======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 05-09-2012 18:00 - Donnerstag 06-09-2012 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner
*** Umfrage: Viele Sysadmins beschäftigen sich nicht mit IT-Sicherheitsmanagement *** --------------------------------------------- Rund 1500 Administratoren haben zum Tag des Systemadministrators unter Love Your Admin eine Umfrage der Firma Synetics ausgefüllt, die sich auf Software zur Dokumentation von Administrationsaufgaben spezialisiert hat. --------------------------------------------- http://www.heise.de/newsticker/meldung/Umfrage-Viele-Sysadmins-beschaeftigen...
*** Watch this - the funniest spam video youll ever see [VIDEO] *** --------------------------------------------- "We all want our friends and family to learn more about how better to secure their computers. But the eternal challenge is how can we make the advice interesting and engaging for a non-techie audience, and not make the mistake of endlessly droning on using buzzwords they are unlikely to understand. The video below about spam - made by the folks at "Glove and Boots" - manages to make what could be a tremendously dry topic, funny and informative instead...." --------------------------------------------- http://nakedsecurity.sophos.com/2012/09/05/funniest-spam-video/
*** Bugtraq: Cross-Site Scripting (XSS) in Kayako Fusion *** --------------------------------------------- Cross-Site Scripting (XSS) in Kayako Fusion --------------------------------------------- http://www.securityfocus.com/archive/1/524108
*** Vuln: CoDeSys Access Security Bypass Vulnerability *** --------------------------------------------- CoDeSys Access Security Bypass Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/52942
*** Vuln: WAGO IPC 758-870 Hardcoded Password Security Bypass Vulnerability *** --------------------------------------------- WAGO IPC 758-870 Hardcoded Password Security Bypass Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/52940
*** Bugtraq: APPLE-SA-2012-09-05-1 Java for OS X 2012-005 and Java for Mac OS X 10.6 Update 10 *** --------------------------------------------- APPLE-SA-2012-09-05-1 Java for OS X 2012-005 and Java for Mac OS X 10.6 Update 10 --------------------------------------------- http://www.securityfocus.com/archive/1/524112
*** Online bank punters tricked into approving theft of their OWN CASH *** --------------------------------------------- Man-in-browser Trojan attack discovered Security researchers have discovered a malware-based attack against the chipTAN system used by bank customers in Germany to authorise transactions online. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2012/09/06/german_chipt...
*** Vuln: HP SiteScope UploadFilesHandler Directory Traversal Vulnerability *** --------------------------------------------- HP SiteScope UploadFilesHandler Directory Traversal Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/55273
*** Vuln: HP SiteScope Multiple Security Bypass Vulnerabilities *** --------------------------------------------- HP SiteScope Multiple Security Bypass Vulnerabilities --------------------------------------------- http://www.securityfocus.com/bid/55269
*** Java 7 Attack Vectors, Oh My! *** --------------------------------------------- "While researching how to successfully mitigate the recent Java 7 vulnerability (VU#636312, CVE-2012-4681), we (and by "we" I mean "Will Dormann") found quite a mess. In the midst of discussion about exploit activity and the out-of-cycle update from Oracle, Id like to call attention to a couple other important points. First, theres the question of the defensive value of the Java 7u7 update (and patching in general)...." --------------------------------------------- http://www.cert.org/blogs/certcc/2012/09/java_7_attack_vectors_oh_my.html