Daily September 2012

daily@lists.cert.at

2 participants
21 discussions

Tageszusammenfassung - Freitag 28-09-2012
by Daily end-of-shift report 28 Sep '12

28 Sep '12

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 27-09-2012 18:00 − Freitag 28-09-2012 18:00 Handler: Stephan Richter *** ISC Feature of the Week: Glossary, (Thu, Sep 27th) *** --------------------------------------------- Overview Our feature today is a page we just launched, the Glossary:Terms and Definitions page at https://isc.sans.edu/glossary.html! This page allows for browsing and list filtering of Computer and Security-related terms and definitions. There is also an API at https://isc.sans.edu/api/#glossary which Ill also detail below. We will soon be adding a Suggest a New Term or Definition form where you can contribute your thoughts to the list. --------------------------------------------- http://isc.sans.edu/diary.html?storyid=14188&rss *** Vuln: CoSoSys Endpoint Protector CVE-2012-2994 Predictable Password Generation Vulnerability *** --------------------------------------------- CoSoSys Endpoint Protector CVE-2012-2994 Predictable Password Generation Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/55570 *** Updated IEEE Statement on Security Incident *** --------------------------------------------- "We deeply regret the exposure of user IDs and passwords that we became aware of on 24 September 2012. We would like to take this opportunity to explain to our members and customers the circumstances under which the exposure occurred and provide assurances with respect to IEEEs security processes and policies. IEEE follows security best practices based on ISO and NIST standards...." --------------------------------------------- http://www.ieee.org/about/news/2012/27september_2012.html *** Adobe scrambles to revoke stolen cert *** --------------------------------------------- Malware signed as Adobe software Adobe has revealed an attack that compromised some of its software development servers, resulting in its code signing certificate being used to disguise malware as Adobe software. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2012/09/27/adobe_cert_… *** Cisco beseitigt angebliche DoS-Lücken *** --------------------------------------------- Acht Sicherheitslücken in Ciscos Router-Betriebssystem Cisco IOS beseitigt der Hersteller mit Updates, die zum fälligen halbjährlichen Patchday veröffentlicht wurden. Eine im Session Initiation Protocol (SIP) betrifft auch den Cisco Unified Communications Manager. Alle Lücken erlauben es nach Ciscos Einschätzung maximal, den betroffenen Dienst lahm zu legen. --------------------------------------------- http://www.heise.de/security/meldung/Cisco-beseitigt-angebliche-DoS-Luecken… *** Fast alle Hersteller von Steuercode-Problem in Android betroffen *** --------------------------------------------- Von der anfänglich Samsung zugeschriebenen Android-Steuercode-Schwachstelle sind anscheinend potenziell die meisten Smartphones und UMTS-Tablets betroffen, auf denen Ice Cream Sandwich (Version 4.0.x) oder eine ältere Android-Version läuft. Google hat den Code im Wählprogramm im Juli mit Version 4.1.1 aktualisiert, damit Steuercodes nicht mehr automatisch ausgeführt werden. --------------------------------------------- http://www.heise.de/security/meldung/Fast-alle-Hersteller-von-Steuercode-Pr…

1 0

Tageszusammenfassung - Donnerstag 27-09-2012
by Daily end-of-shift report 27 Sep '12

27 Sep '12

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 26-09-2012 18:00 − Donnerstag 27-09-2012 18:00 Handler: Stephan Richter Co-Handler: L. Aaron Kaplan *** Vuln: 389 Directory Server Access Bypass Vulnerability *** --------------------------------------------- 389 Directory Server Access Bypass Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/55690 *** Vuln: Zend Framework Multiple Cross Site Scripting Vulnerabilities *** --------------------------------------------- Zend Framework Multiple Cross Site Scripting Vulnerabilities --------------------------------------------- http://www.securityfocus.com/bid/55636 *** Do Reverse Proxies Provide Real Security? *** --------------------------------------------- "In the process of building / designing the infrastructure for a new project the following question was asked: shouldnt we use a reverse proxy to secure or protect the web servers? Of course the first question I asked myself is do reverse proxies provide real security? or is this a best / common practice that has been adopted without foundation?..." --------------------------------------------- http://www.infosecisland.com/documentview/22458-Do-Reverse-Proxies-Provide-… *** Maker of Smart-Grid Control Software Hacked *** --------------------------------------------- "The maker of an industrial control system designed to be used with so-called smart grid networks disclosed to customers last week that hackers had breached its network and accessed project files related to a control system used in portions of the electrical grid. Telvent, which is owned by Schneider Electric, told customers in a letter that on Sept. 10 it learned of the breach into its network. The attackers installed malicious software on the network and also accessed project files for --------------------------------------------- http://www.wired.com/threatlevel/2012/09/scada-vendor-telvent-hacked/ *** Cisco IOS Security Advisory Bundle - http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep12.html, (Thu, Sep 27th) *** --------------------------------------------- -Kevin -- ISC Handler on Duty (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. --------------------------------------------- http://isc.sans.edu/diary.html?storyid=14185&rss http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep12.html *** Netzbetreiber sehen Domain Name System durch Attacken zunehmend in Gefahr *** --------------------------------------------- Groß angelegte Attacken auf DNS-Server sind in den vergangenen Monaten sprunghaft angestiegen. Angriffe, die die Netze mit Datenraten von 50 bis 100 Gigabit/Sekunde in die Knie zwingen, seien an der Tagesordnung, sagte Paul Vixie, Gründer des Internet Systems Consortium (ISC). --------------------------------------------- http://www.heise.de/security/meldung/Netzbetreiber-sehen-Domain-Name-System… *** EU Banks Not Prepared for Attacks - Experts Cite Inadequate Controls, Information Sharing *** --------------------------------------------- "Website outages that so far have targeted five leading U.S. banks should serve as a warning to global institutions of cyberthreats to come. Yet, major European institutions are not prepared to prevent or respond to such attacks, according to fraud and security experts at the European Network and Information Security Agency and Barclays, one of the worlds leading banks."What I see so much in Europe, especially in the U.K., is that no one wants to talk about the attacks theyre... --------------------------------------------- http://www.bankinfosecurity.com/eu-banks-prepared-for-attacks-a-5144 *** [webapps] - Trend Micro Control Manager 5.5/6.0 AdHocQuery BlindSQL Injection (post-auth) *** --------------------------------------------- Trend Micro Control Manager 5.5/6.0 AdHocQuery BlindSQL Injection (post-auth) --------------------------------------------- http://www.exploit-db.com/exploits/21546 *** [webapps] - JAMF Casper Suite MDM CSRF Vulnerability *** --------------------------------------------- JAMF Casper Suite MDM CSRF Vulnerability --------------------------------------------- http://www.exploit-db.com/exploits/21545 *** Bugtraq: NGS00254 Patch Notification: Apple Mac OS X Lion USB Hub Class Hub Descriptor Arbitrary Code Execution *** --------------------------------------------- NGS00254 Patch Notification: Apple Mac OS X Lion USB Hub Class Hub Descriptor Arbitrary Code Execution --------------------------------------------- http://www.securityfocus.com/archive/1/524248 *** Bugtraq: XSS in OSSEC wui 0.3 *** --------------------------------------------- XSS in OSSEC wui 0.3 --------------------------------------------- http://www.securityfocus.com/archive/1/524247 *** Cyber Security Bulletin SB12-269 - Vulnerability Summary for the Week of September 17, 2012 *** --------------------------------------------- "High Vulnerabilities : adobe -- flash_playeranecms -- anecmsapple -- mac_os_xapple -- mac_os_xbananadance -- banana_dancebioinformatics -- ordersysMedium Vulnerabilities:apache -- wicketapache -- cxfapple -- safariapple -- mac_os_xapple -- iphone_osblairwilliams -- pretty_link_lite_pluginburnsy -- jbshop_pluginLow Vulnerabilities:63reasons -- supercronalex_barth -- dataalquimia -- managesitecisco -- ioscollectivecolors -- taxonomy_view_integrator_moduledmitry_loac -- taxotouch..." --------------------------------------------- http://www.us-cert.gov/cas/bulletins/SB12-269.html#top *** News, Technologies and Techniques: Why SSD Drives Destroy Court Evidence, and What Can Be Done About It: Part 1 *** --------------------------------------------- Solid State drives SSD introduced dramatic changes to the principles of computer forensics. Forensic acquisition of computers equipped with SSD storage is very different from how we used to acquire PCs using traditional magnetic media. read more --------------------------------------------- http://www.dfinews.com/article/why-ssd-drives-destroy-court-evidence-and-wh…

1 0

Tageszusammenfassung - Mittwoch 26-09-2012
by Daily end-of-shift report 26 Sep '12

26 Sep '12

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 25-09-2012 18:00 − Mittwoch 26-09-2012 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** Vuln: HP Application Lifecycle Management XGO.ocx Multiple Remote Code Execution Vulnerabilities *** --------------------------------------------- HP Application Lifecycle Management XGO.ocx Multiple Remote Code Execution Vulnerabilities --------------------------------------------- http://www.securityfocus.com/bid/55272 *** Espionage Hackers Target Watering Hole Sites *** --------------------------------------------- "Security experts are accustomed to direct attacks, but some of todays more insidious incursions succeed in a roundabout way by planting malware at sites deemed most likely to be visited by the targets of interest. New research suggests these so-called watering hole tactics recently have been used as stepping stones to conduct espionage attacks against a host of targets across a variety of industries, including the defense, government, academia, financial services, healthcare and utilities --------------------------------------------- http://krebsonsecurity.com/2012/09/espionage-hackers-target-watering-hole-s… *** QNX QCONN Remote Command Execution Vurnerability *** --------------------------------------------- Topic: QNX QCONN Remote Command Execution Vurnerability Risk: High Text:# Title : QNX QCONN Remote Command Execution Vurnerability # Version : QNX 6.5.0 >= , QCONN >= 1.4.207944 # Download: http://... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/ZxigkLQDTgU/WLB-20… *** Samba 3.6.3 remote root exploit *** --------------------------------------------- Topic: Samba 3.6.3 remote root exploit Risk: High Text:#!/usr/bin/python # # finding targets 4 31337z: # gdb /usr/sbin/smbd `ps auwx | grep smbd | grep -v grep | head -n1 | awk {... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/JMaQdgM9SUg/WLB-20… (Kommentar: aktuell ist Samba 3.6.8, manche Long-Term Distributionen wie Debian liefern aber noch älteres wie 3.5.6 aus) *** phpMyAdmin mit Backdoor *** --------------------------------------------- Zeitweise wurde über einen der offiziellen Download-Server eine manipulierte Version des Datenbankverwaltungstools verteilt, die ein Backdoor-Skript enthält. --------------------------------------------- http://www.heise.de/security/meldung/phpMyAdmin-mit-Backdoor-1717377.html/f… *** Schutz vor Fernlöschung von Samsung-Smartphones *** --------------------------------------------- Einige Samsung-Smartphones kann man durch eine präparierte Webseite oder spezielle SMS ohne Einwilligung des Besitzers aus der Ferne löschen, wie am gestrigen Dienstag bekannt wurde. In Googles App-Shop Google Play gibt es nun das kostenlose Tool NoTelURL von Jörg Voss, das dafür sorgt, dass die USSD-Steuercodes nicht mehr ohne Zutun des Nutzers ausgeführt werden. --------------------------------------------- http://www.heise.de/security/meldung/Schutz-vor-Fernloeschung-von-Samsung-S… *** More Java Woes, (Wed, Sep 26th) *** --------------------------------------------- A number of readers alerted us of news reports stating that new full sandbox escape vulnerabilities had been reported to Oracle. At this point, there are no details available as to the nature of these vulnerabilities, and there is no evidence that any of these vulnerabilities are exploited. However, it is widely known that Oracle is working on a substantial backlog of these vulnerabilities. It is still recommended to use Java with caution. Some best practices: - Uninstall Java if you dont need --------------------------------------------- http://isc.sans.edu/diary.html?storyid=14179&rss *** Malicious PhpMyAdmin Served From SourceForge Mirror *** --------------------------------------------- An anonymous reader writes with a bit of news about the compromised download of phpMyAdmin discovered on an sf.net mirror yesterday: "A malicious version of the open source Web-based MySQL database administration tool phpMyAdmin has been discovered on one of the official mirror sites of SourceForge, the popular online code repository for free and open source software. The file — phpMyAdmin-3.5.2.2-all-languages.zip — was modified to include a backdoor that allowed attackers to --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/15L5Bg-UnmY/malicious-phpmy… *** Vuln: libxml2 Unspecified Out-of-Bounds Remote Denial of Service Vulnerability *** --------------------------------------------- libxml2 Unspecified Out-of-Bounds Remote Denial of Service Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/51084

1 0

Tageszusammenfassung - Dienstag 25-09-2012
by Daily end-of-shift report 25 Sep '12

25 Sep '12

======================= = End-of-Shift report = ======================= Timeframe: Montag 24-09-2012 18:00 − Dienstag 25-09-2012 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** Book Review: Digital Forensics For Handheld Devices *** --------------------------------------------- benrothke writes "Todays handheld device is the mainframe of years past. An iPhone 5 with 64 GB of storage and the Apple A6 system-on-a-chip processor has more raw computing power entire data centers had some years ago. With billions of handheld devices in use worldwide, it is imperative that digital forensics investigators and others know how to ensure that the information contained in them, can be legally preserved if needed." Read on for the rest of Bens review. Read more of --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/fpv3Or7g974/book-review-dig… *** Schneier: We Dont Need SHA-3 *** --------------------------------------------- Trailrunner7 writes with this excerpt from Threatpost: "For the last five years, NIST, the government body charged with developing new standards for computer security, among other things, has been searching for a new hash function to replace the aging SHA-2 function. Five years is a long time, but this is the federal government and things move at their own pace in Washington, but NIST soon will be announcing the winner from the five finalists that were chosen last year. Despite the --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/fJ7xmIOdp-o/schneier-we-don… *** Java SE 5/6/7 critical security issue *** --------------------------------------------- Topic: Java SE 5/6/7 critical security issue Risk: High Text:Weve recently discovered yet another security vulnerability affecting all latest versions of Oracle Java SE software. The im... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/VECe3FilPLE/WLB-20… *** Samsung-Smartphones aus der Ferne löschbar *** --------------------------------------------- Der Sicherheitsexperte Ravi Borgaonkar hat auf der Hackerkonferenz Ekoparty demonstriert, dass man Android-Smartphones von Samsung, bei denen der Hersteller die Android-Version mit eigener Software angepasst hat, aus der Ferne auf Werkseinstellungen zurücksetzen kann. Kern des Angriffs ist eine Schwachstelle im Samsung-eigenen Wählprogramm, durch die einzelne Smartphone-Varianten ohne Rückfrage sogenannte USSD-Codes (Unstructured Supplementary Service Data) ausführen, die über speziell präparierte Links übergeben werden. Der Code *2767*3855# sorgt dafür, dass das Handy sofort mit dem Zurücksetzen beginnt. --------------------------------------------- http://www.heise.de/security/meldung/Samsung-Smartphones-aus-der-Ferne-loes… *** Data Breach Reveals 100k IEEE.org Members Plaintext Passwords *** --------------------------------------------- First time accepted submitter radudragusin writes "IEEE suffered a data breach which I discovered on September 18. For a few days I was uncertain what to do with the information and the data. Yesterday I let them know, and they fixed (at least partially) the problem. The usernames and passwords kept in plaintext were publicly available on their FTP server for at least one month prior to my discovery. Among the almost 100.000 compromised users are Apple, Google, IBM, Oracle and Samsung --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/HCjl46a-6mM/data-breach-rev…

1 0

Tageszusammenfassung - Montag 24-09-2012
by Daily end-of-shift report 24 Sep '12

24 Sep '12

======================= = End-of-Shift report = ======================= Timeframe: Freitag 21-09-2012 18:00 − Montag 24-09-2012 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** 1st It Security Industrial & Automation *** --------------------------------------------- "The IT Security & Industrial Automation 2012 on 13 and 14. 11. 2012 in Leipzig is the first conference of isits AG on protection of production and automation, which takes place in cooperation with escrypt GmbH and TV Rheinland...." --------------------------------------------- http://www.itsec-process.info/ *** Conference: Secure Communication for Energy Networks *** --------------------------------------------- "Focus of the second Conference Think smart - secure communication for energy networks, the issue of IT security is about smart energy, with particular emphasis in smart grids. With practical examples, current trends in the development, but also the security of smart technology and power grids are presented. Manufacturers of smart energy, utilities, and software quality assurance company manufacturers demonstrate the current situation with national and international pilot projects...." --------------------------------------------- http://www.thinksmart-energy.info/ *** Update - Sicherheitslücke in Microsofts Internet Explorer geschlossen *** --------------------------------------------- Umfangreiches Update veröffentlicht - auch eine Lücke im Flash-Player wurde behoben --------------------------------------------- http://text.derstandard.at/1348283691198/Sicherheitsluecke-in-Microsofts-In… *** Vuln: ZEN Load Balancer Multiple Security Vulnerabilities *** --------------------------------------------- ZEN Load Balancer Multiple Security Vulnerabilities --------------------------------------------- http://www.securityfocus.com/bid/55638 *** Google Go language gets used: For file-scrambling trojan, though *** --------------------------------------------- No-one sure why mobe rooter VXers like obscure lingo Virus writers are experimenting with Googles Go as a programming language for malware.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2012/09/24/google_go_t… *** IP-Adressverwaltung RIPE diskutiert Aktuelles zu DNS, IPv6, Routing *** --------------------------------------------- Seit dem heutigen Montag treffen sich in niederländischen Amsterdam Vertreter der am europäischen Adressverwalter RIPE beteiligten Unternehmen und Verbände zum 65. RIPE-Meeting. Die jährliche Tagung befasst sich bis zum Ende der Woche mit Vorträgen und Diskussionen zu aktuellen Entwicklungen bei der regionalen Internet Registry. Einige Themen wie das Domain Name System, das Internet Protocol Version 6 (IPv6) oder das Routing bearbeiten die Teilnehmer in Arbeitsgruppen während dieser Zeit. --------------------------------------------- http://www.heise.de/newsticker/meldung/IP-Adressverwaltung-RIPE-diskutiert-… *** Update für PostgreSQL 9.1 und 9.2 behebt kritische Fehler *** --------------------------------------------- Für die erst kürzlich veröffentlichte Version 9.2 der freien relationalen Datenbank PostgreSQL sowie für die Vorgängerversion 9.1 stehen Updates bereit, die zwei kritische Fehler beheben. Sie könnten zu beschädigten Datenbankindizes oder anderen Defekten führen, schreiben die Entwickler. --------------------------------------------- http://www.heise.de/newsticker/meldung/Update-fuer-PostgreSQL-9-1-und-9-2-b… *** Vuln: PHP CVE-2012-0057 Security Bypass Vulnerability *** --------------------------------------------- PHP CVE-2012-0057 Security Bypass Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/51806

1 0

Tageszusammenfassung - Freitag 21-09-2012
by Daily end-of-shift report 21 Sep '12

21 Sep '12

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 20-09-2012 18:00 − Freitag 21-09-2012 18:00 Handler: Stephan Richter *** Vuln: WebKit Multiple Unspecified Memory Corruption Vulnerabilities *** --------------------------------------------- WebKit Multiple Unspecified Memory Corruption Vulnerabilities --------------------------------------------- http://www.securityfocus.com/bid/55534 *** BitTorrent Users DDoS Websites Without Knowing *** --------------------------------------------- "Millions of BitTorrent users are unknowingly DDoSing websites because publishers of popular torrents mistakenly add website URLs as trackers. The DDoSes drag websites down and their operators have very few options to mitigate these attacks. But, thanks to a new BitTorrent protocol enhancement this is about to change...." --------------------------------------------- http://torrentfreak.com/bittorrent-users-ddos-websites-without-knowing-1209… *** Critical flaw exposes Oracle database passwords *** --------------------------------------------- Vuln leaves barn door open to brute-force attacks A security researcher says some versions of the Oracle database contain a vulnerability so serious that anyone with access to the server over a network can crack database passwords using a basic brute-force attack, given nothing more than the name of the database and a valid username.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2012/09/21/oracle_11g_… *** Vuln: Condor Multiple Security Bypass Vulnerabilities *** --------------------------------------------- Condor Multiple Security Bypass Vulnerabilities --------------------------------------------- http://www.securityfocus.com/bid/55632 *** Vuln: Red Hat Enterprise MRG Grid Multiple Remote Vulnerabilities *** --------------------------------------------- Red Hat Enterprise MRG Grid Multiple Remote Vulnerabilities --------------------------------------------- http://www.securityfocus.com/bid/55618 *** Will You Be More Secure if You Abandon Internet Explorer? *** --------------------------------------------- "The German government is urging people to abandon Internet Explorer to avoid zero-day attacks currently circulating in the wild. Microsoft is scrambling to develop a patch to address the problem. The dirty secret, though, is the attack relies on Java being present, so Java--not Internet Explorer--is the Achilles heel of this equation...." --------------------------------------------- http://www.cio.com/article/716711/Will_You_Be_More_Secure_if_You_Abandon_In…

1 0

Tageszusammenfassung - Donnerstag 20-09-2012
by Daily end-of-shift report 20 Sep '12

20 Sep '12

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 20-09-2012 08:00 − Donnerstag 20-09-2012 18:00 Handler: Stephan Richter Co-Handler: Matthias Fraidl *** Apple and Cisco Security Advisories (Thu, Sep 20th) *** --------------------------------------------- Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client The Cisco AnyConnect Secure Mobility Client is affected by multiple vulnerabilities. Advisory ID: cisco-sa-20120620-ac Apple security updates: APPLE-SA-2012-09-19-1 iOS 6 APPLE-SA-2012-09-19-2 OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update 2012-004 APPLE-SA-2012-09-19-3 Safari 6.0.1 Russ McRee | @holisticinfosec (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial --------------------------------------------- http://isc.sans.edu/diary.html?storyid=14143&rss *** Microsoft flickt kritische Internet-Explorer-Lücke *** --------------------------------------------- Microsoft hat ein Fix-it-Tool herausgegeben, mit dem die kritische Schwachstelle im Internet Explorer bis zum Erscheinen eines Patches provisorisch abgedichtet werden kann. Den endgültigen Patch will das Unternehmen ab dem morgigen Freitag über Windows Update verteilen, wie es in seinem Sicherheitsblog angekündigt hat. --------------------------------------------- http://www.heise.de/security/meldung/Microsoft-flickt-kritische-Internet-Ex… *** Sophos antivirus classifies its own update kit as malware *** --------------------------------------------- Fix issued swiftly, but naturally difficult to install! Sophos users woke up to mayhem on Thursday after the business-focussed antivirus firm released an update that classified itself and any other update utility as a virus. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2012/09/20/sophos_auto… *** IPv6: Nachholbedarf bei Sicherheitslösungen *** --------------------------------------------- Unternehmen sollten besonderes Augenmerk auf die IPv6-Fähigkeit bei Sicherheitssystemen legen. Konkret heißt das, dass sie beim Kauf von Sicherheits-Devices auf explizite IPv6-Unterstützung achten sollten. Dabei ist ein genauer Blick in die Featureliste wichtig, denn der Teufel steckt wie so oft im Detail, wie die dem Artikel zugrunde liegende Studie ergab. --------------------------------------------- http://www.heise.de/security/meldung/IPv6-Nachholbedarf-bei-Sicherheitsloes… *** Android Hacked Via NFC On the Samsung Galaxy S 3 *** --------------------------------------------- An anonymous reader writes with an item from The Next Web: "Security researchers participating in the Mobile Pwn2Own contest at the EuSecWest Conference in Amsterdam [Wednesday] demonstrated how to hack Android through a Near Field Communication (NFC) vulnerability. The 0day exploit was developed by four MWR Labs employees (two in South Africa and two in the UK) for a Samsung Galaxy S 3 phone running Android 4.0.4 (Ice Cream Sandwich). Two separate security holes were leveraged to --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/ZEgBeoGKrTk/android-hacked-…

1 0

Tageszusammenfassung - Mittwoch 19-09-2012
by Daily end-of-shift report 19 Sep '12

19 Sep '12

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 18-09-2012 18:00 − Mittwoch 19-09-2012 18:00 Handler: Stephan Richter Co-Handler: Otmar Lendl *** Bugtraq: NGS00268 Patch Notification: Symantec Messaging Gateway Out-of-band stored XSS - delivered by email *** --------------------------------------------- *** Bugtraq: NGS00267 Patch Notification: Symantec Messaging Gateway SSH with backdoor user account *** --------------------------------------------- *** Bugtraq: NGS00265 Patch Notification: Symantec Messaging Gateway - Unauthenticated detailed version disclosure *** --------------------------------------------- *** Bugtraq: NGS00263 Patch Notification: Symantec Messaging Gateway - Easy CSRF to add a backdoor-administrator *** --------------------------------------------- http://www.securityfocus.com/archive/1/524191 http://www.securityfocus.com/archive/1/524190 http://www.securityfocus.com/archive/1/524193 http://www.securityfocus.com/archive/1/524192 *** Microsoft will kritische IE-Lücke behelfsmäßig schließen *** --------------------------------------------- Microsoft will im Laufe der nächsten Tage ein Fix-it-Tool anbieten, das die kritische Internet-Explorer-Lücke behelfsmäßig abdichten soll, bis ein passender Patch bereitsteht. Dies gab das Unternehmen in seinem Sicherheitsblog bekannt. --------------------------------------------- http://www.heise.de/security/meldung/Microsoft-will-kritische-IE-Luecke-beh… *** Tagungsband zur Fachkonferenz D.A.CH Security 2012 *** --------------------------------------------- Auf der zweitägigen Arbeitskonferenz D.A.CH Security 2012 soll in zahlreichen Vorträgen ein umfassendes Bild des aktuellen Stands rund um IT-Sicherheit gezeichnet werden. Die Referentenbeiträge sind in einem Begleitband zur Tagung zusammengefasst. --------------------------------------------- http://www.heise.de/security/meldung/Tagungsband-zur-Fachkonferenz-D-A-CH-S… *** Pushdo botnets smokescreen traffic hits legitimate websites *** --------------------------------------------- Aargh, capn, the server be like to founder Cybercrooks behind the resilient Pushdo botnet are bombarding legitimate small websites with bogus traffic in order to camouflage requests to the zombie networks command and control servers.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2012/09/19/pushdo_spew… *** FreeSWITCH remote denial of service vulnerability *** --------------------------------------------- Topic: FreeSWITCH remote denial of service vulnerability Risk: Medium Text:"FreeSWITCH is a scalable open source cross-platform telephony platform designed to route and interconnect popular communicati... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/LWCK4QkOGzg/WLB-20… *** [webapps] - Spiceworks 6.0.00993 Multiple Script Injection Vulnerabilities *** --------------------------------------------- Spiceworks 6.0.00993 Multiple Script Injection Vulnerabilities --------------------------------------------- http://www.exploit-db.com/exploits/21392 *** New vicious UEFI bootkit vuln found for Windows 8 *** --------------------------------------------- Arr, tis typical: Redmond swabs lag behind OS X, again Security researchers have discovered security shortcomings in Windows 8 that create a means to infect the upcoming operating system with rootkit-style malware.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2012/09/19/win8_rootki…

1 0

Tageszusammenfassung - Dienstag 18-09-2012
by Daily end-of-shift report 18 Sep '12

18 Sep '12

======================= = End-of-Shift report = ======================= Timeframe: Montag 17-09-2012 18:00 − Dienstag 18-09-2012 18:00 Handler: Stephan Richter Co-Handler: Christian Wojner *** Finally; Google Chrome will support Do Not Track *** --------------------------------------------- "Google has finally added support for the DNT (Do Not Track) header to their latest developer build of Chrome. The modification is likely to make it into an official release of Googles popular web browser before the end of the year. Do Not Track is a feature that allows users to express a simple yes or no preference about being tracked online...." --------------------------------------------- http://nakedsecurity.sophos.com/2012/09/17/finally-google-chrome-will-suppo… *** ITU will Internet nicht kontrollieren *** --------------------------------------------- Die International Telecommunication Union (ITU) hat nach eigenen Angaben keinen Appetit auf die Kontrolle des Internets. Themen der im Dezember anstehenden World Conference on International Telecommunication (WCIT) seien vielmehr, Mobilfunkroamingkosten zu verringern, gegen den betrügerischen Missbrauch von Rufnummern anzugehen und ein investitionsfreundliches Klima für die Netze zu schaffen. --------------------------------------------- http://www.heise.de/newsticker/meldung/ITU-will-Internet-nicht-kontrolliere… *** Studie: Webentwickler testen zu wenig auf Sicherheitsfehler *** --------------------------------------------- Der Softwarehersteller Coverity berichtet in seinem "Software Security Risk Report", dass nur etwa zwei Fünftel der Unternehmen aus der Webentwicklungsbranche während der Entwicklung testen und mehr als die Hälfte darauf verzichtet, ihren Code vor den Integrationstests auf Fehler und Schwachstellen zu überprüfen. Daher komme es auch deswegen häufiger zu Sicherheitsvorfällen mit Webanwendungen, das verursache außerdem höhere Kosten. --------------------------------------------- http://www.heise.de/newsticker/meldung/Studie-Webentwickler-testen-zu-wenig… *** VNC-Sicherheitslücke: Apple reicht Bugfix für Remote Desktop 3.5.2 nach *** --------------------------------------------- Apple hat in der Nacht zum Dienstag Apple Remote Desktop Admin 3.5.3 online gestellt. Dabei handelt es sich um ein Bugfix-Update für die Fernwartungslösung, das eine problematische Sicherheitslücke behebt: Diese führte im Zusammenhang mit VNC-Servern von Drittanbietern dazu, dass die Funktion "Den gesamten Datenverkehr verschlüsseln" nicht griff. Dabei erfolgte auch keine Warnmeldung. --------------------------------------------- http://www.heise.de/security/meldung/VNC-Sicherheitsluecke-Apple-reicht-Bug… *** How I CRASHED my bank, stole PINs with a touch-tone phone *** --------------------------------------------- Security bods boast harks back to 1980s phreaking era Miscreants can crash or infiltrate banks and help desks touch-tone and voice-controlled phone systems with a single call, a security researcher warns.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2012/09/18/dtmf_phone_…

1 0

Tageszusammenfassung - Montag 17-09-2012
by Otmar Lendl 17 Sep '12

17 Sep '12

======================= = End-of-Shift report = ======================= Timeframe: Freitag 14-09-2012 18:00 − Montag 17-09-2012 18:00 Handler: Stephan Richter Co-Handler: Otmar Lendl *** Oracle BTM FlashTunnelService Remote Code Execution *** --------------------------------------------- Topic: Oracle BTM FlashTunnelService Remote Code Execution Risk: High Text:## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/26umQooi1WY/WLB-20… *** EFF Challenges Tracking-Services Patent Used to Threaten Cities Across the U.S. *** --------------------------------------------- "San Francisco - The Electronic Frontier Foundation (EFF) is challenging a dangerous patent used to wrongfully demand payment from cities and other municipalities that employ public tracking systems to tell transit passengers if their bus or train is on time. Today, EFF with the help of the Samuelson Law, Technology, and Public Policy Clinic at Berkeley Law, filed a request with the United States Patent and Trademark Office (USPTO), urging reexamination of the legitimacy of the ArrivalStar... --------------------------------------------- https://www.eff.org/press/releases/eff-challenges-tracking-services-patent-… *** Information Commissioner criticises dreamed up EU cookie directive *** --------------------------------------------- "The Information Commissioner Christopher Graham has questioned the effectiveness of the EU cookie directive, suggesting that it was "dreamed up by politicians in Brussels" without the appropriate market research to back it up. Speaking at the launch of a new report called The Data Dialogue by think tank Demos, Graham said that policies around the use of personal data by companies and public sector organisations need to be evidence-based...." --------------------------------------------- http://computerworld.co.nz/news.nsf/news/information-commissioner-criticise… *** Anonymous didnt steal from the FBI after all - new conspiracy theories needed! *** --------------------------------------------- "A techie named David Schuetz at security consultancy Intrepidus Group has done something so obvious, so simple, and so tellingly useful, that Im going to go all out and call it a stroke of genius. A week ago, a person called Anonymous published one-million-and-one stolen Apple device IDs. (Theres always room for numerological whimsy in hacking circles.)This Anonymous person then blamed the FBI - crimes are always someone elses fault if youre a hacker - by claiming that the data was stolen... --------------------------------------------- http://nakedsecurity.sophos.com/2012/09/11/fbi-data-leak-of-apple-udids-cam… *** Vuln: ISC DHCP IPv6 Lease Expiration Handling Denial of Service Vulnerability *** --------------------------------------------- ISC DHCP IPv6 Lease Expiration Handling Denial of Service Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/55530 *** Vuln: Novell GroupWise Internet Agent CVE-2012-0271 Remote Integer Overflow Vulnerability *** --------------------------------------------- Novell GroupWise Internet Agent CVE-2012-0271 Remote Integer Overflow Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/55551

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily September 2012