======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 09-01-2013 18:00 − Donnerstag 10-01-2013 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner
*** Vuln: GE Proficy HMI/SCADA CIMPLICITY Denial of Service Vulnerability *** --------------------------------------------- GE Proficy HMI/SCADA CIMPLICITY Denial of Service Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/57188
*** Police Arrest Alleged ZeuS Botmaster “bx1″ *** --------------------------------------------- A man arrested in Thailand this week on charges of stealing millions from online bank accounts fits the profile of a miscreant nicknamed "bx1," a hacker fingered by Microsoft as a major operator of botnets powered by the ZeuS banking trojan. --------------------------------------------- http://feedproxy.google.com/~r/KrebsOnSecurity/~3/D_NUNHSTfy8/
*** Zero-Day Java Exploit Debuts in Crimeware *** --------------------------------------------- The hackers who maintain Blackhole and Nuclear Pack – competing crimeware products that are made to be stitched into hacked sites and use browser flaws to foist malware — say they’ve added a brand new exploit that attacks a previously unknown and currently unpatched security hole in Java. --------------------------------------------- http://feedproxy.google.com/~r/KrebsOnSecurity/~3/x8J2sRZ5128/
*** Vuln: Microsoft .NET Framework CVE-2013-0004 Remote Privilege Escalation Vulnerability *** --------------------------------------------- Microsoft .NET Framework CVE-2013-0004 Remote Privilege Escalation Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/57113
*** Web Application Vulnerability Statistics of 2012 *** --------------------------------------------- "With years of experience and valuable insights from our cloud based application security testing, we thought of conducting a study to discover the prevailing website vulnerability trends. The study is based on our original research on more than 5000 tests covering 300+ customers distributed globally. How was the study conducted?..." --------------------------------------------- http://www.ivizsecurity.com/blog/penetration-testing/web-application-vulnera...
*** Exploit für Ruby on Rails im Umlauf *** --------------------------------------------- Die Sicherheitslücke in Ruby-On-Rails erweist sich als akut gefährlich; erste Exploits sind im Umlauf und Berichte über gekaperte Web-Server laufen ein. Administratoren sollten dringend handeln. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/2763d32a/l/0L0Sheise0Bde0Cmeld...