Daily

daily@lists.cert.at

1 participants
3082 discussions

Tageszusammenfassung - Montag 3. 9. 2012
by Otmar Lendl 17 Sep '12

17 Sep '12

======================= = End-of-Shift report = ======================= Timeframe: Freitag 31-08-2012 18:00 - Montag 03-09-2012 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** Vuln: TYPO3 Core TYPO3-CORE-SA-2012-004 Multiple Remote Security Vulnerabilities *** --------------------------------------------- TYPO3 Core TYPO3-CORE-SA-2012-004 Multiple Remote Security Vulnerabilities --------------------------------------------- http://www.securityfocus.com/bid/55052 *** Here we go again: Critical flaw found in just-patched Java *** --------------------------------------------- Emergency fix rushed out half-baked Security Explorations, the Polish security startup that discovered the Java SE 7 vulnerabilities that have been the targets of recent web-based exploits, has spotted a new flaw that affects the patched version of Java released this Thursday.â¦ --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2012/08/31/critical_fl… *** Security update released for Adobe Photoshop CS6 (APSB12-20) *** --------------------------------------------- Today, a Security Bulletin (APSB12-20) has been posted in regards to a security update for Adobe Photoshop CS6 (13.0) for Windows and Macintosh. Adobe recommends that users apply the update for their product installation. This posting is provided âAS ISâ with no warranties and confers no rights. --------------------------------------------- http://blogs.adobe.com/psirt/2012/08/security-update-released-for-adobe-pho… *** Vuln: unixODBC SQLDriverConnect() FILEDSN and DRIVER Options Buffer Overflow Vulnerabilities *** --------------------------------------------- unixODBC SQLDriverConnect() FILEDSN and DRIVER Options Buffer Overflow Vulnerabilities --------------------------------------------- http://www.securityfocus.com/bid/53712 *** Vuln: Rugged Operating System Private Key Disclosure Vulnerability *** --------------------------------------------- Rugged Operating System Private Key Disclosure Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/55123 *** Hackerszene trojanisiert Fernwartungswerkzeug *** --------------------------------------------- http://www.heise.de/security/meldung/Hackerszene-trojanisiert-Fernwartungsw… *** 30 new top cyber security advisors appointed to the EU Agency ENISAs Permanent Stakeholders Group *** --------------------------------------------- "A new composition of 30 top IT-security experts have started their term of office as members of ENISAs Permanent Stakeholders Group (PSG). The PSG will give top IT security advice to the EUs cyber security Agency ENISA, the European Network and Information Security Agency. The PSG is a group of leading IT-security experts that gives advice to the Agencys Executive Director in, for example, drawing up a proposal for the Agencys annual Work Programme...." --------------------------------------------- http://www.cisionwire.com/enisa---european-network-and-information-security… *** [webapps] - SugarCRM Community Edition 6.5.2 (Build 8410) Multiple Vulnerabilities *** --------------------------------------------- SugarCRM Community Edition 6.5.2 (Build 8410) Multiple Vulnerabilities --------------------------------------------- http://www.exploit-db.com/exploits/20981 *** American Express doesnt take security seriously *** --------------------------------------------- "We've already established that when it comes to security, passwords alone are not a very good choice. Sure, they're better than nothing, but with most people picking insecure passwords and companies saving them in unencrypted formats, there are better solutions out there. American Express takes insecure passwords and makes them even more insecure...." --------------------------------------------- http://www.neowin.net/news/american-express-doesnt-take-security-seriously? *** ICS-CERT - New JSAR, Advisory and Updated Alert *** --------------------------------------------- "Still getting caught up after Isaac; while ICS-CERT hasnt been real busy they havent waited for me either. So here is a quick look at a new Joint Security Awareness Report (JSAR), a new privilege escalation advisory and an update on a Siemens related alert. ICS-CERT and US-CERT published a JSAR on Wednesday for the information-stealing malware W32...." --------------------------------------------- http://chemical-facility-security-news.blogspot.nl/2012/09/ics-cert-new-jsa… *** Russia unveils own Android-like, hack-proof mobile operating system *** --------------------------------------------- "It seems that Russias defence ministry has little faith in Googles operating systems: it has just unveiled its own encrypted version that has the remarkably familiar feel of an Android. Russias very first smart prototype was presented on the sidelines of a Berlin electronics show this week to deputy prime minister Dmitry Rogozin -- an avowed nationalist who oversees the militarys technological innovation. A slimmed down version of the operating system in computer tablet form is actually --------------------------------------------- http://timesofindia.indiatimes.com/tech/news/software-services/Russia-unvei… *** [papers] - Shellcoding in Linux *** --------------------------------------------- Shellcoding in Linux --------------------------------------------- http://www.exploit-db.com/download_pdf/21013 *** Hit by dubious claims, RBI junks ATM cash retraction *** --------------------------------------------- "The banks have done away with the cash retraction system in ATMs. The system, which enabled the machine to take back the currency if it is not removed within a certain time, was withdrawn last week after the Reserve Bank of India (RBI) agreed to National Payments Corporation of Indias proposal for removing the feature from all ATMs to deal with the increasing number of fraudulent claims about non-receipt of cash. Banks have posted messages on their websites that the system has been --------------------------------------------- http://economictimes.indiatimes.com/news/news-by-industry/banking/finance/b… *** VMware sichert Serverprodukte ab *** --------------------------------------------- http://www.heise.de/security/meldung/VMware-sichert-Serverprodukte-ab-16979…

1 0

Tageszusammenfassung - Freitag 31-08-2012
by Otmar Lendl 17 Sep '12

17 Sep '12

======================= = End-of-Shift report = ======================= Timeframe: Montag 27-08-2012 18:14 - Freitag 31-08-2012 18:14 Handler: Stephan Richter Co-Handler: Christian Wojner *** Is the death knell sounding for traditional antivirus? *** --------------------------------------------- "Antivirus developers need to run malcode in their labs in order to create malware-identifying signatures. What happens if they cant? Developers of traditional antivirus depend on:The ability to run malware in their labs...." --------------------------------------------- http://www.techrepublic.com/blog/security/is-the-death-knell-sounding-for-t… *** Joomla com_weblinks SQL Vulnerability *** --------------------------------------------- Topic: Joomla com_weblinks SQL Vulnerability Risk: Medium Text: ## # # Exploit Title : Joomla Com_Weblinks Sql Vulnerability # # Author : IrIsT.Ir # # Discovered By : N... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/E7Kh6tyN_0k/WLB-20… *** ReIssued Red Alert - Dorifel Decrypter v1.5 released. Supports new Dorifel variant found in Canada, new RC4 key etc. *** --------------------------------------------- "In the beginning of August 2012, Dutch government, public sector and networks of private companies are hit hard by a new wave of crypto malware named Trojan-Ransom. Win32. Dorifel...." --------------------------------------------- http://www.surfright.nl/en/support/dorifel-decrypter *** Bugtraq: Seeker Adv MS-06 - .Net Cross Site Scripting - Request Validation Bypassing *** --------------------------------------------- Seeker Adv MS-06 - .Net Cross Site Scripting - Request Validation Bypassing --------------------------------------------- http://www.securityfocus.com/archive/1/524043 *** Phishing without a webpage - researcher reveals how a link *itself* can be malicious *** --------------------------------------------- "The need for a reliable place to host your malicious website has been the bane of phishers for much of the last decade. But, no longer. A researcher at the University of Oslo in Norway says that page-less phishing and other untraceable attacks may be possible, using a tried and true internet communications standard: the uniform resource identifier, or URI...." --------------------------------------------- http://nakedsecurity.sophos.com/2012/08/31/phishing-without-a-webpage-resea… *** News, Technologies and Techniques: Virus on virus â set a thief to catch a thief *** --------------------------------------------- The old debate on whether it would be ethical to use viruses to detect and even clean other viruses has largely been won by the law of unintended consequences: its simply too dangerous. But that doesnât mean it doesnât happen accidentally... --------------------------------------------- http://www.infosecurity-magazine.com/view/27901/virus-on-virus-set-a-thief-…

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily