======================= = End-of-Shift report = =======================
Timeframe: Dienstag 21-05-2013 18:00 − Mittwoch 22-05-2013 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner
*** Researchers find critical vulnerabilities in popular game engines *** --------------------------------------------- Attackers could exploit the flaws to compromise game clients and servers, researchers from ReVuln said --------------------------------------------- http://www.csoonline.com/article/733773/researchers-find-critical-vulnerabil...
*** WordPress Events Manager Plugin Multiple Cross-Site Scripting Vulnerabilities *** --------------------------------------------- Multiple vulnerabilities have been discovered in the Events Manager plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks. --------------------------------------------- https://secunia.com/advisories/53478
*** Bugtraq: Multiple Vulnerabilities in Wordpress Plugins *** --------------------------------------------- [waraxe-2013-SA#104] - Multiple Vulnerabilities in Spider Event Calendar Wordpress Plugin [waraxe-2013-SA#105] - Multiple Vulnerabilities in Spider Catalog Wordpress Plugin --------------------------------------------- http://www.securityfocus.com/archive/1/526660 http://www.securityfocus.com/archive/1/526661
*** The Top 10 Internet Resources to Use After Suffering a Cyber Breach *** --------------------------------------------- Most cyber breaches into your online presence will be directed at your website server and its accompanying databases or accounts. And, if you’ve been the victim of a server hack, it probably occurred through one of two different means. The first would be an attack at some sort of weakness in third party web applications, or... --------------------------------------------- http://resources.infosecinstitute.com/the-top-10-internet-resources-to-use-a...
*** Oracle Solaris Multiple Vulnerabilities *** --------------------------------------------- https://secunia.com/advisories/53462 https://secunia.com/advisories/53468
*** Bugtraq: Trend Micro DirectPass 1.5.0.1060 - Multiple Vulnerabilities *** --------------------------------------------- The Vulnerability Laboratory Research Team discovered multiple software vulnerabilities in the official Trend Micro DirectPass v1.5.0.1060 Software. --------------------------------------------- http://www.securityfocus.com/archive/1/526658
*** Apache Struts "ParameterInterceptor" Security Bypass Vulnerability *** --------------------------------------------- A vulnerability has been reported in Apache Struts, which can be exploited by malicious people to bypass certain security restrictions. --------------------------------------------- https://secunia.com/advisories/53495
*** IBM Eclipse Help System information disclosure *** --------------------------------------------- Multiple IBM products could allow a remote attacker to obtain sensitive information, caused by an error in the IBM Eclipse Help System. A specially-crafted URL could cause an error message to be returned in the browser that may contain sensitive information. --------------------------------------------- http://xforce.iss.net/xforce/xfdb/83613
*** DHS to Share Zero-Day Intelligence *** --------------------------------------------- The U.S. Department of Homeland Security (DHS) is developing a system that will enable classified vulnerability data to be shared with the private sector. The information, primarily Zero-Day vulnerability data, will be sold via a select group of service providers.
Siehe auch: http://www.dhs.gov/enhanced-cybersecurity-services Siehe auch: http://www.csoonline.com/article/733557/experts-ding-dhs-vulnerability-shari... --------------------------------------------- http://www.securityweek.com/dhs-share-zero-day-intelligence