[CERT-daily] Tageszusammenfassung - Dienstag 20-11-2012

Daily end-of-shift report team at cert.at
Tue Nov 20 18:21:06 CET 2012


=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 19-11-2012 18:00 − Dienstag 20-11-2012 18:00
Handler:     Stephan Richter
Co-Handler:  Robert Waldner




*** Bugtraq: CVE-2012-4366: Insecure default WPA2 passphrase in multiple Belkin wireless routers ***
---------------------------------------------
CVE-2012-4366: Insecure default WPA2 passphrase in multiple Belkin wireless routers
---------------------------------------------
http://www.securityfocus.com/archive/1/524767




*** Hotfix für ColdFusion 10 ***
---------------------------------------------
Das Update schließt eine DoS-Lücke in der Windows-Version von Adobes Anwendungsserver.
---------------------------------------------
http://www.heise.de/security/meldung/Hotfix-fuer-ColdFusion-10-1752975.html/from/atom10




*** Vuln: Splunk Multiple Cross-Site Scripting and Denial of Service Vulnerabilities ***
---------------------------------------------
Splunk Multiple Cross-Site Scripting and Denial of Service Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/bid/56581




*** An Android Malware Analysis: DroidKungFu ***
---------------------------------------------
"Few users are aware of how Android malware works. Few understand their complexity or the amount of data they can pillage from handsets. As such, we decided to come up with a short series of articles to take apart some of the most common and potentially dangerous Android malware strands that wreak havoc on smartphones...."
---------------------------------------------
http://www.hotforsecurity.com/blog/an-android-malware-analysis-droidkungfu-4474.html




*** Nintendo fixes Wii U network after claims of accidental hack ***
---------------------------------------------
"Just hours after the US launch of Nintendos latest game console, the Wii U, a video game fan claims that he accidentally "hacked" into the consoles online component - the Miiverse. A Wii U user called "Trike" posted on NeoGAF that he had stumbled across a secret debug menu in the Miiverse that gave him access to a Japanese language list of administrators, with seemingly the ability to regenerate passwords and delete the access rights of admins."At first it asked...
---------------------------------------------
http://nakedsecurity.sophos.com/2012/11/19/nintendos-wii-u-network-hack/




*** Malware made which can share a smartcard over the internet ***
---------------------------------------------
Use a bank or ID card as though you had it with you Security researchers have developed proof-of-concept malware that allows attackers to obtain remote access to smart card readers attached to compromised Windows PCs.…
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/11/20/smart_card_reader_malware/




*** Raiffeisen Introduces PhotoTAN to Protect Customer Transactions Against Malware ***
---------------------------------------------
"European banks, which are said to have implemented far more advanced security mechanisms to protect their customers than the ones from the US, are trying to live up to their reputation. Swiss bank Raiffeisen has introduced a new security feature that relies on Crontos Visual Transaction Signing Solution. Available for customers in Switzerland starting today, the CrontoSign is designed to protect online transactions against cyberattacks that rely on clever information-stealing Trojans such...
---------------------------------------------
http://news.softpedia.com/news/Raiffeisen-Introduces-PhotoTAN-to-Protect-Customer-Transactions-Against-Malware-308040.shtml




*** WhatsApp stopft Sicherheitsloch – und verlangt Abo-Gebühren ***
---------------------------------------------
Der Betreiber der beliebten SMS-Alternative WhatsApp hat heimlich Änderungen an seinem Dienst vorgenommen, um eine seit längerer Zeit bekannte Schwachstelle zu stopfen. Auf viele Nutzer wartete jedoch gleich die nächste böse Überraschung: Die WhatsApp-Nutzung kostet auf den meisten Smartphone-Plattformen ab sofort Geld.
---------------------------------------------
http://www.heise.de/security/meldung/WhatsApp-stopft-Sicherheitsloch-und-verlangt-Abo-Gebuehren-1753088.html/from/atom10




*** Bugtraq: OSSIM 4.0.2 open-source SIEM solution does not verify .deb signatures ***
---------------------------------------------
OSSIM 4.0.2 open-source SIEM solution does not verify .deb signatures
---------------------------------------------
http://www.securityfocus.com/archive/1/524779




*** Bugtraq: SonicWALL CDP 5040 v6.x - Multiple Web Vulnerabilities ***
---------------------------------------------
SonicWALL CDP 5040 v6.x - Multiple Web Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/archive/1/524777


More information about the Daily mailing list