[CERT-daily] Tageszusammenfassung - Freitag 19-10-2012

Fri Oct 19 19:11:58 CEST 2012

=======================
= End-of-Shift report =
=======================
Timeframe:   Donnerstag 18-10-2012 18:00 − Freitag 19-10-2012 18:00
Handler:     Stephan Richter
Co-Handler:  Robert Waldner

*** Download the report from FireEye, now. ***
---------------------------------------------
"Learn how to protect your organization from the most dangerous cyber attacks by discovering the tactics used in successful attacks. In a unique report from FireEye, youll get first-hand information from the FireEye Malware Intelligence Labs, which analyzes data from Malware Protection Systems (MPS) deployed behind existing security defenses. Youll benefit from gaining visibility into the most lethal attacks of the year, and discovering how they successfully evaded traditional
---------------------------------------------
http://www2.fireeye.com/FierceCIO_Advanced_Threat_LP.html


*** Cyber Security Awareness Month - Day 18 - Vendor Standards: The vSphere Hardening Guide, (Thu, Oct 18th) ***
---------------------------------------------
Many vendors have security hardening guides - step-by-step guides to increasing the security posture of one product or another. We alluded to the Cisco guides earlier this month (Day 11), Microsoft also makes a decent set of hardening guides for Windows server and workstation products, as do most Linux distros - youll find that most vendors have documents of this type. VMwares vSphere hardening guide is one I use frequently. Its seen several iterations over the years - the versions considered
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=14341&rss


*** Apple banishes Java from Mac browsers ***
---------------------------------------------
Fanbois told to install Oracles plugin Apple has discontinued its own Java plugin, issuing an update that removes it from MacOS and encourages users to instead download Oracles version of the software.�
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/10/19/apple_banishes_java_from_macos_browsers/


*** Dont secure the internet, it needs crime: Diffie ***
---------------------------------------------
"While many people see securing the internet as a means to stopping cybercrime, former vice president for information security and cryptography at the Internet Corporation for Assigned Names and Numbers (ICANN) Whitfield Diffie thinks that internet crime may be necessary. Diffie, who spoke at the Australian Information Security Associations National Conference 2012 in Sydney this week, is better known for his contribution to the cryptography community by devising with Martin Hellman and
---------------------------------------------
http://www.zdnet.com/dont-secure-the-internet-it-needs-crime-diffie-7000005958/


*** Palo Alto Networks GlobalProtect Man-In-The-Middle ***
---------------------------------------------
Topic: Palo Alto Networks GlobalProtect Man-In-The-Middle Risk: Low Text: SySS-Advisory: MitM-vulnerability in Palo Alto Networks GlobalProtect Prob...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/SD1xHp0GFaM/WLB-2012100155


*** RealPlayer 15.0.6.14 suffers from Arbitrary Code Execution ***
---------------------------------------------
Topic: RealPlayer 15.0.6.14 suffers from Arbitrary Code Execution Risk: High Text:Title : RealPlayer 15.0.6.14 suffers from Arbitrary Code Execution Version : 15.0.6.14 Date : 2012-10-18 Vendor : ...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/ZE9qMdPQl-Q/WLB-2012100156


*** Vuln: Computer Associates ARCserve Backup Remote Code Execution and Denial of Service Vulnerabilities ***
---------------------------------------------
Computer Associates ARCserve Backup Remote Code Execution and Denial of Service Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/bid/56116