[CERT-daily] Tageszusammenfassung - Donnerstag 6-09-2012

Mon Sep 17 15:19:52 CEST 2012

=======================
= End-of-Shift report =
=======================
Timeframe:   Mittwoch 05-09-2012 18:00 - Donnerstag 06-09-2012 18:00
Handler:     Stephan Richter
Co-Handler:  Robert Waldner


*** Umfrage: Viele Sysadmins beschäftigen sich nicht mit
IT-Sicherheitsmanagement ***
---------------------------------------------
Rund 1500 Administratoren haben zum Tag des Systemadministrators unter Love
Your Admin eine Umfrage der Firma Synetics ausgefüllt, die sich auf
Software zur Dokumentation von Administrationsaufgaben spezialisiert hat.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Umfrage-Viele-Sysadmins-beschaeftigen-sich-nicht-mit-IT-Sicherheitsmanagement-1701202.html/from/atom10


*** Watch this - the funniest spam video youll ever see [VIDEO] ***
---------------------------------------------
"We all want our friends and family to learn more about how better to
secure their computers. But the eternal challenge is how can we make the
advice interesting and engaging for a non-techie audience, and not make the
mistake of endlessly droning on using buzzwords they are unlikely to
understand. The video below about spam - made by the folks at "Glove and
Boots" - manages to make what could be a tremendously dry topic, funny and
informative instead...."
---------------------------------------------
http://nakedsecurity.sophos.com/2012/09/05/funniest-spam-video/


*** Bugtraq: Cross-Site Scripting (XSS) in Kayako Fusion ***
---------------------------------------------
Cross-Site Scripting (XSS) in Kayako Fusion
---------------------------------------------
http://www.securityfocus.com/archive/1/524108


*** Vuln: CoDeSys Access Security Bypass Vulnerability ***
---------------------------------------------
CoDeSys Access Security Bypass Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/52942


*** Vuln: WAGO IPC 758-870 Hardcoded Password Security Bypass Vulnerability ***
---------------------------------------------
WAGO IPC 758-870 Hardcoded Password Security Bypass Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/52940


*** Bugtraq: APPLE-SA-2012-09-05-1 Java for OS X 2012-005 and Java for Mac
OS X 10.6 Update 10 ***
---------------------------------------------
APPLE-SA-2012-09-05-1 Java for OS X 2012-005 and Java for Mac OS X 10.6
Update 10
---------------------------------------------
http://www.securityfocus.com/archive/1/524112


*** Online bank punters tricked into approving theft of their OWN CASH ***
---------------------------------------------
Man-in-browser Trojan attack discovered Security researchers have
discovered a malware-based attack against the chipTAN system used by bank
customers in Germany to authorise transactions online.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/09/06/german_chiptan_bank_attack/


*** Vuln: HP SiteScope UploadFilesHandler Directory Traversal Vulnerability ***
---------------------------------------------
HP SiteScope UploadFilesHandler Directory Traversal Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/55273


*** Vuln: HP SiteScope Multiple Security Bypass Vulnerabilities ***
---------------------------------------------
HP SiteScope Multiple Security Bypass Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/bid/55269


*** Java 7 Attack Vectors, Oh My! ***
---------------------------------------------
"While researching how to successfully mitigate the recent Java 7
vulnerability (VU#636312, CVE-2012-4681), we (and by "we" I mean "Will
Dormann") found quite a mess. In the midst of discussion about exploit
activity and the out-of-cycle update from Oracle, Id like to call attention
to a couple other important points. First, theres the question of the
defensive value of the Java 7u7 update (and patching in general)...."
---------------------------------------------
http://www.cert.org/blogs/certcc/2012/09/java_7_attack_vectors_oh_my.html