[CERT-daily] Tageszusammenfassung - Montag 25-03-2013

Daily end-of-shift report team at cert.at
Mon Mar 25 18:04:28 CET 2013


=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 22-03-2013 18:00 − Montag 25-03-2013 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter




*** SANS Pen Test Berlin 2013 ***
---------------------------------------------
"SANS Pen Test Berlin 2013 takes place from June 3rd to June 8th in the Radisson Blu Hotel on the bank of Berlins River Spree. SANS once again presents a world class line up of pen test training courses led by SANS globally renowned, expert instructors. As well as the unique SANS training experience, we will also be offering a series of @Night talks and social functions, plus the opportunity to take place in NetWars...."
---------------------------------------------
http://www.sans.org/event/pentest-berlin-2013




*** Apple: Sicherheitslücke in Account-Recovery-Tool ***
---------------------------------------------
Laut US-Berichten genügte es bis zum Freitag, die Mail-Adresse und das Geburtsdatum von Apple-ID-Inhabern zu kennen, um deren Passwort zu ersetzen.
---------------------------------------------
http://heise.de.feedsportal.com/c/35207/f/653902/s/29e6e636/l/0L0Sheise0Bde0Cnewsticker0Cmeldung0CApple0ESicherheitsluecke0Ein0EAccount0ERecovery0ETool0E1828970A0Bhtml0Cfrom0Catom10A/story01.htm




*** Bundeskriminalamt warnt vor neuem Lösegeld-Trojaner ***
---------------------------------------------
Erenut ist Schadsoftware im Umlauf, die Betroffenen unterstellt, jugendpornografisches Material zu verbreiten und zu einer Geldzahlung auffordert.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/29e7d088/l/0L0Sheise0Bde0Csecurity0Cmeldung0CBundeskriminalamt0Ewarnt0Evor0Eneuem0ELoesegeld0ETrojaner0E18289910Bhtml0Cfrom0Crss0A9/story01.htm




*** Schwache Schlüssel bei NetBSD ***
---------------------------------------------
Eine falsch gesetzte Klammer im Programmcode von NetBSD führt dazu, dass das System schwache kryptografische Schlüssel erzeugt. Besonders betroffen sind Schlüssel für OpenSSH-Server.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/29eea8f1/l/0L0Sheise0Bde0Csecurity0Cmeldung0CSchwache0ESchluessel0Ebei0ENetBSD0E18290A520Bhtml0Cfrom0Crss0A9/story01.htm




*** Wordpress wp-video-commando Plugin XSS ***
---------------------------------------------
Topic: Wordpress wp-video-commando Plugin XSS Risk: Low Text:# Exploit Title: Wordpress wp-video-commando Plugin Xss ((|)) # Vulnerability ...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/lkXYceohQoo/WLB-2013030207




*** MongoDB: Exploit im Netz, Metasploit-Modul in der Mache ***
---------------------------------------------
Administratoren von MongoDB mit der Version 2.2.3 sollten so schnell wie möglich auf die aktuelle Version 2.4.1 wechseln. Es ist ein Exploit aufgetaucht, der einen serverseitigen Buffer-Overflow und Crash verursachen kann.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/29f72124/l/0L0Sheise0Bde0Csecurity0Cmeldung0CMongoDB0EExploit0Eim0ENetz0EMetasploit0EModul0Ein0Eder0EMache0E18293110Bhtml0Cfrom0Crss0A9/story01.htm




*** [papers] - Hacking Trust Relationships Between SIP Gateways ***
---------------------------------------------
Hacking Trust Relationships Between SIP Gateways
---------------------------------------------
http://www.exploit-db.com/download_pdf/24878




*** Moodle Multiple Vulnerabilities ***
---------------------------------------------
Two weaknesses and multiple vulnerabilities have been reported in Moodle, which can be exploited by malicious users to disclose potentially sensitive information, manipulate certain data, and conduct script insertion attacks and by malicious people to disclose potentially sensitive and system information.
---------------------------------------------
https://secunia.com/advisories/52691




*** Novell ZENworks Configuration Management Control Center Arbitrary File Upload Vulnerability ***
---------------------------------------------
A vulnerability has been reported in Novell ZENworks Configuration Management, which can be exploited by malicious people to compromise the vulnerable system.
---------------------------------------------
https://secunia.com/advisories/52784


More information about the Daily mailing list