=======================
= End-of-Shift report =
=======================
Timeframe: Montag 08-10-2012 18:00 − Dienstag 09-10-2012 18:00
Handler: Matthias Fraidl
Co-Handler: L. Aaron Kaplan
*** Studie: Cybercrime verursacht deutschen Unternehmen Millionenschäden ***
---------------------------------------------
Datendiebstahl, Computerviren und Web-Attacken verursachen in einem deutschen Großunternehmen laut einer Studie von Hewlett-Packard jährlich einen Schaden von durchschnittlich 4,8 …
[View More]Millionen Euro. Deutschland liegt damit zwischen den USA (6,9 Millionen Euro) und Japan (3,9 Millionen Euro), wie das IT-Unternehmen am Montag in Büblingen bei Stuttgart mitteilte.
---------------------------------------------
http://www.heise.de/security/meldung/Studie-Cybercrime-verursacht-deutschen…
*** Trojan disguised as image delivered via Skype messages ***
---------------------------------------------
"The spamming campaign has surfaced in the last few days and is being propagated via compromised Skype accounts. The offered links dont lead to an image, but to a malicious executable (skype_02102012_image. exe) posing as one...."
---------------------------------------------
http://www.net-security.org/malware_news.php?id=2285
*** Bing is the most heavily poisoned search engine, study says ***
---------------------------------------------
Bing search results are more affected by poisoning than those of other search engines, according to a study by SophosLabs.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/10/08/bing_worst_…
*** Critical Adobe Flash Player Update Nixes 25 Flaws ***
---------------------------------------------
Adobe has issued an update for its Flash Player software that fixes at least 25 separate security vulnerabilities in the widely-installed program. The company also pushed out a security patch for its Adobe AIR software.
---------------------------------------------
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/MKdBYW3I3dQ/
*** Surprise! Microsoft patches latest IE10 Flash vulns on time ***
---------------------------------------------
Issues fixes same day as Adobes patch Microsoft surprised Windows 8 and Windows Server 2012 users on Monday by issuing a patch that fixes 25 security vulnerabilities found in the Adobe Flash Player component of Internet Explorer 10, mere hours after Adobe issued its own patch for the Flash Player plug-in used by other browsers.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/10/09/ms_ontime_i…
*** Facebook: Lücke bei Telefonnummern-Suche ***
---------------------------------------------
Durch eine unbeschränkte Abfrage über die Mobil-Webseite und eine offene Voreinstellung für Nutzer können mit Leichtigkeit Personen-Listen samt dazugehöriger Telefonnummern generiert werden, zeigen Sicherheits-Forscher auf. Sie rufen Nutzer zum überprüfen ihrer Auffindbarkeits-Einstellungen auf.
---------------------------------------------
http://futurezone.at/digitallife/11783-facebook-luecke-bei-telefonnummern-s…
*** Flaws Allow Every 3G Device To Be Tracked ***
---------------------------------------------
mask.of.sanity writes "New privacy threats have been uncovered by security researchers that could allow every device operating on 3G networks to be tracked. The vulnerabilities could be exploited with cheap commercial off-the-shelf technology to reveal the location of phones and other 3G-capable devices operating on all 3G compliant networks. It was similar, but different, to previous research that demonstrated how attackers could redirect a victims outgoing traffic to different
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/NPPj-sqeBcM/flaws-allow-eve…
*** Plugin - PrivacyFix für Google Chrome regelt Privatsphäre-Einstellungen ***
---------------------------------------------
Facebook, Google und zahlreiche Websites: Mit PrivacyFix soll man den Überblick behalten
---------------------------------------------
http://text.derstandard.at/1348285489060/PrivacyFix-fuer-Google-Chrome-rege…
*** HTTPS Everywhere unterstützt mehr Websites ***
---------------------------------------------
Die Electronic Frontier Foundation (EFF) hat eine neue Version ihrer Browser-Erweiterung HTTPS Everywhere veröffentlicht. Version 3.0 unterstütze jetzt verschlüsselte Verbindungen zu noch mehr Websites. Neben der stabilen Version für Firefox ist auch eine Entwicklerversion für Google Chrome und Chromium verfügbar.
---------------------------------------------
http://www.heise.de/security/meldung/HTTPS-Everywhere-unterstuetzt-mehr-Web…
*** Windows XP doppelt so oft infiziert wie Windows 7 ***
---------------------------------------------
Im Microsoft Security Intelligence Report für das erste Halbjahr 2012 bilanziert der Betriebssystemhersteller, dass er rund doppelt so oft Schädlinge von Systemen mit Windows XP kratzen musste wie bei Windows 7 oder auch Vista. Bei rund einem Prozent der Durchläufe des Malicious Software Removal Tools (MSRT) auf Windows XP entdeckte der rudimentäre Scanner eine Infektion (9,5 von 1000); bei den neueren Windows-Versionen liegt diese Infektionsrate lediglich bei etwa 0,5 Prozent.
---------------------------------------------
http://www.heise.de/security/meldung/Windows-XP-doppelt-so-oft-inifiziert-w…
*** Practical IT: What is your companys threat response strategy? ***
---------------------------------------------
"Weve recently seen some pretty high-profile vulnerabilities in Java and Internet Explorer. In both cases the issues became widely publicised before a patch was available after evidence emerged of in-the-wild exploitation by criminals. As someone looking after IT for your company, how do you react to reports like this?..."
---------------------------------------------
http://nakedsecurity.sophos.com/2012/10/09/it-departments-threat-response-s…
*** Bugtraq: Team SHATTER Security Advisory: Java Operating System command execution ***
---------------------------------------------
Team SHATTER Security Advisory: Java Operating System command execution
---------------------------------------------
http://www.securityfocus.com/archive/1/524336
*** Avaya IP Office Customer Call Reporter Command Execution ***
---------------------------------------------
Topic: Avaya IP Office Customer Call Reporter Command Execution Risk: High Text: This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/za7W7e-s5xI/WLB-20…
[View Less]
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 05-10-2012 18:00 − Montag 08-10-2012 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
*** Reports of a Distributed Injection Scan, (Fri, Oct 5th) ***
---------------------------------------------
We have received a report of a large distributed SQL Injection Scan from a reader. Behavior of scan is being reported as 9000+ Unique IPv4 Addresses and sends 4-10 requests to lightly fuzz the …
[View More]form field. Then the next IP will lightly fuzz the second form field within the same page and the next IP the next form field.Looks to be targeting MSSQL and seeking version. The reader reports that this scan has been going on for several days. Sample Payload:
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=14251&rss
*** Vuln: Ruby error.c Multiple Security Bypass Vulnerabilities ***
---------------------------------------------
Ruby error.c Multiple Security Bypass Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/bid/55757
*** Over 82,000 Chrome Users Install Ad Injector Along with Fake Bad Piggies Game ***
---------------------------------------------
"Barracuda Labs experts have identified a number of shady plugins hosted on Google Chromes web store, being advertised as the free online version of Bad Piggies. However, during installation, the plugins request permission to access data on all websites. This allows them to inject advertisements into several high-ranked sites, such as Yahoo!...."
---------------------------------------------
http://news.softpedia.com/news/Over-82-000-Chrome-Users-Install-Ad-Injector…
*** Update to Security Advisory: Adobe Revokes Code Signing Certificate (APSA12-01) ***
---------------------------------------------
Following up on our communication from September 27, 2012, we have now revoked the Adobe code signing certificate for all code signed after July 10, 2012 (00:00 GMT). We have updated the Security Advisory (APSA12-01) to reflect this action. This posting is provided “AS IS” with no warranties and confers no rights.
---------------------------------------------
http://blogs.adobe.com/psirt/2012/10/update-to-security-advisory-adobe-revo…
*** Windows Escalate UAC Protection Bypass ***
---------------------------------------------
Topic: Windows Escalate UAC Protection Bypass Risk: High Text:## # $Id$ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial r...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/M58qqKeG-j8/WLB-20…
*** Flame fallout: Microsoft encryption deadline looms Tuesday ***
---------------------------------------------
"Starting Tuesday Microsoft platforms will block the use of encryption keys less than 1024 bits so businesses that are still using weaker keys better get busy. Changing the keys the Microsoft software uses isnt that tricky, but finding all the customer and third-party software in corporate networks that use smaller keys could require some searching. Users should download the update and test whether it breaks connections with existing applications before putting it into full production,
---------------------------------------------
http://www.csoonline.com/article/718070/flame-fallout-microsoft-encryption-…
*** Govt to build global cyber security centre ***
---------------------------------------------
"Hague announces plan for new cyber security centre to guard against cyber attack and offer nations advice on improving their cyber defences Foreign secretary William Hague has announced that the government is planning to build a new global cyber security centre of excellence aimed at helping developing nations combat cyber crime. Speaking yesterday at the Budapest Conference on Cyberspace, Hague said the government will invest 2 million per year on the Centre for Global Cyber-Security
---------------------------------------------
http://www.information-age.com/channels/security-and-continuity/news/212663…
*** Most of the Mass Distributed Malware in Q3 2012 Were Banking Trojans, Study Finds ***
---------------------------------------------
"Every once in a while we like to take a look at the quarterly reports issued by security companies to see how the threat landscape evolves. This time well analyze the figures and key findings of Solutionary Security Engineering Research Teams (SERT) Q3 2012 Quarterly Research Report. The figures from the study reveal that malware developers are getting better and better at hiding their creations from antivirus software...."
---------------------------------------------
http://news.softpedia.com/news/Most-of-the-Mass-Distributed-Malware-in-Q3-2…
*** Mozilla To Bug Firefox Users With Old Adobe Reader, Flash, Silverlight ***
---------------------------------------------
An anonymous reader writes "Mozilla today announced it will soon start prompting Firefox users to upgrade select old plugins. This will only affect Windows users, and three plugins: Adobe Reader, Adobe Flash, and Microsoft Silverlight. Mozilla says Firefox users will soon see a notification urging them to update when they visit a web page that uses the plugins." Read more of this story at Slashdot.
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/YH6pPZWcwYk/mozilla-to-bug-…
*** Fake Panda Cloud Antivirus Hides Data-Stealing Dark Angel Trojan ***
---------------------------------------------
"The fake Panda Cloud Antivirus has been found to hide a nasty Trojan called DarkAngle which is designed to steal sensitive details such as passwords and online banking details. Once its executed, the malicious element logs all the commands entered by the victim and sends them back to a command and control server. To make sure that it can harvest as much information as possible, the threat is loaded each time the computer is rebooted...."
---------------------------------------------
http://news.softpedia.com/news/Fake-Panda-Cloud-Antivirus-Hides-Data-Steali…
*** Tablet security study finds BlackBerry still good for something ***
---------------------------------------------
iPad,Galaxy Tab and PlayBook face off in BYOD probe A technology audit has identified security failings in three of the most popular tablets, raising concerns about the security implications of allowing workers to use their personal technology at work.…
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/10/05/tablet_secu…
*** Bank Hacks: 7 Misunderstood Facts ***
---------------------------------------------
"Whos behind the recent online attacks against multiple financial institutions including Bank of America, JPMorgan Chase, PNC, U.S. Bank, and Wells Fargo? In recent weeks, all have bit hit by large-scale distributed denial-of-service (DDoS) attacks. Cue website outages and customer outrage...."
---------------------------------------------
http://www.informationweek.com/security/attacks/bank-hacks-7-misunderstood-…
*** ‘Project Blitzkrieg’ Promises More Aggressive Cyberheists Against U.S. Banks ***
---------------------------------------------
Last week, security firm RSA detailed a new cybecriminal project aimed at recruiting 100 botmasters to help launch a series of lucrative online heists targeting 30 U.S. banks. RSAs advisory focused primarily on helping financial institutions prepare for an onslaught of more sophisticated e-banking attacks, and has already received plenty of media attention. Im weighting in on the topic because their analysis seemed to merely scratch the surface of a larger enterprise that speaks volumes about
---------------------------------------------
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/aCWwJrPN238/
*** Botnetz kartographiert das gesamte Internet ***
---------------------------------------------
xhtml
---------------------------------------------
http://www.heise.de/security/meldung/Botnetz-kartographiert-das-gesamte-Int…
[View Less]
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 04-10-2012 18:00 − Freitag 05-10-2012 18:00
Handler: Matthias Fraidl
Co-Handler: Robert Waldner
*** Microsoft Security Bulletin Advance Notification for October 2012 ***
---------------------------------------------
"This is an advance notification of security bulletins that Microsoft is intending to release on October 9, 2012. This bulletin advance notification will be replaced with the …
[View More]October bulletin summary on October 9, 2012. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification...."
---------------------------------------------
http://technet.microsoft.com/en-us/security/bulletin/ms12-oct
*** Linux 3.7 Kernel To Support Multiple ARM Platforms ***
---------------------------------------------
hypnosec writes with news that the Linux 3.7 kernel will support multiple ARM-based System on Chip platforms (Git commit page), writing "Up until now there has been a separate Linux kernel build for each of the ARM platforms or SoCs, which is one of the several problems when it comes to ARM based Linux. The merging of ARM multi-platform support into Linux 3.7 will put an end to this problem, enabling the new kernel to not only target multiple platforms but also be more in line with its x86
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/CCv0Hi9ZkWM/linux-37-kernel…
*** No Surprise - Ransomware On the Rise ***
---------------------------------------------
"McAfees latest Threats Report shows a 1. 5 million increase in malware since last quarter. 2012 is in fact, far and away the busiest year ever for malware with an estimated total of 100 million malware samples worldwide by Q3 2012...."
---------------------------------------------
http://www.infosecisland.com/blogview/22511-No-Surprise-Ransomware-On-the-R…
*** Sybase ASE 15.x Java Command Execution ***
---------------------------------------------
Topic: Sybase ASE 15.x Java Command Execution Risk: High Text: --BEGIN PGP SIGNED MESSAGE -- Hash: SHA1 AppSecInc Team SHATTER Security Advisory Java Operating System command executi...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/bHOU9UjsTIM/WLB-20…
*** Botnet Spotted Silently Scanning IPv4 Address Space For Vulnerable VoIP ***
---------------------------------------------
"A large peer-to-peer botnet known for its resilience was spotted sniffing out potential victim voice-over-IP (VoIP) servers using an advanced stealth technique of camouflaging its efforts to recruit new bots. The Sality botnet, which was first discovered in 2003 and has been estimated to have hundreds of thousands or more infected machines in its zombie army, scanned IPv4 addresses in February 2011 via a covert scanning method that flew under the radar, according to new research from the
---------------------------------------------
http://www.darkreading.com/threat-intelligence/167901121/security/vulnerabi…
*** Facebook scannt private Nachrichten ***
---------------------------------------------
Wenn ein Link zu einer Webseite, die einen Facebook Like-Button eingebunden hat, in einer privaten Nachricht versendet wird, erhöht sich der Like-Zähler. Das bedeutet, dass die Inhalte der Nachrichten von Facebook gescannt werden müssen.
---------------------------------------------
http://futurezone.at/digitallife/11724-facebook-scannt-private-nachrichten.…
*** VMWare Security Advisory: VMSA-2012-0014 - http://www.vmware.com/security/advisories/VMSA-2012-0014.html, (Fri, Oct 5th) ***
---------------------------------------------
Richard Porter --- ISC Handler on Duty (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=14242&rss
*** Visualizing the ZeroAccess botnet in Google Earth ***
---------------------------------------------
"The ZeroAccess botnet is a very widespread malware threat that has been infecting computers around the world for years. Its estimated that the current version of ZeroAccess has been installed over nine million times, with roughly one million PCs still infected. The folks at F-Secure have plotted nearly 140,000 infections on Google Earth, based on the IP address of the infected computer, and the result is an amazing (and rather scary) map...."
---------------------------------------------
http://www.gearthblog.com/blog/archives/2012/10/visualizing_the_zeroaccess_…
*** Cyber crooks should make you very nervous ***
---------------------------------------------
"Federal undercover agents are resorting to show and tell to combat a growing menacecriminal hackers. The Justice Department has been making headlines by publicizing prosecutions, disclosing investigative techniques and revealing findings before clinching guilty verdicts. Sure, calling attention to charges and arrests could discourage digital invaders...."
---------------------------------------------
http://www.nextgov.com/cybersecurity/2012/10/cyber-crooks-should-make-you-v…
*** Vuln: Oracle Enterprise Manager for Oracle Database CVE-2012-1737 Multiple SQL Injection Vulnerabilities ***
---------------------------------------------
Oracle Enterprise Manager for Oracle Database CVE-2012-1737 Multiple SQL Injection Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/bid/54569
*** lost+found: Vom Versuch eine Ente wieder einzufangen ***
---------------------------------------------
Das Magazin hakin9 ist einem Troll-Versuch aufgesessen und hat einen peinlichen Nonsens-Artikel veröffentlicht: Nmap: The Internet Considered Harmful - DARPA Inference Cheking Kludge Scanning (man beachte die Abkürzung DICKS). Angesichts prominenter Autoren, deren Namen sich wie ein Who-is-Who der Security-Szene lesen, fiel offensichtlich niemandem mehr auf, dass Sätze wie "NMAP requires root access in order to allow B-trees" absolut keinen Sinn ergeben.
---------------------------------------------
http://www.heise.de/security/meldung/lost-found-Vom-Versuch-eine-Ente-wiede…
*** "Universal Man in the Browser": Datenklau in Echtzeit ***
---------------------------------------------
Die amerikanische Sicherheitsfirma Trusteer hat eine neue Form der "Man in the Browser"-Attacke (MitB) ausgemacht, die niederschwelliger und effizienter als bereits bekannte MitB sein soll. Das Besondere an dem Spionageprogramm ist die eingebaute Logik, die es erlaubt, die gestohlenen Daten in Echtzeit auszuwerten und möglichst schnell einem Weiterverkauf zugänglich zu machen. Trusteer nennt diese neue Form 'Universal Man in the Browser' (uMitB).
---------------------------------------------
http://www.heise.de/security/meldung/Universal-Man-in-the-Browser-Datenklau…
*** Blacklist RFC-Ignorant.org stellt den Betrieb ein ***
---------------------------------------------
Postmaster und andere Netz-Administratoren sollten RFC-Ignorant.org umgehend aus ihren Server-Konfigurationen entfernen. Die Meldestelle gegen Netzmissbrauch beantwortet bereits sämtliche Anfragen mit "Eintrag nicht vorhanden".
---------------------------------------------
http://www.heise.de/security/meldung/Blacklist-RFC-Ignorant-org-stellt-den-…
[View Less]
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 03-10-2012 18:00 − Donnerstag 04-10-2012 18:00
Handler: Matthias Fraidl
Co-Handler: Robert Waldner
*** IETF Starts Work On Next-Generation HTTP Standards ***
---------------------------------------------
alphadogg writes "With an eye towards updating the Web to better accommodate complex and bandwidth-hungry applications, the Internet Engineering Task Force has started work on the next generation …
[View More]of HTTP, the underlying protocol for the Web. The HTTP Strict Transport Security (HSTS), is a security protocol designed to protect Internet users from hijacking. The HSTS is an opt-in security enhancement whereby web sites signal browsers to always communicate with it over a secure connection. If
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/JocJDH2CeQw/ietf-starts-wor…
*** Microsoft wins permanent settlement against Nitol botnet ***
---------------------------------------------
"Microsoft has won a battle to permanently disrupt a haven for the Nitol botnet that it discovered within an Internet domain controlled by a Chinese ISP. The company has signed a private settlement that Peng Yong and Changzhou Bei Te Kang Mu Software Technology Co., Ltd., will block all connections to designated malicious subdomains of the 3322. org domain controlled by Peng and Bei Te Kang Mu Software...."
---------------------------------------------
http://www.csoonline.com/article/717879/microsoft-wins-permanent-settlement…
*** Google Glass, Augmented Reality Spells Data Headaches ***
---------------------------------------------
Nervals Lobster writes "Google seems determined to press forward with Google Glass technology, filing a patent for a Google Glass wristwatch. As pointed out by CNET, the timepiece includes a camera and a touch screen that, once flipped up, acts as a secondary display. In the patent, Google refers to the device as a smart-watch. Whether or not a Google Glass wristwatch ever appears on the marketplace � just because a tech titan patents a particular invention doesnt mean its bound for
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/lVDzxD_8kXY/google-glass-au…
*** How to Protect against Denial of Service Attacks: Refresher ***
---------------------------------------------
"With all of the information about DoS attacks in recent months, it is easy to blame banks and say that they didnt have the proper security controls in place to withstand this type of attack, but in reality things are not that simple. So, how does this happen? Is it preventable?..."
---------------------------------------------
http://www.infosecisland.com/blogview/22518-How-to-Protect-against-Denial-o…
*** Europe joins forces in Cyber Europe 2012 ***
---------------------------------------------
"Today, more than 300 cyber security professionals across Europe join forces to counter a massive simulated cyber-attack in the 2nd pan-European Cyber Exercise, Cyber Europe 2012. The exercise builds on and ties together extensive activities at both the national and European level to improve the resilience of critical information infrastructures. As such, Cyber Europe 2012 is a major milestone in the efforts to strengthen cyber crisis cooperation, preparedness and response across
---------------------------------------------
http://www.enisa.europa.eu/media/press-releases/europe-joins-forces-in-cybe…
*** Neue Oracle-Hacks ***
---------------------------------------------
Die Sicherheitsexperten Laszlo Toth und Ferenc Spala haben im Rahmen der Konferenz DerbyCon 2.0 eine Reihe von zum Teil neuartigen Angriffen auf Oracle-Datenbanken und SQL-Server vorgestellt und dabei auch gleich die entsprechenden Werkzeuge dazu ver�ffentlicht.
---------------------------------------------
http://www.heise.de/security/meldung/Neue-Oracle-Hacks-1722784.html/from/at…
*** Middle East cyberattacks on Google users increasing ***
---------------------------------------------
"Here we go again. Three months after it first began warning users of state-sponsored cyber attacks, Google is saying that the assault has only intensified. The New York Times reports that since it began warning users of state-sponsored attacks, "it has picked up thousands more instances of cyberattacks than it anticipated." Many of the attacks appear to be originating in the Middle East...."
---------------------------------------------
http://news.cnet.com/8301-1009_3-57525334-83/middle-east-cyberattacks-on-go…
*** Gut choreografierte dDoS-Attacken gegen US-Gro�banken ***
---------------------------------------------
Mehrere US-Gro�banken, unter anderem Wells Fargo, PNC Financial Service Group, U.S. Bancorp, Citigroup, JPMorgan und Bank of America, sahen sich in den letzten Tagen einer Vielzahl von professionell gef�hrten DDoS-Attacken ausgesetzt.
---------------------------------------------
http://www.heise.de/security/meldung/Gut-choreografierte-dDoS-Attacken-gege…
*** Bugtraq: [security bulletin] HPSBMU02817 SSRT100950 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Disclosure of Information ***
---------------------------------------------
[security bulletin] HPSBMU02817 SSRT100950 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Disclosure of Information
---------------------------------------------
http://www.securityfocus.com/archive/1/524302
[View Less]
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 02-10-2012 18:00 − Mittwoch 03-10-2012 18:00
Handler: Matthias Fraidl
Co-Handler: Otmar Lendl
*** SHA-3 Winner Announced ***
---------------------------------------------
An anonymous reader writes "The National Institute of Standards and Technology (NIST) has just announced the winner of the SHA-3 competition: Keccak, created by Guido Bertoni, Joan Daemen and Gilles Van Assche of …
[View More]STMicroelectronics and Michaël Peeters of NXP Semiconductors. Keccak has the added advantage of not being vulnerable in the same ways SHA-2 might be, says NIST computer security expert Tim Polk. An attack that could work on SHA-2 most likely would not work on Keccak because
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/eoZNXkbqy3w/sha-3-winner-an…
*** Twitter account hijacking exposes easy-to-exploit security flaw ***
---------------------------------------------
"The hijacking of the Twitter account that belongs to user Daniel Dennis Jones and his subsequent investigation into the matter has revealed a Twitter security weakness that makes it easy for hackers to do the same to all users that employ short and uninventive passwords, reports BuzzFeed. Over the weekend Jones - an early Twitter adopter who managed to snag himself the @blanket Twitter account - was unpleasantly surprised when he received an email from Twitter telling him his password had
---------------------------------------------
http://www.net-security.org/secworld.php?id=13708
*** Handshakes Professional 4.1 SQL Injection ***
---------------------------------------------
Topic: Handshakes Professional 4.1 SQL Injection Risk: Medium Text:HTTPCS Advisory : HTTPCS70 Product : Handshakes Professional Version : 4.1 Date : 2012-10-01 Criticality level : Highly Cri...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/AGsJ6_RuY30/WLB-20…
*** Microsoft Reaches Settlement with Site Linked to Nitol Botnet ***
---------------------------------------------
"Microsoft announced today its reached a settlement with the operator of a Chinese Web site whose domain and sub-domains hosted more than 500 kinds of malware, including the Nitol botnet found on brand new computers. In a lawsuit filed two weeks ago by the software giant, Microsoft alleged the domain 3322. org hosted Nitol, which was found being preloaded onto computers during an investigation into supply chain security last August...."
---------------------------------------------
http://threatpost.com/en_us/blogs/microsoft-reaches-settlement-site-linked-…
*** Sicherheit - Iran: Cyberattacken kappen Internetzugang ***
---------------------------------------------
Infrastruktur wurden mit mehreren Gigabyte pro Sekunde bombardiert
---------------------------------------------
http://derstandard.at/1348284881692/Iran-Cyberattacken-kappen-Internetzugang
[View Less]
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 01-10-2012 18:00 − Dienstag 02-10-2012 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
*** SQL Injection bei Trend Micro Control Manager ***
---------------------------------------------
Ein Update beseitigt eine SQL-Injection-Lücke in Trends Security-Management-Plattform.
---------------------------------------------
http://www.heise.de/security/meldung/SQL-Injection-bei-Trend-Micro-…
[View More]Control-…
*** Cisco CallManager vulnerable to brute force attack ***
---------------------------------------------
"Roberto Suggi Liverani, founder of the OWASP (Open Web Application Security Project) New Zealand chapter discover a vulnerability in Cisco CallManager AKA Unified Communications Manager. It is a software-based call-processing system developed by Cisco Systems. He described on his blog security review, I have found a quick way to perform PIN brute force attack against accounts registered with a Cisco Unified Communications Manager (CallManager)...."
---------------------------------------------
http://thehackernews.com/2012/10/cisco-callmanager-vulnerable-to-brute.html
*** Expert fingers DDoS toolkit used in bank cyberattacks ***
---------------------------------------------
"Cyberattackers who disrupted the websites of U.S. banks over the last two weeks used a highly sophisticated toolkit -- a finding that points to a well-funded operation, one security vendor said on Monday. Prolexic Technologies said the distributed denial of service (DDoS) toolkit called itsoknoproblembro was used against some of the banks which included Wells Fargo, U.S. Bank, PNC Bank, Bank of America and JPMorgan Chase. Each of the banks was struck on separate days...."
---------------------------------------------
http://www.csoonline.com/article/717727/expert-fingers-ddos-toolkit-used-in…
*** IBM Lotus Notes Traveler 8.5.3 XSS & CSRF & Brute Force ***
---------------------------------------------
Topic: IBM Lotus Notes Traveler 8.5.3 XSS & CSRF & Brute Force Risk: Low Text:I want to warn you about Brute Force, Cross-Site Scripting, Cross-Site Request Forgery and Redirector vulnerabilities in IBM ...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/Gq2FiubAbh0/WLB-20…
*** Switchvox Asterisk 5.1.2 Cross Site Scripting ***
---------------------------------------------
Topic: Switchvox Asterisk 5.1.2 Cross Site Scripting Risk: Low Text:Title: Switchvox Asterisk v5.1.2 - Multiple Web Vulnerabilities Date: == 2012-09-10 References: == http...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/KtK8D-i6E-o/WLB-20…
*** OPlayer 2.0.05 iOS Cross Site Scripting ***
---------------------------------------------
Topic: OPlayer 2.0.05 iOS Cross Site Scripting Risk: Low Text:Title: OPlayer v2.0.05 iOS - Multiple Web Vulnerabilities Date: == 2012-10-01 References: == http://www....
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/NytSNRlZ814/WLB-20…
*** GTA UTM Firewall GB 6.0.3 Cross Site Scripting ***
---------------------------------------------
Topic: GTA UTM Firewall GB 6.0.3 Cross Site Scripting Risk: Low Text:Title: GTA UTM Firewall GB 6.0.3 - Multiple Web Vulnerabilities Date: == 2012-09-10 References: == http:...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/vljvCj4a1PU/WLB-20…
*** DDoS attacks reach new level of sophistication ***
---------------------------------------------
"Prolexic Technologies warned of an escalating threat from unusually large and highly sophisticated DDoS attacks. The DDoS attacks have been launched in the last week using the so-called itsoknoproblembro DDoS toolkit. The malicious actor(s) behind the attacks have used this potent tool in conjunction with sophisticated attack methods that clearly demonstrate knowledge of common DDoS mitigation methods...."
---------------------------------------------
http://www.net-security.org/secworld.php?id=13704
*** How a single spam from China ended up as an attack on the White House ***
---------------------------------------------
"FoxNews leads today with a dramatic story entitled "Washington confirms Chinese hack attack on White House computer."In other important news, experts confirmed that there was a "high probability" that tomorrow, 03 October 2012, due to the rotation of the earth on its axis, the sun would once again give the impression of rising in the East. They also claimed that dinosaurs would "in all likelihood" continue in their state of alleged extinction.(You read it
---------------------------------------------
http://nakedsecurity.sophos.com/2012/10/02/how-a-single-spam-from-china-end…
*** Bugtraq: CVE-2012-3819: Stack Overflow in DartWebserver.dll <= 1.9 ***
---------------------------------------------
CVE-2012-3819: Stack Overflow in DartWebserver.dll <= 1.9
---------------------------------------------
http://www.securityfocus.com/archive/1/524273
*** [papers] - A Pentesters Guide to Hacking OData ***
---------------------------------------------
A Pentesters Guide to Hacking OData
---------------------------------------------
http://www.exploit-db.com/download_pdf/21664
*** PCI Security Standard: Mobile Payment Acceptance Security Guidelines, (Tue, Oct 2nd) ***
---------------------------------------------
What would Cyber Security Awareness Month with a Standards theme be without discussing some semblance of PCI-related content? Carefully avoiding the debate over the benefits and drawback of PCI DSS, Ill instead focus on a recent read with a quick summary of PCI Mobile Payment Acceptance Security Guidelines for Developers. This guideline hit my radar on 14 SEP courtesy of Ians Dragon News Bytes and was intriguing as I had just published Mobile application security best practices in a BYOD world
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=14206&rss
*** Bugtraq: [security bulletin] HPSBST02818 SSRT100960 rev.1 - HP IBRIX X9000 Storage, Remote Disclosure of Information ***
---------------------------------------------
[security bulletin] HPSBST02818 SSRT100960 rev.1 - HP IBRIX X9000 Storage, Remote Disclosure of Information
---------------------------------------------
http://www.securityfocus.com/archive/1/524275
[View Less]
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 28-09-2012 18:00 − Montag 01-10-2012 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
*** Vuln: openCryptoki Multiple Insecure File Creation Vulnerabilities ***
---------------------------------------------
openCryptoki Multiple Insecure File Creation Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/bid/55627
*** Did NSA Put a Secret …
[View More]Backdoor in New Encryption Standard? ***
---------------------------------------------
"Random numbers are critical for cryptography: for encryption keys, random authentication challenges, initialization vectors, nonces, key-agreement schemes, generating prime numbers and so on. Break the random-number generator, and most of the time you break the entire security system. Which is why you should worry about a new random-number standard that includes an algorithm that is slow, badly designed and just might contain a backdoor for the National Security Agency...."
---------------------------------------------
http://cyberwarzone.com/did-nsa-put-secret-backdoor-new-encryption-standard
*** Security Advisory: Adobe to Revoke Code Signing Certificate (APSA12-01) ***
---------------------------------------------
A Security Advisory (APSA12-01) has been posted in regards to the misuse of an Adobe code signing certificate. Adobe plans to revoke the certificate on October 4, 2012 for all software code signed after July 10, 2012. Adobe is in the process of issuing updates for all affected products using a new digital certificate. For [...]
---------------------------------------------
http://blogs.adobe.com/psirt/2012/09/security-advisory-adobe-to-revoke-code…
*** Scary New Malware Uses Your Phone To Make A Map Of Your House For Robbers ***
---------------------------------------------
"If you arent careful, much of the tech you hold near and dear can be used against you. An app called PlaceRaider, for instance, can use your phone to build a full 3D map of your house, all without you suspecting a thing. Developed by Robert Templeman at the Naval Surface Warfare centre and a few buddies from the University of Indiana, PlaceRader hijacks your phones camera and takes a series of secret photographs, recording the time, and the phones orientation and location with each
---------------------------------------------
http://www.gizmodo.com.au/2012/09/scary-new-malware-uses-your-phone-to-make…
*** A Convenient Scapegoat - Why All Cyber Attacks Originate in China ***
---------------------------------------------
"A fairy tale has crept its way into the collective western InfoSec mindset and poisoned the well of reason and rational thought. I am referring to what I like to term, Lazy Neo-McArthyism, i.e. blaming the Red Menace, a.k. a China. It seems that every other cyber-incident, security breach or strain of malware is attributed to the superpower of the east...."
---------------------------------------------
http://www.securityweek.com/convenient-scapegoat-why-all-cyber-attacks-orig…
*** In a Zero-Day World, It’s Active Attacks that Matter ***
---------------------------------------------
The recent zero-day vulnerability in Internet Explorer caused many (present company included) to urge Internet users to consider surfing the Web with a different browser until Microsoft issued a patch. Microsoft did so last month, but not before experts who ought to have known better began downplaying such advice, pointing out that other browser makers have more vulnerabilities and just as much exposure to zero-day flaws. This post examines hard data that shows why such reasoning is more
---------------------------------------------
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/kKKkx4TbxfY/
*** LG NAS Users and password hash disclosure ***
---------------------------------------------
Topic: LG NAS Users and password hash disclosure Risk: High Text:# Exploit Title: LG NAS Users and password hash disclosure # Date: 2012-09-29 # Vendor Homepage: http://www.lg.com/ # Versio...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/_NaxSfrogiM/WLB-20…
*** Internet scan finds thousands of device flaws, system weaknesses ***
---------------------------------------------
"A scan of the Internet over 20 days has yielded terabytes of data and also some alarming weaknesses including misconfigured routers, vulnerability riddled databases and more than 1,000 exposed passwords. Its a project that HD Moore calls his hobby. The Internet-wide survey looked for open TCP ports, SNMP system descriptions, MDNS responders, UPNP endpoints and NetBIOS name queries...."
---------------------------------------------
http://searchsecurity.techtarget.com/news/2240164210/Internet-scan-finds-th…
[View Less]
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 27-09-2012 18:00 − Freitag 28-09-2012 18:00
Handler: Stephan Richter
*** ISC Feature of the Week: Glossary, (Thu, Sep 27th) ***
---------------------------------------------
Overview Our feature today is a page we just launched, the Glossary:Terms and Definitions page at https://isc.sans.edu/glossary.html! This page allows for browsing and list filtering of Computer and Security-related …
[View More]terms and definitions. There is also an API at https://isc.sans.edu/api/#glossary which Ill also detail below. We will soon be adding a Suggest a New Term or Definition form where you can contribute your thoughts to the list.
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=14188&rss
*** Vuln: CoSoSys Endpoint Protector CVE-2012-2994 Predictable Password Generation Vulnerability ***
---------------------------------------------
CoSoSys Endpoint Protector CVE-2012-2994 Predictable Password Generation Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/55570
*** Updated IEEE Statement on Security Incident ***
---------------------------------------------
"We deeply regret the exposure of user IDs and passwords that we became aware of on 24 September 2012. We would like to take this opportunity to explain to our members and customers the circumstances under which the exposure occurred and provide assurances with respect to IEEEs security processes and policies. IEEE follows security best practices based on ISO and NIST standards...."
---------------------------------------------
http://www.ieee.org/about/news/2012/27september_2012.html
*** Adobe scrambles to revoke stolen cert ***
---------------------------------------------
Malware signed as Adobe software Adobe has revealed an attack that compromised some of its software development servers, resulting in its code signing certificate being used to disguise malware as Adobe software.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/09/27/adobe_cert_…
*** Cisco beseitigt angebliche DoS-Lücken ***
---------------------------------------------
Acht Sicherheitslücken in Ciscos Router-Betriebssystem Cisco IOS beseitigt der Hersteller mit Updates, die zum fälligen halbjährlichen Patchday veröffentlicht wurden. Eine im Session Initiation Protocol (SIP) betrifft auch den Cisco Unified Communications Manager. Alle Lücken erlauben es nach Ciscos Einschätzung maximal, den betroffenen Dienst lahm zu legen.
---------------------------------------------
http://www.heise.de/security/meldung/Cisco-beseitigt-angebliche-DoS-Luecken…
*** Fast alle Hersteller von Steuercode-Problem in Android betroffen ***
---------------------------------------------
Von der anfänglich Samsung zugeschriebenen Android-Steuercode-Schwachstelle sind anscheinend potenziell die meisten Smartphones und UMTS-Tablets betroffen, auf denen Ice Cream Sandwich (Version 4.0.x) oder eine ältere Android-Version läuft. Google hat den Code im Wählprogramm im Juli mit Version 4.1.1 aktualisiert, damit Steuercodes nicht mehr automatisch ausgeführt werden.
---------------------------------------------
http://www.heise.de/security/meldung/Fast-alle-Hersteller-von-Steuercode-Pr…
[View Less]
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 26-09-2012 18:00 − Donnerstag 27-09-2012 18:00
Handler: Stephan Richter
Co-Handler: L. Aaron Kaplan
*** Vuln: 389 Directory Server Access Bypass Vulnerability ***
---------------------------------------------
389 Directory Server Access Bypass Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/55690
*** Vuln: Zend Framework Multiple Cross Site …
[View More]Scripting Vulnerabilities ***
---------------------------------------------
Zend Framework Multiple Cross Site Scripting Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/bid/55636
*** Do Reverse Proxies Provide Real Security? ***
---------------------------------------------
"In the process of building / designing the infrastructure for a new project the following question was asked: shouldnt we use a reverse proxy to secure or protect the web servers? Of course the first question I asked myself is do reverse proxies provide real security? or is this a best / common practice that has been adopted without foundation?..."
---------------------------------------------
http://www.infosecisland.com/documentview/22458-Do-Reverse-Proxies-Provide-…
*** Maker of Smart-Grid Control Software Hacked ***
---------------------------------------------
"The maker of an industrial control system designed to be used with so-called smart grid networks disclosed to customers last week that hackers had breached its network and accessed project files related to a control system used in portions of the electrical grid. Telvent, which is owned by Schneider Electric, told customers in a letter that on Sept. 10 it learned of the breach into its network. The attackers installed malicious software on the network and also accessed project files for
---------------------------------------------
http://www.wired.com/threatlevel/2012/09/scada-vendor-telvent-hacked/
*** Cisco IOS Security Advisory Bundle - http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep12.html, (Thu, Sep 27th) ***
---------------------------------------------
-Kevin -- ISC Handler on Duty (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=14185&rsshttp://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep12.html
*** Netzbetreiber sehen Domain Name System durch Attacken zunehmend in Gefahr ***
---------------------------------------------
Groß angelegte Attacken auf DNS-Server sind in den vergangenen Monaten sprunghaft angestiegen. Angriffe, die die Netze mit Datenraten von 50 bis 100 Gigabit/Sekunde in die Knie zwingen, seien an der Tagesordnung, sagte Paul Vixie, Gründer des Internet Systems Consortium (ISC).
---------------------------------------------
http://www.heise.de/security/meldung/Netzbetreiber-sehen-Domain-Name-System…
*** EU Banks Not Prepared for Attacks - Experts Cite Inadequate Controls, Information Sharing ***
---------------------------------------------
"Website outages that so far have targeted five leading U.S. banks should serve as a warning to global institutions of cyberthreats to come. Yet, major European institutions are not prepared to prevent or respond to such attacks, according to fraud and security experts at the European Network and Information Security Agency and Barclays, one of the worlds leading banks."What I see so much in Europe, especially in the U.K., is that no one wants to talk about the attacks theyre...
---------------------------------------------
http://www.bankinfosecurity.com/eu-banks-prepared-for-attacks-a-5144
*** [webapps] - Trend Micro Control Manager 5.5/6.0 AdHocQuery BlindSQL Injection (post-auth) ***
---------------------------------------------
Trend Micro Control Manager 5.5/6.0 AdHocQuery BlindSQL Injection (post-auth)
---------------------------------------------
http://www.exploit-db.com/exploits/21546
*** [webapps] - JAMF Casper Suite MDM CSRF Vulnerability ***
---------------------------------------------
JAMF Casper Suite MDM CSRF Vulnerability
---------------------------------------------
http://www.exploit-db.com/exploits/21545
*** Bugtraq: NGS00254 Patch Notification: Apple Mac OS X Lion USB Hub Class Hub Descriptor Arbitrary Code Execution ***
---------------------------------------------
NGS00254 Patch Notification: Apple Mac OS X Lion USB Hub Class Hub Descriptor Arbitrary Code Execution
---------------------------------------------
http://www.securityfocus.com/archive/1/524248
*** Bugtraq: XSS in OSSEC wui 0.3 ***
---------------------------------------------
XSS in OSSEC wui 0.3
---------------------------------------------
http://www.securityfocus.com/archive/1/524247
*** Cyber Security Bulletin SB12-269 - Vulnerability Summary for the Week of September 17, 2012 ***
---------------------------------------------
"High Vulnerabilities : adobe -- flash_playeranecms -- anecmsapple -- mac_os_xapple -- mac_os_xbananadance -- banana_dancebioinformatics -- ordersysMedium Vulnerabilities:apache -- wicketapache -- cxfapple -- safariapple -- mac_os_xapple -- iphone_osblairwilliams -- pretty_link_lite_pluginburnsy -- jbshop_pluginLow Vulnerabilities:63reasons -- supercronalex_barth -- dataalquimia -- managesitecisco -- ioscollectivecolors -- taxonomy_view_integrator_moduledmitry_loac -- taxotouch..."
---------------------------------------------
http://www.us-cert.gov/cas/bulletins/SB12-269.html#top
*** News, Technologies and Techniques: Why SSD Drives Destroy Court Evidence, and What Can Be Done About It: Part 1 ***
---------------------------------------------
Solid State drives SSD introduced dramatic changes to the principles of computer forensics. Forensic acquisition of computers equipped with SSD storage is very different from how we used to acquire PCs using traditional magnetic media. read more
---------------------------------------------
http://www.dfinews.com/article/why-ssd-drives-destroy-court-evidence-and-wh…
[View Less]
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 25-09-2012 18:00 − Mittwoch 26-09-2012 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
*** Vuln: HP Application Lifecycle Management XGO.ocx Multiple Remote Code Execution Vulnerabilities ***
---------------------------------------------
HP Application Lifecycle Management XGO.ocx Multiple Remote Code Execution Vulnerabilities
---------------------------------------------
http://www.…
[View More]securityfocus.com/bid/55272
*** Espionage Hackers Target Watering Hole Sites ***
---------------------------------------------
"Security experts are accustomed to direct attacks, but some of todays more insidious incursions succeed in a roundabout way by planting malware at sites deemed most likely to be visited by the targets of interest. New research suggests these so-called watering hole tactics recently have been used as stepping stones to conduct espionage attacks against a host of targets across a variety of industries, including the defense, government, academia, financial services, healthcare and utilities
---------------------------------------------
http://krebsonsecurity.com/2012/09/espionage-hackers-target-watering-hole-s…
*** QNX QCONN Remote Command Execution Vurnerability ***
---------------------------------------------
Topic: QNX QCONN Remote Command Execution Vurnerability Risk: High Text:# Title : QNX QCONN Remote Command Execution Vurnerability # Version : QNX 6.5.0 >= , QCONN >= 1.4.207944 # Download: http://...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/ZxigkLQDTgU/WLB-20…
*** Samba 3.6.3 remote root exploit ***
---------------------------------------------
Topic: Samba 3.6.3 remote root exploit Risk: High Text:#!/usr/bin/python # # finding targets 4 31337z: # gdb /usr/sbin/smbd `ps auwx | grep smbd | grep -v grep | head -n1 | awk {...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/JMaQdgM9SUg/WLB-20…
(Kommentar: aktuell ist Samba 3.6.8, manche Long-Term Distributionen wie Debian liefern aber noch älteres wie 3.5.6 aus)
*** phpMyAdmin mit Backdoor ***
---------------------------------------------
Zeitweise wurde über einen der offiziellen Download-Server eine manipulierte Version des Datenbankverwaltungstools verteilt, die ein Backdoor-Skript enthält.
---------------------------------------------
http://www.heise.de/security/meldung/phpMyAdmin-mit-Backdoor-1717377.html/f…
*** Schutz vor Fernlöschung von Samsung-Smartphones ***
---------------------------------------------
Einige Samsung-Smartphones kann man durch eine präparierte Webseite oder spezielle SMS ohne Einwilligung des Besitzers aus der Ferne löschen, wie am gestrigen Dienstag bekannt wurde. In Googles App-Shop Google Play gibt es nun das kostenlose Tool NoTelURL von Jörg Voss, das dafür sorgt, dass die USSD-Steuercodes nicht mehr ohne Zutun des Nutzers ausgeführt werden.
---------------------------------------------
http://www.heise.de/security/meldung/Schutz-vor-Fernloeschung-von-Samsung-S…
*** More Java Woes, (Wed, Sep 26th) ***
---------------------------------------------
A number of readers alerted us of news reports stating that new full sandbox escape vulnerabilities had been reported to Oracle. At this point, there are no details available as to the nature of these vulnerabilities, and there is no evidence that any of these vulnerabilities are exploited. However, it is widely known that Oracle is working on a substantial backlog of these vulnerabilities. It is still recommended to use Java with caution. Some best practices: - Uninstall Java if you dont need
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=14179&rss
*** Malicious PhpMyAdmin Served From SourceForge Mirror ***
---------------------------------------------
An anonymous reader writes with a bit of news about the compromised download of phpMyAdmin discovered on an sf.net mirror yesterday: "A malicious version of the open source Web-based MySQL database administration tool phpMyAdmin has been discovered on one of the official mirror sites of SourceForge, the popular online code repository for free and open source software. The file — phpMyAdmin-3.5.2.2-all-languages.zip — was modified to include a backdoor that allowed attackers to
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/15L5Bg-UnmY/malicious-phpmy…
*** Vuln: libxml2 Unspecified Out-of-Bounds Remote Denial of Service Vulnerability ***
---------------------------------------------
libxml2 Unspecified Out-of-Bounds Remote Denial of Service Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/51084
[View Less]