======================= = End-of-Shift report = ======================= Timeframe: Dienstag 11-09-2012 18:05 - Mittwoch 12-09-2012 18:00 Handler: Stephan Richter Co-Handler: Christian Wojner

*** Bugtraq: ESA-2012-029: RSA BSAFE(r) SSL-C Multiple Vulnerabilities *** --------------------------------------------- ESA-2012-029: RSA BSAFE(r) SSL-C Multiple Vulnerabilities --------------------------------------------- http://www.securityfocus.com/archive/1/524142

*** Bugtraq: Multiple vulnerabilities in Ezylog photovoltaic management server *** --------------------------------------------- Multiple vulnerabilities in Ezylog photovoltaic management server --------------------------------------------- http://www.securityfocus.com/archive/1/524140

*** Vuln: libguac Remote Buffer Overflow Vulnerability *** --------------------------------------------- libguac Remote Buffer Overflow Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/55497

*** The geography of cybercrime: Western Europe and North America *** --------------------------------------------- "The Internet knows no borders, but according to our data, cybercrime has specific geographical features. In different parts of the world cybercriminals launch different malicious programs, their attacks have different priorities and they use different tricks to make money. This is not just due to their physical location, but also due to the nature of the countries where their potential victims are located...." --------------------------------------------- http://www.securelist.com/en/analysis/204792244/The_geography_of_cybercrime_...

*** Cosmo, the Hacker God Who Fell to Earth *** --------------------------------------------- "Cosmo is huge 6 foot 7 and 220 pounds the last time he was weighed, at a detention facility in Long Beach, California on June 26. And yet hes getting bigger, because Cosmo also known as Cosmo the God, the social-engineering mastermind who weaseled his way past security systems at Amazon, Apple, AT&T, PayPal, AOL, Netflix, Network Solutions, and Microsoft is just 15 years old. He turns 16 next March, and he may very well do so inside a prison cell...." --------------------------------------------- http://www.wired.com/gadgetlab/2012/09/cosmo-the-god-who-fell-to-earth/

*** Inside your users brains: Where they get security advice *** --------------------------------------------- "IT professionals work hard to become experts in their field. They also work hard protecting the infrastructure and users they're responsible for. Unfortunately, not everyone has access to an IT expert...." --------------------------------------------- http://www.techrepublic.com/blog/security/inside-your-users-brains-where-the...

*** Microsoft will Flash-Lücke im IE10 nun doch schließen *** --------------------------------------------- Nachdem es Kritik hagelte, will Microsoft den in seinem neuen Internet Explorer festintegrierten Flash Player nun doch vor der offiziellen Freigabe von Windows 8 aktualisieren. --------------------------------------------- http://www.heise.de/security/meldung/Microsoft-will-Flash-Luecke-im-IE10-nun...

*** Vuln: Dnsmasq Remote Denial of Service Vulnerability *** --------------------------------------------- Dnsmasq Remote Denial of Service Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/54353

*** Cyber security strengthened at EU institutions *** --------------------------------------------- "EU institutions have reinforced their fight against cyber threats by establishing the EUs Computer Emergency Response Team, or CERT-EU, on a permanent basis. This decision follows a successful one-year pilot for the team, which drew positive assessments from clients and peers. Vice-President Maros Sefcovic said: "The EU institutions, like any other major organizations, are frequently the target of information security incidents...." --------------------------------------------- http://www.net-security.org/secworld.php?id=13580

*** Cyber Crime: The QR code: A new frontier in mobile attackability *** --------------------------------------------- A single poisoned link is all it takes to expose an entire organization to a full-scale attack. Hackers write sophisticated browser-based attacks that operate quite stealthily. Now, they're going a... --------------------------------------------- http://feedproxy.google.com/~r/HelpNetSecurity/~3/OL5fpFtGGvU/article.php

*** Visas New End-to-End Encryption Service - P2P Encryption Program Aims to Eliminate POS Card Risks *** --------------------------------------------- "Visas new end-to-end encryption service aims to eliminate payment card data at the merchant level. Eduardo Perez of Visas Risk Group discusses the security value of this emerging solution. Visas Merchant Data Secure with Point-to-Point Encryption solution wont launch until 2013...." --------------------------------------------- http://www.bankinfosecurity.com/interviews/visas-new-end-to-end-encryption-s...