[CERT-daily] Tageszusammenfassung - Mittwoch 13-02-2013

Daily end-of-shift report team at cert.at
Wed Feb 13 18:01:07 CET 2013


=======================
= End-of-Shift report =
=======================
Timeframe:   Dienstag 12-02-2013 18:00 − Mittwoch 13-02-2013 18:00
Handler:     Robert Waldner
Co-Handler:  Matthias Fraidl

*** Data protection practices in EU and Asia ***
---------------------------------------------
"Research undertaken by Field Fisher Waterhouse into the existing legal framework mandating encryption of personal data in the EU and Asia. The study details legal requirements in the EU and Asia and reveals a trajectory of data protection regulation towards encryption as a compliance imperative. The litany of highly visible data breach incidents in 2012, further compounded by the steep penalties being delivered by data protection watchdogs, means that the pressure to protect the integrity
---------------------------------------------
http://www.net-security.org/secworld.php?id=14395




*** Neues Sicherheits-Update für Ruby on Rails ***
---------------------------------------------
Mit den Rails-Versionen 3.2.12 und 3.1.11 und 2.3.17 werden kritische Sicherheitslücken geschlossen. Zusätzlich sollen Nutzer das Gem für JSON auf die neuste Version aktualisieren.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/287dc9e1/l/0L0Sheise0Bde0Csecurity0Cmeldung0CNeues0ESicherheits0EUpdate0Efuer0ERuby0Eon0ERails0E180A25570Bhtml0Cfrom0Crss0A9/story01.htm




*** Summary for February 2013 - Version: 1.1 ***
---------------------------------------------
This bulletin summary lists security bulletins released for February 2013.

With the release of the security bulletins for February 2013, this bulletin summary replaces the bulletin advance notification originally issued February 7, 2013.
---------------------------------------------
http://technet.microsoft.com/en-us/security/bulletin/ms13-feb




*** RADIUS Authentication Bypass ***
---------------------------------------------
Please give us your feedback on Cisco Security Intelligence Operations. Thanks! Remote Authentication Dial In User Service (RADIUS) authentication on adevice that is running certain versions of Cisco Internetworking OperatingSystem (IOS) and configured with a fallback method to none canbe bypassed.Systems that are configured for other authentication methods or thatare not configured with a fallback method tonone are not affected.Only the systems that are running certain versions of Cisco IOS
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20050629-aaa?vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=RADIUS Authentication Bypass&vs_k=1




*** How Lockheed Martins Kill Chain Stopped SecurID Attack ***
---------------------------------------------
"A few months after RSA had rocked the security world with news that it had been breached and its SecurID database exposed in a sophisticated attack, defense contractor Lockheed Martin discovered an intruder in its network using legitimate credentials."We almost missed it," says Steve Adegbite, director of cybersecurity for Lockheed Martin, of the intrusion sometime around May or early June 2011. "We thought at first it was a new person in the department ... but then it
---------------------------------------------
http://www.darkreading.com/authentication/167901072/security/attacks-breaches/240148399/how-lockheed-martin-s-kill-chain-stopped-securid-attack.html




*** SonicWALL Scrutinizer 9.5.2 SQL Injection ***
---------------------------------------------
Topic: SonicWALL Scrutinizer 9.5.2 SQL Injection Risk: Medium Text:Title: Sonicwall Scrutinizer v9.5.2 - SQL Injection Vulnerability Date: == 2013-02-13 References: == htt...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/2p4Vvj_j1ng/WLB-2013020093




*** Vuln: EMC NetWorker nsrindexd RPC Service Buffer Overflow Vulnerability ***
---------------------------------------------
EMC NetWorker nsrindexd RPC Service Buffer Overflow Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/57182




*** Zero-Day-Lücke im Adobe Reader ***
---------------------------------------------
Sicherheitsforscher haben ein speziell präpariertes PDF-Dokument entdeckt, das offenbar eine bislang unbekannte Schwachstelle im Reader ausnutzt.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/288471e5/l/0L0Sheise0Bde0Csecurity0Cmeldung0CZero0EDay0ELuecke0Eim0EAdobe0EReader0E180A29120Bhtml0Cfrom0Crss0A9/story01.htm




*** OpenEMR 4.1.1 (ofc_upload_image.php) Arbitrary File Upload Vulnerability ***
---------------------------------------------
Topic: OpenEMR 4.1.1 (ofc_upload_image.php) Arbitrary File Upload Vulnerability Risk: High Text:
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/Q1XBAdgibv4/WLB-2013020094






More information about the Daily mailing list