[CERT-daily] Tageszusammenfassung - Montag 3. 9. 2012

Otmar Lendl lendl at cert.at
Mon Sep 17 15:16:33 CEST 2012


=======================
= End-of-Shift report =
=======================
Timeframe:   Freitag 31-08-2012 18:00 - Montag 03-09-2012 18:00
Handler:     Stephan Richter
Co-Handler:  Robert Waldner




*** Vuln: TYPO3 Core TYPO3-CORE-SA-2012-004 Multiple Remote Security
Vulnerabilities ***
---------------------------------------------
TYPO3 Core TYPO3-CORE-SA-2012-004 Multiple Remote Security Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/bid/55052




*** Here we go again: Critical flaw found in just-patched Java ***
---------------------------------------------
Emergency fix rushed out half-baked Security Explorations, the Polish
security startup that discovered the Java SE 7 vulnerabilities that have
been the targets of recent web-based exploits, has spotted a new flaw
that affects the patched version of Java released this Thursday.…
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/08/31/critical_flaw_found_in_patched_java/




*** Security update released for Adobe Photoshop CS6 (APSB12-20) ***
---------------------------------------------
Today, a Security Bulletin (APSB12-20) has been posted in regards to a
security update for Adobe Photoshop CS6 (13.0) for Windows and
Macintosh. Adobe recommends that users apply the update for their
product installation. This posting is provided “AS IS” with no
warranties and confers no rights.
---------------------------------------------
http://blogs.adobe.com/psirt/2012/08/security-update-released-for-adobe-photoshop-cs6-apsb12-20.html




*** Vuln: unixODBC SQLDriverConnect() FILEDSN and DRIVER Options Buffer
Overflow Vulnerabilities ***
---------------------------------------------
unixODBC SQLDriverConnect() FILEDSN and DRIVER Options Buffer Overflow
Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/bid/53712




*** Vuln: Rugged Operating System Private Key Disclosure Vulnerability ***
---------------------------------------------
Rugged Operating System Private Key Disclosure Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/55123





*** Hackerszene trojanisiert Fernwartungswerkzeug ***
---------------------------------------------
http://www.heise.de/security/meldung/Hackerszene-trojanisiert-Fernwartungswerkzeug-1697079.html/from/atom10




*** 30 new top cyber security advisors appointed to the EU Agency ENISAs
Permanent Stakeholders Group ***
---------------------------------------------
"A new composition of 30 top IT-security experts have started their term
of office as members of ENISAs Permanent Stakeholders Group (PSG). The
PSG will give top IT security advice to the EUs cyber security Agency
ENISA, the European Network and Information Security Agency. The PSG is
a group of leading IT-security experts that gives advice to the Agencys
Executive Director in, for example, drawing up a proposal for the
Agencys annual Work Programme...."
---------------------------------------------
http://www.cisionwire.com/enisa---european-network-and-information-security-agency/r/30-new-top-cyber-security-advisors-appointed-to-the-eu-agency-enisa-s-permanent-stakeholders--group,c9299253




*** [webapps] - SugarCRM Community Edition 6.5.2 (Build 8410) Multiple
Vulnerabilities ***
---------------------------------------------
SugarCRM Community Edition 6.5.2 (Build 8410) Multiple Vulnerabilities
---------------------------------------------
http://www.exploit-db.com/exploits/20981




*** American Express doesnt take security seriously ***
---------------------------------------------
"We've already established that when it comes to security, passwords
alone are not a very good choice. Sure, they're better than nothing, but
with most people picking insecure passwords and companies saving them in
unencrypted formats, there are better solutions out there. American
Express takes insecure passwords and makes them even more insecure...."
---------------------------------------------
http://www.neowin.net/news/american-express-doesnt-take-security-seriously?





*** ICS-CERT - New JSAR, Advisory and Updated Alert ***
---------------------------------------------
"Still getting caught up after Isaac; while ICS-CERT hasnt been real
busy they havent waited for me either. So here is a quick look at a new
Joint Security Awareness Report (JSAR), a new privilege escalation
advisory and an update on a Siemens related alert. ICS-CERT and US-CERT
published a JSAR on Wednesday for the information-stealing malware W32...."
---------------------------------------------
http://chemical-facility-security-news.blogspot.nl/2012/09/ics-cert-new-jsar-advisory-and-updated.html





*** Russia unveils own Android-like, hack-proof mobile operating system ***
---------------------------------------------
"It seems that Russias defence ministry has little faith in Googles
operating systems: it has just unveiled its own encrypted version that
has the remarkably familiar feel of an Android. Russias very first smart
prototype was presented on the sidelines of a Berlin electronics show
this week to deputy prime minister Dmitry Rogozin -- an avowed
nationalist who oversees the militarys technological innovation. A
slimmed down version of the operating system in computer tablet form is
actually
---------------------------------------------
http://timesofindia.indiatimes.com/tech/news/software-services/Russia-unveils-own-Android-like-hack-proof-mobile-operating-system/articleshow/16120410.cms




*** [papers] - Shellcoding in Linux ***
---------------------------------------------
Shellcoding in Linux
---------------------------------------------
http://www.exploit-db.com/download_pdf/21013





*** Hit by dubious claims, RBI junks ATM cash retraction ***
---------------------------------------------
"The banks have done away with the cash retraction system in ATMs. The
system, which enabled the machine to take back the currency if it is not
removed within a certain time, was withdrawn last week after the Reserve
Bank of India (RBI) agreed to National Payments Corporation of Indias
proposal for removing the feature from all ATMs to deal with the
increasing number of fraudulent claims about non-receipt of cash. Banks
have posted messages on their websites that the system has been
---------------------------------------------
http://economictimes.indiatimes.com/news/news-by-industry/banking/finance/banking/hit-by-dubious-claims-rbi-junks-atm-cash-retraction/articleshow/16166855.cms




*** VMware sichert Serverprodukte ab ***
---------------------------------------------
http://www.heise.de/security/meldung/VMware-sichert-Serverprodukte-ab-1697996.html/from/atom10





More information about the Daily mailing list