[CERT-daily] Tageszusammenfassung - Dienstag 12-02-2013

Daily end-of-shift report team at cert.at
Tue Feb 12 18:03:05 CET 2013


=======================
= End-of-Shift report =
=======================
Timeframe:   Montag 11-02-2013 18:00 − Dienstag 12-02-2013 18:00
Handler:     Robert Waldner
Co-Handler:  Matthias Fraidl

*** Microsoft Report Examines Socio-Economic Relationships to Malware Infections ***
---------------------------------------------
"Tired of all those malware and vulnerability reports that count how many of each have been reported to security companies? Well, Microsoft has taken a different tack in its latest Security Intelligence Report (SIR) by globally comparing regions relative security against socio-economic factors including the maturity of a national or regional cybersecurity policy. The results arent so surprising; areas such as Europe with well-defined, long-standing and enforceable policies rate much better
---------------------------------------------
http://threatpost.com/en_us/blogs/microsoft-report-examines-socio-economic-relationships-malware-infections-020813




*** Bugtraq: Atmel "secure" crypto co-processor series microprocessors (AT91SAM7XC) leaking keys, plus bonus DESFire hack ***
---------------------------------------------
Atmel "secure" crypto co-processor series microprocessors (AT91SAM7XC) leaking keys, plus bonus DESFire hack
---------------------------------------------
http://www.securityfocus.com/archive/1/525643




*** Feds Offer $20M For Critical Open Source Energy Network Cybersecurity Tools ***
---------------------------------------------
coondoggie writes "The US Department of Energy today said it would spend $20 million on the development of advanced cybersecurity tools to help protect the nations vulnerable energy supply. The DOE technologies developed under this program should be interoperable, scalable, cost-effective advanced tools that do not impede critical energy delivery functions, that are innovative and can easily be commercialized or made available through open source for no cost."    Read more of this
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/9TMHc5f0eM4/story01.htm




*** Dorkbot worm lurks on Skype and MSN Messenger again ***
---------------------------------------------
"The Dorkbot/Rodpicom worm, which spreads via messaging applications and leads to additional malware infections, is currently doing rounds on Skype and MSN Messenger, warns Fortinet. The vicious circle starts with potential victims receiving a direct message from a contact, asking "LOL is this your new profile pic? http://goo...."
---------------------------------------------
http://www.net-security.org/malware_news.php?id=2408




*** Brother HL5370 Command Execution & Password Guessing ***
---------------------------------------------
Topic: Brother HL5370 Command Execution & Password Guessing Risk: High Text:Tested on Brother HL5370 latest firmware so far, confirmed working against many others by Brother documentation >From Brothe...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/x_kg5EVaYGc/WLB-2013020078




*** Huawei Mobile Partner Poor Permissions ***
---------------------------------------------
Topic: Huawei Mobile Partner Poor Permissions Risk: High Text:1. DESCRIPTION Huawei Mobile Partner application contains a flaw that may allow an attacker to gain access to unauthorized ...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/LXaaPcg1qMI/WLB-2013020076




*** Windows Manage Persistent Payload Installer ***
---------------------------------------------
Topic: Windows Manage Persistent Payload Installer Risk: Low Text:## # ## This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Ple...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/vb4FCkPCJRg/WLB-2013020075




*** Wordpress newscast Theme SQL Injection ***
---------------------------------------------
Topic: Wordpress newscast Theme SQL Injection Risk: Medium Text: # # Exploit Title: wordpress newscast Theme SQL Injection # Google Dork: inurl:/wp-content/themes/newscast & inurl:"s...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/Stvaf5d_Ze4/WLB-2013020079




*** Wordpress image news slider v3 Plugin SQL Injection ***
---------------------------------------------
Topic: Wordpress image news slider v3 Plugin SQL Injection Risk: Medium Text: # # Exploit Title: wordpress image news slider v3 Plugin SQL Injection # Google Dork: inurl:/wp-content/plugins/wp-...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/KzGKRl1pfrw/WLB-2013020082




*** cURL auf Abwegen ***
---------------------------------------------
Ein Server kann cURL über Umwege dazu bringen, beim Abruf einer Webseite beliebigen Code auf dem System auszuführen.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/287bfbd2/l/0L0Sheise0Bde0Csecurity0Cmeldung0CcURL0Eauf0EAbwegen0E180A0A4330Bhtml0Cfrom0Crss0A9/story01.htm




*** Microsoft will am Februar-Patchday 57 Lücken schließen ***
---------------------------------------------
Der nächste Patchday bringt zwölf Bulletins, von denen fünf kritische Lücken schließen. Abgesichert werden unter anderem sämtliche Windows-Versionen, der Internet Explorer und Exchange.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/287bfbd1/l/0L0Sheise0Bde0Csecurity0Cmeldung0CMicrosoft0Ewill0Eam0EFebruar0EPatchday0E570ELuecken0Eschliessen0E180A0A760A0Bhtml0Cfrom0Crss0A9/story01.htm






More information about the Daily mailing list