[CERT-daily] Tageszusammenfassung - Montag 25-02-2013

Mon Feb 25 18:06:32 CET 2013

=======================
= End-of-Shift report =
=======================
Timeframe:   Freitag 22-02-2013 18:00 − Montag 25-02-2013 18:00
Handler:     Matthias Fraidl
Co-Handler:  L. Aaron Kaplan

*** SCADA & Security of Critical Infrastructures ***
---------------------------------------------
"In the last few years there has been an increase within the worldwide security community consciousness of the risks related to cyber-attacks against critical infrastructures of a countries; an event considered by principal security experts extremely likely. Probably the strongest jolt has been caused by events such as the spread of the cyber weapon Stuxnet. This represented a historic change in the conception of military conflict: by using a malicious code, an actor in cyberspace could
---------------------------------------------
http://resources.infosecinstitute.com/scada-security-of-critical-infrastructures/


*** How researcher Hacked Facebook OAuth To Get Full Permission On Any Facebook Account ***
---------------------------------------------
"A Security Researcher Nir Goldshlager, has discovered a security flaw in Facebook that allowed him to take a full control over any Facebook account. OAuth is used by Facebook to communicate between Applications and Facebook users, Usally users must allow/accept the application request to access their account before the communication can start. Facebook application might ask for different permissions...."
---------------------------------------------
http://www.ehackingnews.com/2013/02/how-researcher-hacked-facebook-oauth-to.html


*** Auch Rechner bei Microsoft gehackt ***
---------------------------------------------
Nach Facebook, Twitter und Apple ist auch Microsoft Opfer eines Hacker-Angriffs geworden. Das gab der Konzern in einem Blog bekannt.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/28df5094/l/0L0Sheise0Bde0Csecurity0Cmeldung0CAuch0ERechner0Ebei0EMicrosoft0Egehackt0E180A93840Bhtml0Cfrom0Crss0A9/story01.htm


*** When web sites go bad: bible . org compromise ***
---------------------------------------------
"This is more of an "awareness" item to show to coworkers and relatives that you cant be careful enough. "bible . org" is a site that offers as the name implies access to the bible and related commentary as well as translations. Sadly, earlier this week the site go appearantly compromissed...."
---------------------------------------------
http://www.cyberwarzone.com/when-web-sites-go-bad-bible-org-compromise


*** SQL Injection vulnerability in extension CoolURI (cooluri) ***
---------------------------------------------
It has been discovered that the extension "CoolURI" (cooluri) is vulnerable to SQL Injection.
---------------------------------------------
http://typo3.org/news/article/sql-injection-vulnerability-in-extension-basic-seo-features-seo-basics-copy-1/


*** Several vulnerabilities in third party extensions ***
---------------------------------------------
Several vulnerabilities have been found in the following third-party TYPO3 extensions: attacalendar, attacpetition, eu_subscribe, exinit_job_offer, fefilebrowser, js_css_optimizer, kk_csv2table, lonewsseo, mn_mysql2json, news_search, tipafriend_plus, twitter_auth, sofortueberweisung2commerce, sys_messages
---------------------------------------------
http://typo3.org/news/article/several-vulnerabilities-in-third-party-extensions-2/


*** Oracle Enterprise Manager dBClone SQL Injection ***
---------------------------------------------
Topic: Oracle Enterprise Manager dBClone SQL Injection Risk: Medium Text: --BEGIN PGP SIGNED MESSAGE -- Hash: SHA1 TeamSHATTER Security Advisory SQL Injection in Oracle Enterprise Manager (dBCl...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/hJWisPeyKXY/WLB-2013020171


*** Samsung Galaxy S3 Screen-Lock Bypass ***
---------------------------------------------
Topic: Samsung Galaxy S3 Screen-Lock Bypass Risk: Medium Text:MTI Technology Vulnerability Research Team www.mti.com ukpentestinfo"at"mti.com Samsung Galaxy S3 partial screen-lock...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/Ao6gcgJr_qc/WLB-2013020165


*** Berichte: Hacker griffen Firmen und Behörden an ***
---------------------------------------------
Hacker aus China haben 2012 deutsche Behörden und die Unternehmen EADS und ThyssenKrupp angegriffen, berichten Focus und Spiegel.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/28e67749/l/0L0Sheise0Bde0Csecurity0Cmeldung0CBerichte0EHacker0Egriffen0EFirmen0Eund0EBehoerden0Ean0E180A95640Bhtml0Cfrom0Crss0A9/story01.htm


*** Firefox to spit out third-party cookies ***
---------------------------------------------
Mozilla says Apples got it more or less right The Mozilla Foundation has set up camp alongside Apple in the 'cookies are bad' section of the Internet, decreeing that three versions hence its flagship Firefox browser wont accept cookies from anyone other than the publisher of websites it visits.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/02/25/firefox_cookies_policy/


*** Schwachstellen auf dem Silbertablett ***
---------------------------------------------
Eine neue Suchmaschine namens Punkspider präsentiert die Scan-Ergebnisse der Sicherheitstests von Millionen von Web-Sites offen für jedermann. Ärger ist damit programmiert.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/28eebfbc/l/0L0Sheise0Bde0Csecurity0Cmeldung0CSchwachstellen0Eauf0Edem0ESilbertablett0E1810A1620Bhtml0Cfrom0Crss0A9/story01.htm