[CERT-daily] Tageszusammenfassung - Mittwoch 19-09-2012
Daily end-of-shift report
team at cert.at
Wed Sep 19 18:10:13 CEST 2012
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 18-09-2012 18:00 − Mittwoch 19-09-2012 18:00
Handler: Stephan Richter
Co-Handler: Otmar Lendl
*** Bugtraq: NGS00268 Patch Notification: Symantec Messaging Gateway Out-of-band stored XSS - delivered by email ***
---------------------------------------------
*** Bugtraq: NGS00267 Patch Notification: Symantec Messaging Gateway SSH with backdoor user account ***
---------------------------------------------
*** Bugtraq: NGS00265 Patch Notification: Symantec Messaging Gateway - Unauthenticated detailed version disclosure ***
---------------------------------------------
*** Bugtraq: NGS00263 Patch Notification: Symantec Messaging Gateway - Easy CSRF to add a backdoor-administrator ***
---------------------------------------------
http://www.securityfocus.com/archive/1/524191
http://www.securityfocus.com/archive/1/524190
http://www.securityfocus.com/archive/1/524193
http://www.securityfocus.com/archive/1/524192
*** Microsoft will kritische IE-Lücke behelfsmäßig schließen ***
---------------------------------------------
Microsoft will im Laufe der nächsten Tage ein Fix-it-Tool anbieten, das die kritische Internet-Explorer-Lücke behelfsmäßig abdichten soll, bis ein passender Patch bereitsteht. Dies gab das Unternehmen in seinem Sicherheitsblog bekannt.
---------------------------------------------
http://www.heise.de/security/meldung/Microsoft-will-kritische-IE-Luecke-behelfsmaessig-schliessen-1710927.html/from/atom10
*** Tagungsband zur Fachkonferenz D.A.CH Security 2012 ***
---------------------------------------------
Auf der zweitägigen Arbeitskonferenz D.A.CH Security 2012 soll in zahlreichen Vorträgen ein umfassendes Bild des aktuellen Stands rund um IT-Sicherheit gezeichnet werden. Die Referentenbeiträge sind in einem Begleitband zur Tagung zusammengefasst.
---------------------------------------------
http://www.heise.de/security/meldung/Tagungsband-zur-Fachkonferenz-D-A-CH-Security-2012-1711040.html/from/atom10
*** Pushdo botnets smokescreen traffic hits legitimate websites ***
---------------------------------------------
Aargh, capn, the server be like to founder Cybercrooks behind the resilient Pushdo botnet are bombarding legitimate small websites with bogus traffic in order to camouflage requests to the zombie networks command and control servers.…
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/09/19/pushdo_spews_fake_traffic/
*** FreeSWITCH remote denial of service vulnerability ***
---------------------------------------------
Topic: FreeSWITCH remote denial of service vulnerability Risk: Medium Text:"FreeSWITCH is a scalable open source cross-platform telephony platform designed to route and interconnect popular communicati...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/LWCK4QkOGzg/WLB-2012090187
*** [webapps] - Spiceworks 6.0.00993 Multiple Script Injection Vulnerabilities ***
---------------------------------------------
Spiceworks 6.0.00993 Multiple Script Injection Vulnerabilities
---------------------------------------------
http://www.exploit-db.com/exploits/21392
*** New vicious UEFI bootkit vuln found for Windows 8 ***
---------------------------------------------
Arr, tis typical: Redmond swabs lag behind OS X, again Security researchers have discovered security shortcomings in Windows 8 that create a means to infect the upcoming operating system with rootkit-style malware.…
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/09/19/win8_rootkit/
More information about the Daily
mailing list