Daily October 2012

daily@lists.cert.at

1 participants
22 discussions

Tageszusammenfassung - Mittwoch 31-10-2012
by Daily end-of-shift report 31 Oct '12

31 Oct '12

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 30-10-2012 18:00 − Mittwoch 31-10-2012 18:00 Handler: Matthias Fraidl Co-Handler: Robert Waldner *** Citrix XenServer 6.0.2 Privilege Escalation *** --------------------------------------------- Topic: Citrix XenServer 6.0.2 Privilege Escalation Risk: Medium Text: ADVISORY = Systems Affected: Citrix XenServer 5.0 through 6.0.2 Severity: High Ca... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/wk0udMQ2Uz4/WLB-20… *** THOMAS: Cyber security for the home *** --------------------------------------------- "When we think about cyber security we usually think about big businesses or government agencies, but securing your computers and information is important in your home, too. Hackers and thieves have a number of reasons to break into your computer, but the most common are to steal the information stored there and to use the resources of your computer to do their bidding. One of the things a hacker wants from your computer is information...." --------------------------------------------- http://www.nctimes.com/news/local/columnists/thomas/thomas-cyber-security-f… *** Trojaner-Schnäppchen mit Windows-8-Unterstützung *** --------------------------------------------- Während einige Antivirenhersteller mit Microsofts neuestem Betriebssystem noch Probleme haben, ist die Cybercrime-Community schon voll auf den Windows-8-Zug aufgesprungen. So wird etwa auf einer bei Google gehosteten Site für 40 Euro ein bereits Windows-8-kompatibles "Remote Administration Tool" namens Xtreme RAT angeboten kostenlose Updates inklusive. --------------------------------------------- http://www.heise.de/security/meldung/Trojaner-Schnaeppchen-mit-Windows-8-Un… *** VM-aware viruses on the rise *** --------------------------------------------- "Viruses targeting virtual machines (VM) are growing in numbers and will soon be the dominant force in the world of cyber crime. Speaking at this weeks SNW Europe conference in Frankfurt, Joe Llewelyn, head of global sales training at Kaspersky Lab, warned of the increase and the trouble they could cause. A lot of the viruses we are now seeing are virtual machine aware, meaning they will work out if they are running on a VM, he said...." --------------------------------------------- http://www.computerweekly.com/news/2240169662/VM-aware-viruses-on-the-rise?… *** Linux: Patch für den Ext4-Bug *** --------------------------------------------- Die Ursache des vor einer Woche aufgefallenen Bugs im Linux-Dateisystem Ext4 ist gefunden. Ext4-Chefentwickler Ted Ts'o hat einen wenige Zeilen langen Patch geschrieben und zur Aufnahme in den Kernel 3.7 bereitgestellt. --------------------------------------------- http://www.heise.de/open/meldung/Patch-fuer-den-Ext4-Bug-1740840.html/from/… *** Kritische Lücken in Plone und Zope *** --------------------------------------------- Die Plone Foundation warnt vor kritischen Sicherheitslücken in ihrem Open-Source-CMS Plone. Auch das Python-basierten Web-Framework Zope ist verwundbar. Betroffen sind jeweils alle Versionen einschließlich der aktuellen. Durch die Schwachstellen kann ein Angreifer schlimmstenfalls die Kontrolle über den Server übernehmen. --------------------------------------------- http://www.heise.de/security/meldung/Kritische-Luecken-in-Plone-und-Zope-17… *** Sicherheitslücke in Yahoos JavaScript-Framework YUI 2 *** --------------------------------------------- In einem Blog-Beitrag weist //www.yahoo.com:Yahoo auf eine Sicherheitslücke in seiner freien JavaScript-Bibliothek YUI 2 hin. Eine nähere Beschreibung des Bugs gibt es nicht, er betrifft zudem nur Anwender, die den Quellcode des Frameworks selbst bereitstellen: In der von Yahoos Content Delivery Network ausgelieferten Version ist er beseitigt. --------------------------------------------- http://www.heise.de/security/meldung/Sicherheitsluecke-in-Yahoos-JavaScript…

1 0

Tageszusammenfassung - Dienstag 30-10-2012
by Daily end-of-shift report 30 Oct '12

30 Oct '12

======================= = End-of-Shift report = ======================= Timeframe: Montag 29-10-2012 18:00 − Dienstag 30-10-2012 18:00 Handler: Matthias Fraidl Co-Handler: Robert Waldner *** ICS-CERT warnt vor Angriffen auf industrielle Steuerungssysteme *** --------------------------------------------- Die Attacken auf industrielle Steuerungssysteme nehmen zu. Das Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) hat dazu eine Warnung herausgegeben, die vom Bundesamt für Sicherheit und Informationstechnik (BSI) unterstützt wird. Spezielle Tools und Suchmaschinen erleichtern auch unerfahrenen Angreifern die Attacken auf Maschinen und Geräte, die Relevanz für die Infrastruktur, wie etwa die Stromnetze, haben. --------------------------------------------- http://www.heise.de/security/meldung/ICS-CERT-warnt-vor-Angriffen-auf-indus… *** Legacy Applications a Threat to Windows 8 Security *** --------------------------------------------- "The security features of Windows 8 are among the more highly touted aspects of the new operating system. However, theyre not worth much if users can bypass them, and thats exactly what Bitdefenders Alex Balan said could happen to users who hang on to pre-Windows 8 applications. Since they run outside the secure interface, theyre more vulnerable...." --------------------------------------------- http://www.technewsworld.com/story/76499.html *** Critical error in CoDeSys runtime of SCADA systems *** --------------------------------------------- "Ron Wightman discovered vulnerability in the CoDeSys runtime during Project Basecamp, where industrial security guards come together. The problem is that according Wightman attackers by security hole in CoDeSys control PLCs can get into the industrial systems and critical infrastructures which it is mounted. An attacker must already have access to the network...." --------------------------------------------- http://www.automatiseringgids.nl/nieuws/2012/44/kritieke-fout-in-codesys-ru… *** Falsche Fährten für Schnüffel-Apps *** --------------------------------------------- Eine modifizierte Version des Android-Betriebssystems füttert Apps, die Daten auslesen, mit extra fehlerhaften Informationen. --------------------------------------------- http://www.heise.de/newsticker/meldung/Falsche-Faehrten-fuer-Schnueffel-App… *** Bugtraq: [security bulletin] HPSBUX02825 SSRT100974 rev.1 - HP-UX Running Java, Remote Indirect Vulnerabilities *** --------------------------------------------- [security bulletin] HPSBUX02825 SSRT100974 rev.1 - HP-UX Running Java, Remote Indirect Vulnerabilities --------------------------------------------- http://www.securityfocus.com/archive/1/524541

1 0

Tageszusammenfassung - Montag 29-10-2012
by Daily end-of-shift report 29 Oct '12

29 Oct '12

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 25-10-2012 18:00 − Montag 29-10-2012 18:00 Handler: Robert Waldner Co-Handler: Matthias Fraidl *** Realplayer Watchfolders long Filepath Overflow *** --------------------------------------------- Topic: Realplayer Watchfolders long Filepath Overflow Risk: High Text:Realplayer Watchfolders Long Filepath Overflow by Joseph Sheridan Summary Realplayer version 15.0.5.109 is vulnerable to ... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/dOv6-0tUVh8/WLB-20… *** Detecting Advanced Persistent Threat with Network Traffic Analysis *** --------------------------------------------- "A high degree of stealthiness over a prolonged duration of operation in order to do a successful cyber attack can be defined as Advanced Persistent Threat. The attack objectives therefore typically extend beyond immediate financial gain, and compromised systems continue to be of service even after key systems have been breached and initial goals reached. Todays successful targeted attacks use a combination of social engineering, malware, and backdoor activities...." --------------------------------------------- http://thehackernews.com/2012/10/detecting-advanced-persistent-threat.html#… *** [dos] - Microsoft Office Publisher 2010 Crash PoC *** --------------------------------------------- Microsoft Office Publisher 2010 Crash PoC --------------------------------------------- http://www.exploit-db.com/exploits/22310 *** [dos] - Microsoft Windows Help program (WinHlp32.exe) Crash PoC *** --------------------------------------------- Microsoft Windows Help program (WinHlp32.exe) Crash PoC --------------------------------------------- http://www.exploit-db.com/exploits/22303 *** Another systematic SCADA vuln *** --------------------------------------------- "If its Monday, it must be time for a new SCADA vulnerability: this time, arising through the combination of a popular development environment and bad developer habits. Described in full by Digital Bond researcher Reid Wightman here, as many as 261 manufacturers and heaven-knows-how-many deployed systems may have created insecure systems using the software. The software in question is CoDeSys, from German company S3...." --------------------------------------------- http://www.theregister.co.uk/2012/10/28/codesys_vulnerability/ *** Vuln: Drupal Arbitrary PHP Code Execution and Information Disclosure Vulnerabilities *** --------------------------------------------- Drupal Arbitrary PHP Code Execution and Information Disclosure Vulnerabilities --------------------------------------------- http://www.securityfocus.com/bid/56103 *** Schädling versteckt sich hinter der Maus *** --------------------------------------------- xhtml --------------------------------------------- http://www.heise.de/security/meldung/Schaedling-versteckt-sich-hinter-der-M… *** Bugtraq: [SECURITY] [DSA 2567-1] request-tracker3.8 security update *** --------------------------------------------- [SECURITY] [DSA 2567-1] request-tracker3.8 security update --------------------------------------------- http://www.securityfocus.com/archive/1/524528 *** Steuerungssysteme mit Hintertür *** --------------------------------------------- Die Programmiersoftware CoDeSys des deutschen Herstellers 3 S-Smart Software Solutions kann aus der Ferne ohne Authentifizierung manipuliert werden. Die Software wird für die digitale Steuerung von Maschinen und Anlagen von 261 Geräteherstellern genutzt. Damit verwenden "Tausende von Endanwendern aus dem Maschinen- und Anlagenbau und weiteren Industriezweigen CoDeSys", wie 3 S-Smart auf ihrer Internetseite angibt. Zu den Firmen, die CoDeSys nutzen, gehören unter anderem Unternehmen im Energie-, Militär- und Navigationsbereich. Entdeckt hat die Sicherheitslücke Reid Wightman, Sicherheits-Berater bei digital bond. --------------------------------------------- http://www.heise.de/security/meldung/Steuerungssysteme-mit-Hintertuer-17384…

1 0

Tageszusammenfassung - Donnerstag 25-10-2012
by Daily end-of-shift report 25 Oct '12

25 Oct '12

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 24-10-2012 18:00 − Donnerstag 25-10-2012 18:00 Handler: Robert Waldner Co-Handler: n/a *** Bugtraq: VUPEN Security Research - Oracle Java Font Processing Glyph Element Memory Corruption Vulnerability *** --------------------------------------------- VUPEN Security Research - Oracle Java Font Processing Glyph Element Memory Corruption Vulnerability --------------------------------------------- http://www.securityfocus.com/archive/1/524507 *** Bugtraq: VUPEN Security Research - Oracle Java Font Processing "maxPointCount" Heap Overflow Vulnerability *** --------------------------------------------- VUPEN Security Research - Oracle Java Font Processing "maxPointCount" Heap Overflow Vulnerability --------------------------------------------- http://www.securityfocus.com/archive/1/524506 *** Bugtraq: [waraxe-2012-SA#094] - Multiple Vulnerabilities in Wordpress GRAND Flash Album Gallery Plugin *** --------------------------------------------- [waraxe-2012-SA#094] - Multiple Vulnerabilities in Wordpress GRAND Flash Album Gallery Plugin --------------------------------------------- http://www.securityfocus.com/archive/1/524509 *** Microsoft Office Word 2010 Stack Exhaustion *** --------------------------------------------- Topic: Microsoft Office Word 2010 Stack Exhaustion Risk: Low Text:Title : Microsoft Office Word 2010 Stack Overflow Version : Microsoft Office professional Plus 2010 Date : 2012... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/nm8w9gqy73w/WLB-20… *** National and International Cyber Security Exercises: Survey, Analysis & Recommendations *** --------------------------------------------- "Cyber exercises are an important tool to assess the preparedness of a community against cyber crises, technology failures and critical information infrastructure incidents. ENISA supports the stakeholders involved in EU cyber exercises. This report aims to support European and international bodies involved in cyber exercises with lessons learned about cyber exercises and recommendations for the future...." --------------------------------------------- http://www.enisa.europa.eu/activities/Resilience-and-CIIP/cyber-crisis-coop… *** Researcher to demonstrate feature-rich malware that works as a browser extension *** --------------------------------------------- "Security researcher Zoltan Balazs has developed a remote-controlled piece of malware that functions as a browser extension and is capable of modifying Web pages, downloading and executing files, hijacking accounts, bypassing two-factor authentication security features enforced by some websites, and much more. Balazs, who works as an IT security consultant for professional services firm Deloitte in Hungary, created the proof-of-concept malware in order to raise awareness about the security --------------------------------------------- http://www.computerworld.com/s/article/9232848/Researcher_to_demonstrate_fe…

1 0

Tageszusammenfassung - Mittwoch 24-10-2012
by Daily end-of-shift report 24 Oct '12

24 Oct '12

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 23-10-2012 18:00 − Mittwoch 24-10-2012 18:00 Handler: Robert Waldner Co-Handler: Matthias Fraidl *** Apple QuickTime 7.7.2(1680.56) Division By Zero *** --------------------------------------------- Topic: Apple QuickTime 7.7.2(1680.56) Division By Zero Risk: Low Text:#Title : Apple QuickTime Player suffers from Division By Zero #Version : 7.7.2(1680.56) #Date : 2012-10-23 #Ve... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/0bLOTA2eMtQ/WLB-20… *** Time to run Windows Update - - Microsoft Updates KB2755801 for Windows RT / IE10 / Flash Player - http://technet.microsoft.com/en-us/security/advisory/2755801, (Wed, Oct 24th) *** --------------------------------------------- =============== Rob VandenBrink Metafore (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. --------------------------------------------- http://isc.sans.edu/diary.html?storyid=14365&rss *** The NetSA group at CERT has developed and maintains a suite of open source tools *** --------------------------------------------- "The Network Situational Awareness (NetSA) group at CERT has developed and maintains a suite of open source tools for monitoring large-scale networks using flow data. These tools have grown out of the work of the AirCERT project, the SiLK project and the effort to integrate this work into a unified, standards-compliant flow collection and analysis platform...." --------------------------------------------- http://tools.netsa.cert.org/ *** Bugtraq: [security bulletin] HPSBHF02819 SSRT100920 rev.1 - HP, 3COM, and H3C Routers & Switches, Remote Disclosure of Information *** --------------------------------------------- [security bulletin] HPSBHF02819 SSRT100920 rev.1 - HP, 3COM, and H3C Routers & Switches, Remote Disclosure of Information --------------------------------------------- http://www.securityfocus.com/archive/1/524496

1 0

Tageszusammenfassung - Dienstag 23-10-2012
by Daily end-of-shift report 23 Oct '12

23 Oct '12

======================= = End-of-Shift report = ======================= Timeframe: Montag 22-10-2012 18:00 − Dienstag 23-10-2012 18:00 Handler: Robert Waldner Co-Handler: Matthias Fraidl *** CyanogenMod protokolliert Sperrmuster *** --------------------------------------------- Die Android-Firmware CyanogenMod protokolliert offenbar die zur Entsperrung des Smartphones verwendeten Wischmuster mit. Das hat ein Entwickler bemerkt und mit einem Mini-Patch abgestellt. CyanogenMod ist eine herstellerunabhängige Firmware für Android-Smartphones. --------------------------------------------- http://www.heise.de/security/meldung/CyanogenMod-protokolliert-Sperrmuster-… *** Google Drive öffnet Hintertür zum Google-Account *** --------------------------------------------- Der Windows-Client von Googles Dropbox-Alternative Drive öffnet eine Hintertür in den Google-Account, durch die sich neugierige Mitmenschen unter Umständen Zugriff auf Mails, Kontakte und Termine des Drive-Nutzers verschaffen können. --------------------------------------------- http://www.heise.de/security/meldung/Google-Drive-oeffnet-Hintertuer-zum-Go… *** Trend Micro Report for Q3, 2012: Zero-Days, Mobile Malware and Phishing *** --------------------------------------------- "Security firm Trend Micro has released its Security Roundup Report for the third quarter of 2012. The figures highlight the fact that the number of malicious elements designed to target Android devices has increased from 30,000 (in June) to almost 175,000 (in September). While some of them are designed to inflate phone bills and fill the crooks pockets, others pose a privacy threat...." --------------------------------------------- http://news.softpedia.com/news/Trend-Micro-Report-for-Q3-2012-Zero-Days-Mob… *** ENISA Midpoint Report: First European Cyber Security Month Is a Success *** --------------------------------------------- "The European Network and Information Security Agency (ENISA) has released a midpoint report on the first European Cyber Security Month (ECSM) and the figures are highly encouraging. The campaign has already reached close to 2 million users on Facebook and judging by the upcoming events, it will reach a lot more in the following period. Hundreds of professionals and thousands of regular Internet users have already taken part in events hosted by Portugal, Spain, Norway, Luxemburg and --------------------------------------------- http://news.softpedia.com/news/ENISA-Midpoint-Report-First-European-Cyber-S… *** Vuln: Real Networks RealPlayer Write Access Violation Arbitrary Code Execution Vulnerability *** --------------------------------------------- Real Networks RealPlayer Write Access Violation Arbitrary Code Execution Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/56113 *** Joomla SQLReport Password Disclosure *** --------------------------------------------- Topic: Joomla SQLReport Password Disclosure Risk: Medium Text:Title:Password Disclosure Vulnerability Author:AsSerT && MetAiZM Vendor:Joomla Dork:inurl:com_sqlreport Disclosure: http... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/L88Vk3uNWlw/WLB-20… *** Solar-power system flaws shine light on Smart Grid threats *** --------------------------------------------- "The Homeland Security Department has issued an alert about vulnerabilities in a control system for solar electric systems that could allow unauthorized users to access to the system and execute malicious code. The equipment is sold by the Italian systems integrator Sinapsi, and although a proof-of-concept exploit has been published, no exploits have yet been reported in the wild. The alert is a reminder of the need to incorporate security into increasingly complex and interactive power --------------------------------------------- http://gcn.com/blogs/cybereye/2012/10/solar-system-flaws-smart-grid-threats… *** Adobe schließt kritische Shockwave-Lücken *** --------------------------------------------- Adobe schließt mit der Shockwave-Version 11.6.8.638 für Windows und Mac OS X zahlreiche kritische Lücken, durch die ein Angreifer potenziell Schadcode ins System schleusen kann. Insgesamt sind den Schwachstellen sechs CVE-Nummern zugeordnet. Es handelt sich vor allem um Pufferüberläufe. --------------------------------------------- http://www.heise.de/security/meldung/Adobe-schliesst-kritische-Shockwave-Lu…

1 0

Tageszusammenfassung - Montag 22-10-2012
by Daily end-of-shift report 22 Oct '12

22 Oct '12

======================= = End-of-Shift report = ======================= Timeframe: Freitag 19-10-2012 18:00 − Montag 22-10-2012 18:00 Handler: Robert Waldner Co-Handler: Christian Wojner *** Dutch government seeks to let law enforcement hack foreign computers *** --------------------------------------------- "The Dutch government wants to give law enforcement authorities the power to hack into computers, including those located in other countries, for the purpose of discovering and gathering evidence during cybercrime investigations. In a letter that was sent to the lower house of the Dutch parliament on Monday, the Dutch Minister of Security and Justice Ivo Opstelten outlined the governments plan to draft a bill in upcoming months that would provide law enforcement authorities with new --------------------------------------------- http://www.cio.com.au/article/439620/dutch_government_seeks_let_law_enforce… *** Joomla Commedia 3.1 SQL Injection *** --------------------------------------------- Topic: Joomla Commedia 3.1 SQL Injection Risk: Medium Text: Exploit Title: Joomla commedia Remote Exploit dork: inurl:index.php?option=com_commedia Date: [18-10-2012] Autho... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/ixjlWHyPfk0/WLB-20… *** F5 FirePass SSL VPN 4xxx Series & Arbitrary URL Redirection *** --------------------------------------------- Topic: F5 FirePass SSL VPN 4xxx Series & Arbitrary URL Redirection Risk: Low Text:1. OVERVIEW F5 FirePass SSL VPN is vulnerable to Open URL Redirection. 2. BACKGROUND F5 FirePass SSL VPN provides se... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/jehSXRUk280/WLB-20… *** WordPress Wordfence Security XSS and IAA vulnerabilities *** --------------------------------------------- Topic: WordPress Wordfence Security XSS and IAA vulnerabilities Risk: Low Text:I want to warn you about Cross-Site Scripting and Insufficient Anti-automation vulnerabilities in Wordfence Security for Word... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/ixOVIlVAzxA/WLB-20… *** Joomla Tag SQL Injection *** --------------------------------------------- Topic: Joomla Tag SQL Injection Risk: Medium Text: Exploit Title: Joomla tag Remote Sql Exploit dork: inurl:index.php?option=com_tag Date: [18-10-2012] Author: Dan... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/t2QhRZO4mj0/WLB-20… *** Joomla Freestyle Support 1.9 SQL Injection *** --------------------------------------------- Topic: Joomla Freestyle Support 1.9 SQL Injection Risk: Medium Text: Exploit Title: Joomla Freestyle Support com_fss sqli Dork: N/A Date: [17-10-2012] Author: Daniel Barragan "D4NB4... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/BL5miMrFF0w/WLB-20… *** Internet Explorer 9 XSS Filter Bypass *** --------------------------------------------- Topic: Internet Explorer 9 XSS Filter Bypass Risk: Low Text: # Internet Explorer 9 XSS Filter Bypass # Discovered by: Jean Pascal Pereira --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/0YxVKyCrmJU/WLB-20… *** US government cyber attack warnings are hypocritical, claims F-Secure chief *** --------------------------------------------- "Renowned security expert Mikko Hypponen has publicly given the US government a tongue lashing by claiming its warnings on cyber attacks are hypocritical. The F-Secure security chief criticised the US Defense Secretary Leon Panetta for saying that the country is on the cusp of experiencing a "cyber Pearl Harbor" in a speech last week. Panetta had claimed that the US government and critical infrastructure businesses are currently being besieged by state sponsored hackers with --------------------------------------------- http://www.v3.co.uk/v3-uk/news/2218614/us-government-cyber-attack-warnings-… *** Billabong hacked, threats of mass data leaks from @GoatseSec *** --------------------------------------------- One of the worlds largest surfing based brands has come under the eye of hackers after they gained access to its database via a exploitable wordpress installation. --------------------------------------------- http://www.cyberwarnews.info/2012/10/21/billabong-hacked-threats-of-mass-da… *** Adobe reader 10.1.4 memory corruption *** --------------------------------------------- Topic: Adobe reader 10.1.4 memory corruption Risk: High Text:#!/usr/bin/perl #Title : Adobe reader 10.1.4 memory corruption #Version : 10.1.4.38 #Date : 2012-10-12 #Vendor ... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/qrIZMwM6M7g/WLB-20… *** cpanel 11.32.5 (build 11) 11.32.5.11 CSRF *** --------------------------------------------- Topic: cpanel 11.32.5 (build 11) 11.32.5.11 CSRF Risk: Low Text: = Vulnerable Software: cPanel version : 11.32.5 (build 11)-11.32.5.11 [ cPanel Pro ] Vulnerability: CSRF Vendor: cpanel.... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/CNVJqOmG7OI/WLB-20… *** Service Sells Access to Fortune 500 Firms *** --------------------------------------------- An increasing number of services offered in the cybercrime underground allow miscreants to purchase access to hacked computers at specific organizations. For just a few dollars, these services offer the ability to buy your way inside of Fortune 500 company networks. --------------------------------------------- http://feedproxy.google.com/~r/KrebsOnSecurity/~3/3T5OQmyiwT4/ *** Movable Type Pro 5.13en Cross Site Scripting *** --------------------------------------------- Topic: Movable Type Pro 5.13en Cross Site Scripting Risk: Low Text:Keywords: CVE-2012-1503, Movable Type Pro 5.13en, Stored XSS, JavaScript Injection, Vendor Unresponsive, Full Disclosure In... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/UKDndJWwGNA/WLB-20…

1 0

Tageszusammenfassung - Freitag 19-10-2012
by Daily end-of-shift report 19 Oct '12

19 Oct '12

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 18-10-2012 18:00 − Freitag 19-10-2012 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** Download the report from FireEye, now. *** --------------------------------------------- "Learn how to protect your organization from the most dangerous cyber attacks by discovering the tactics used in successful attacks. In a unique report from FireEye, youll get first-hand information from the FireEye Malware Intelligence Labs, which analyzes data from Malware Protection Systems (MPS) deployed behind existing security defenses. Youll benefit from gaining visibility into the most lethal attacks of the year, and discovering how they successfully evaded traditional --------------------------------------------- http://www2.fireeye.com/FierceCIO_Advanced_Threat_LP.html *** Cyber Security Awareness Month - Day 18 - Vendor Standards: The vSphere Hardening Guide, (Thu, Oct 18th) *** --------------------------------------------- Many vendors have security hardening guides - step-by-step guides to increasing the security posture of one product or another. We alluded to the Cisco guides earlier this month (Day 11), Microsoft also makes a decent set of hardening guides for Windows server and workstation products, as do most Linux distros - youll find that most vendors have documents of this type. VMwares vSphere hardening guide is one I use frequently. Its seen several iterations over the years - the versions considered --------------------------------------------- http://isc.sans.edu/diary.html?storyid=14341&rss *** Apple banishes Java from Mac browsers *** --------------------------------------------- Fanbois told to install Oracles plugin Apple has discontinued its own Java plugin, issuing an update that removes it from MacOS and encourages users to instead download Oracles version of the software.� --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2012/10/19/apple_banis… *** Dont secure the internet, it needs crime: Diffie *** --------------------------------------------- "While many people see securing the internet as a means to stopping cybercrime, former vice president for information security and cryptography at the Internet Corporation for Assigned Names and Numbers (ICANN) Whitfield Diffie thinks that internet crime may be necessary. Diffie, who spoke at the Australian Information Security Associations National Conference 2012 in Sydney this week, is better known for his contribution to the cryptography community by devising with Martin Hellman and --------------------------------------------- http://www.zdnet.com/dont-secure-the-internet-it-needs-crime-diffie-7000005… *** Palo Alto Networks GlobalProtect Man-In-The-Middle *** --------------------------------------------- Topic: Palo Alto Networks GlobalProtect Man-In-The-Middle Risk: Low Text: SySS-Advisory: MitM-vulnerability in Palo Alto Networks GlobalProtect Prob... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/SD1xHp0GFaM/WLB-20… *** RealPlayer 15.0.6.14 suffers from Arbitrary Code Execution *** --------------------------------------------- Topic: RealPlayer 15.0.6.14 suffers from Arbitrary Code Execution Risk: High Text:Title : RealPlayer 15.0.6.14 suffers from Arbitrary Code Execution Version : 15.0.6.14 Date : 2012-10-18 Vendor : ... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/ZE9qMdPQl-Q/WLB-20… *** Vuln: Computer Associates ARCserve Backup Remote Code Execution and Denial of Service Vulnerabilities *** --------------------------------------------- Computer Associates ARCserve Backup Remote Code Execution and Denial of Service Vulnerabilities --------------------------------------------- http://www.securityfocus.com/bid/56116

1 0

Tageszusammenfassung - Donnerstag 18-10-2012
by Daily end-of-shift report 18 Oct '12

18 Oct '12

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 17-10-2012 18:00 − Donnerstag 18-10-2012 18:00 Handler: Stephan Richter Co-Handler: L. Aaron Kaplan *** Oracle Leaves Fix for Java SE Zero Day Until February Patch Update *** --------------------------------------------- "Oracle will not patch a critical sandbox escape vulnerability in Java SE versions 5, 6 and 7 until its February Critical Patch Update, according to the researcher who discovered the flaw. Adam Gowdiak of Polish security firm Security Explorations told Threatpost via email that Oracle said it was deep into testing of another Java patch for the October CPU released yesterday and that it was too late to include the sandbox fix. Gowdiak said he plans to present technical details on the flaw... --------------------------------------------- http://threatpost.com/en_us/blogs/oracle-leaves-fix-java-se-zero-day-until-… *** Vuln: Oracle Database Authentication Protocol CVE-2012-3137 Security Bypass Vulnerability *** --------------------------------------------- Oracle Database Authentication Protocol CVE-2012-3137 Security Bypass Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/55651 *** High bandwidth DDoS attacks are now common, researcher says *** --------------------------------------------- "Distributed denial-of-service (DDoS) attacks with an average bandwidth of over 20Gbps have become commonplace this year, according to researchers from from DDoS mitigation vendor Prolexic. Last year such high-bandwidth attacks were isolated incidents, but attacks that exceed 20Gbps in bandwidth occur frequently now, Prolexics president Stuart Scholly said Tuesday. This is significant because very few companies or organizations have the necessary network infrastructure to deal with... --------------------------------------------- http://www.computerworld.com/s/article/9232487/High_bandwidth_DDoS_attacks_… *** ModSecurity 2.6.8 multipart/invalid part ruleset bypass *** --------------------------------------------- Topic: ModSecurity 2.6.8 multipart/invalid part ruleset bypass Risk: Medium Text:SEC Consult Vulnerability Lab Security Advisory == title: ModSecurity mul... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/5KOdJs9aZmg/WLB-20… *** One year on, SSL servers STILL cower before the BEAST *** --------------------------------------------- 70% of sites still vulnerable to cookie monster The latest monthly survey by the SSL Labs project has discovered that many SSL sites remain vulnerable to the BEAST attack, more than a year after the underlying vulnerability was demonstrated by security researchers.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2012/10/18/ssl_securit… *** Four horsemen posse: This here security town needs a new sheriff *** --------------------------------------------- Body which issues CISSP tin stars set for shakeup? As the overpriced beers flowed and dusk approached in central London pubs surrounding the venue of RSA Europe last week, talk often turned towards the (ISC)2 security certification body.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2012/10/18/isc2_electi… *** A New Cybersecurity Technique - Signature-based communications blockage for control systems *** --------------------------------------------- "This is a brief look at a new product capability reported by Tofino Security that may allow some ICS owners to avoid at least part of their patch cycle without increasing security vulnerability...." --------------------------------------------- http://chemical-facility-security-news.blogspot.nl/2012/10/a-new-cybersecur… *** [webapps] - OTRS 3.1 Stored XSS Vulnerability *** --------------------------------------------- OTRS 3.1 Stored XSS Vulnerability --------------------------------------------- http://www.exploit-db.com/exploits/22070 *** Bugtraq: Internet Explorer 9 XSS Filter Bypass *** --------------------------------------------- Internet Explorer 9 XSS Filter Bypass --------------------------------------------- http://www.securityfocus.com/archive/1/524460 *** Before We Knew It - An Empirical Study of Zero-Day Attacks In The Real World *** --------------------------------------------- Little is known about the duration and prevalence of zero-day attacks, which exploit vulnerabilities that have not been disclosed publicly. Knowledge of new vulnerabilities gives cyber criminals a free pass to attack any target of their choosing, while remaining undetected. Unfortunately, these serious threats are difficult to analyze, because, in general, data is not available until after an attack is discovered... --------------------------------------------- http://users.ece.cmu.edu/~tdumitra/public_documents/bilge12_zero_day.pdf

1 0

Tageszusammenfassung - Mittwoch 17-10-2012
by Daily end-of-shift report 17 Oct '12

17 Oct '12

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 17-10-2012 18:00 − Mittwoch 17-10-2012 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** Kaspersky Lab Developing Its Own Operating System? We Confirm the Rumors, and End the Speculation! *** --------------------------------------------- "Today Id like to talk about the future. About a not-so-glamorous future of mass cyber-attacks on things like nuclear power stations, energy supply and transportation control facilities, financial and telecommunications systems, and all the other installations deemed critically important. Or you could think back to Die Hard 4 where an attack on infrastructure plunged pretty much the whole country into chaos...." --------------------------------------------- http://eugene.kaspersky.com/2012/10/16/kl-developing-its-own-operating-syst… *** Vuln: Oracle Java SE CVE-2012-5068 Remote Java Runtime Environment Vulnerability *** --------------------------------------------- Oracle Java SE CVE-2012-5068 Remote Java Runtime Environment Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/56076 *** Steam spawns vulnerabilities, say researchers *** --------------------------------------------- Gamers can be fragged by undocumented features A new security research outfit called ReVuln has presented its letter of introduction to the world in the form of a paper that analyses how the Steam protocol can expose gamers to attacks.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2012/10/17/steam_revul… *** Stürmischer Oktober-Patchday bei Oracle *** --------------------------------------------- xhtml --------------------------------------------- http://www.heise.de/security/meldung/Stuermischer-Oktober-Patchday-bei-Orac… *** New "Surveillance-Proof" App To Secure Communications Has Governments Nervous *** --------------------------------------------- "Lately, Mike Janke has been getting what he calls the hairy eyeball from international government agencies. The 44-year-old former Navy SEAL commando, together with two of the worlds most renowned cryptographers, was always bound to ruffle some high-level feathers with his new projecta surveillance-resistant communications platform that makes complex encryption so simple your grandma can use it. This week, after more than two years of preparation, the finished product has hit the --------------------------------------------- http://www.slate.com/articles/technology/future_tense/2012/10/silent_circle… *** Sicherheitsrisiko Steam *** --------------------------------------------- xhtml --------------------------------------------- http://www.heise.de/security/meldung/Sicherheitsrisiko-Steam-1731296.html/f… *** Next-Generation Malware: Changing The Game In Securitys Operations Center *** --------------------------------------------- "In a quiet, secluded spot, a malware author is creating a new piece of code that no antivirus tool has ever seen before. Its not a particularly creative exploit -- just a slight tweak on an existing Trojan -- but it should be enough to bypass the signature-based defenses of the company hes targeting. Your company...." --------------------------------------------- http://www.darkreading.com/security-monitoring/167901086/security/security-…

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily October 2012