[CERT-daily] Tageszusammenfassung - Donnerstag 29-11-2012

Daily end-of-shift report team at cert.at
Thu Nov 29 18:04:43 CET 2012


=======================
= End-of-Shift report =
=======================
Timeframe:   Mittwoch 28-11-2012 18:00 − Donnerstag 29-11-2012 18:00
Handler:     Robert Waldner
Co-Handler:  n/a

*** New version of wireshark is available (1.8.4), some security fixes included. , (Wed, Nov 28th) ***
---------------------------------------------
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=14587&rss




*** Good Practice Guide for Addressing Network and Information Security Aspects of Cybercrime ***
---------------------------------------------
"In 2010 ENISA started its support for operational collaboration between the Computer Emergency Response Teams (CERTs) in the Member States on the one hand and Law Enforcing Agencies (LEA) on the other hand. Various activities have since been launched, including stock takings of legal and operational obstacles that prevent collaboration, advice resulting from that, workshops that brought together members of both communities, consultation with members of both communities, etc. It was soon
---------------------------------------------
http://www.enisa.europa.eu/activities/cert/support/fight-against-cybercrime/good-practice-guide-for-addressing-network-and-information-security-aspects-of-cybercrime




*** Vuln: OpenDNSSEC cURL API Security Bypass Vulnerability ***
---------------------------------------------
OpenDNSSEC cURL API Security Bypass Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/56679





*** How to Minimize Medical Device Risks - Ethical Hacker Offers Action Items ***
---------------------------------------------
"Malware and hackers present potential security threats to wireless medical devices and safety risks to the patients who use them. But healthcare organizations and device manufacturers can take several steps to curtail those risks, says an ethical hacker who has demonstrated the vulnerability of various devices. Barnaby Jack, director of embedded device security at services firm IOActive, recently demonstrated how an implanted wireless heart defibrillator can be hacked from 50 feet away to
---------------------------------------------
http://www.healthcareinfosecurity.com/how-to-minimize-medical-device-risks-a-5310?rf=2012-11-29-eh




*** [webapps] - Oracle OpenSSO 8.0 Multiple XSS POST Injection Vulnerabilities ***
---------------------------------------------
Oracle OpenSSO 8.0 Multiple XSS POST Injection Vulnerabilities
---------------------------------------------
http://www.exploit-db.com/exploits/23004




*** Bugtraq: Wordpress Plugin Simple Gmail Login Stack Trace Vulnerability ***
---------------------------------------------
Wordpress Plugin Simple Gmail Login Stack Trace Vulnerability
---------------------------------------------
http://www.securityfocus.com/archive/1/524863




*** WhatsApp: Schwere Sicherheitslücke entdeckt ***
---------------------------------------------
Über die Handynummer sowie die Seriennummer kann relativ einfach das WhatsApp-Passwort erzeugt und so ein fremder Accounts übernommen werden. Das hat das deutsche Online-Portal heise Security aufgedeckt. Die Entwickler von WhatsApp wollen aber offenbar nichts von der Lücke wissen.
---------------------------------------------
http://futurezone.at/produkte/12738-whatsapp-schwere-sicherheitsluecke-entdeckt.php?rss=fuzo






More information about the Daily mailing list