[CERT-daily] Tageszusammenfassung - Freitag 28-09-2012

Fri Sep 28 18:15:32 CEST 2012

=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 27-09-2012 18:00 − Freitag 28-09-2012 18:00
Handler:     Stephan Richter


*** ISC Feature of the Week: Glossary, (Thu, Sep 27th) ***
---------------------------------------------
Overview Our feature today is a page we just launched, the Glossary:Terms and Definitions page at https://isc.sans.edu/glossary.html! This page allows for browsing and list filtering of Computer and Security-related terms and definitions. There is also an API at https://isc.sans.edu/api/#glossary which Ill also detail below. We will soon be adding a Suggest a New Term or Definition form where you can contribute your thoughts to the list.
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=14188&rss


*** Vuln: CoSoSys Endpoint Protector CVE-2012-2994 Predictable Password Generation Vulnerability ***
---------------------------------------------
CoSoSys Endpoint Protector CVE-2012-2994 Predictable Password Generation Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/55570


*** Updated IEEE Statement on Security Incident ***
---------------------------------------------
"We deeply regret the exposure of user IDs and passwords that we became aware of on 24 September 2012. We would like to take this opportunity to explain to our members and customers the circumstances under which the exposure occurred and provide assurances with respect to IEEEs security processes and policies. IEEE follows security best practices based on ISO and NIST standards...."
---------------------------------------------
http://www.ieee.org/about/news/2012/27september_2012.html


*** Adobe scrambles to revoke stolen cert ***
---------------------------------------------
Malware signed as Adobe software Adobe has revealed an attack that compromised some of its software development servers, resulting in its code signing certificate being used to disguise malware as Adobe software.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/09/27/adobe_cert_revoked/


*** Cisco beseitigt angebliche DoS-Lücken ***
---------------------------------------------
Acht Sicherheitslücken in Ciscos Router-Betriebssystem Cisco IOS beseitigt der Hersteller mit Updates, die zum fälligen halbjährlichen Patchday veröffentlicht wurden. Eine im Session Initiation Protocol (SIP) betrifft auch den Cisco Unified Communications Manager. Alle Lücken erlauben es nach Ciscos Einschätzung maximal, den betroffenen Dienst lahm zu legen.
---------------------------------------------
http://www.heise.de/security/meldung/Cisco-beseitigt-angebliche-DoS-Luecken-1719247.html/from/atom10


*** Fast alle Hersteller von Steuercode-Problem in Android betroffen ***
---------------------------------------------
Von der anfänglich Samsung zugeschriebenen Android-Steuercode-Schwachstelle sind anscheinend potenziell die meisten Smartphones und UMTS-Tablets betroffen, auf denen Ice Cream Sandwich (Version 4.0.x) oder eine ältere Android-Version läuft. Google hat den Code im Wählprogramm im Juli mit Version 4.1.1 aktualisiert, damit Steuercodes nicht mehr automatisch ausgeführt werden.
---------------------------------------------
http://www.heise.de/security/meldung/Fast-alle-Hersteller-von-Steuercode-Problem-in-Android-betroffen-1719965.html/from/atom10