com/eu-banks-prepared-for-attacks-a-5144


*** [webapps] - Trend Micro Control Manager 5.5/6.0 AdHocQuery BlindSQL Injection (post-auth) ***
---------------------------------------------
Trend Micro Control Manager 5.5/6.0 AdHocQuery BlindSQL Injection (post-auth)
---------------------------------------------
http://www.exploit-db.com/exploits/21546


*** [webapps] - JAMF Casper Suite MDM CSRF Vulnerability ***
---------------------------------------------
JAMF Casper Suite MDM CSRF Vulnerability
---------------------------------------------
http://www.exploit-db.com/exploits/21545


*** Bugtraq: NGS00254 Patch Notification: Apple Mac OS X Lion USB Hub Class Hub Descriptor Arbitrary Code Execution ***
---------------------------------------------
NGS00254 Patch Notification: Apple Mac OS X Lion USB Hub Class Hub Descriptor Arbitrary Code Execution
---------------------------------------------
http://www.securityfocus.com/archive/1/524248


*** Bugtraq: XSS in OSSEC wui 0.3 ***
---------------------------------------------
XSS in OSSEC wui 0.3
---------------------------------------------
http://www.securityfocus.com/archive/1/524247


*** Cyber Security Bulletin SB12-269 - Vulnerability Summary for the Week of September 17, 2012 ***
---------------------------------------------
"High Vulnerabilities : adobe -- flash_playeranecms -- anecmsapple -- mac_os_xapple -- mac_os_xbananadance -- banana_dancebioinformatics -- ordersysMedium Vulnerabilities:apache -- wicketapache -- cxfapple -- safariapple -- mac_os_xapple -- iphone_osblairwilliams -- pretty_link_lite_pluginburnsy -- jbshop_pluginLow Vulnerabilities:63reasons -- supercronalex_barth -- dataalquimia -- managesitecisco -- ioscollectivecolors -- taxonomy_view_integrator_moduledmitry_loac -- taxotouch..."
---------------------------------------------
http://www.us-cert.gov/cas/bulletins/SB12-269.html#top


*** News, Technologies and Techniques: Why SSD Drives Destroy Court Evidence, and What Can Be Done About It: Part 1 ***
---------------------------------------------
Solid State drives SSD introduced dramatic changes to the principles of computer forensics. Forensic acquisition of computers equipped with SSD storage is very different from how we used to acquire PCs using traditional magnetic media. read more
---------------------------------------------
http://www.dfinews.com/article/why-ssd-drives-destroy-court-evidence-and-what-can-be-done-about-it-part-1