[CERT-daily] Tageszusammenfassung - Dienstag 5-02-2013

Daily end-of-shift report team at cert.at
Tue Feb 5 18:04:54 CET 2013 

=======================
= End-of-Shift report =
=======================
Timeframe:   Montag 04-02-2013 18:00 − Dienstag 05-02-2013 18:00
Handler:     Stephan Richter
Co-Handler:  Robert Waldner

*** Unlucky for you: UK crypto-duo crack HTTPS in Lucky 13 attack ***
---------------------------------------------
OpenSSL patch to protect against TLS decryption boffinry Two scientists say they have identified a new weakness in TLS, the encryption system used to safeguard online shopping, banking and privacy. The design flaw, revealed today, could be exploited to snoop on passwords and other sensitive information sent by users to HTTPS websites.…
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/02/04/unlucky_13_crypto_attack/




*** Bugtraq: ESA-2013-002: RSA Archer® GRC Multiple Vulnerabilities ***
---------------------------------------------
ESA-2013-002: RSA Archer® GRC Multiple Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/archive/1/525541




*** Nagios XI 2012R1.5b XSS & Command Execution & SQL Injection & CSRF ***
---------------------------------------------
Topic: Nagios XI 2012R1.5b XSS & Command Execution & SQL Injection & CSRF Risk: Medium Text:Reflected XSS: Alert Cloud Component: Example URL: http://nagiosxiserver/nagiosxi/includes/components/alertcloud/index.php?w...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/4q2noPJRt1M/WLB-2013020023




*** [webapps] - Cisco Unity Express Multiple Vulnerabilities ***
---------------------------------------------
Cisco Unity Express Multiple Vulnerabilities
---------------------------------------------
http://www.exploit-db.com/exploits/24449




*** Vuln: Oracle E-Business Suite CVE-2013-0390 Remote Security Vulnerability ***
---------------------------------------------
Oracle E-Business Suite CVE-2013-0390 Remote Security Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/57419




*** Bugtraq: APPLE-SA-2013-02-04-1 OS X Server v2.2.1 ***
---------------------------------------------
APPLE-SA-2013-02-04-1 OS X Server v2.2.1
---------------------------------------------
http://www.securityfocus.com/archive/1/525572




*** Crooks, think your Trojan looks legit? This one has a DIGITAL CERTIFICATE ***
---------------------------------------------
CA defends issuing digital seal to Brazilian swindlers Security researchers have discovered a banking Trojan that comes with its own built-in digital certificate.…
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/02/05/digitally_signed_banking_trojan/

More information about the Daily mailing list