[CERT-daily] Tageszusammenfassung - Freitag 15-02-2013

Daily end-of-shift report team at cert.at
Fri Feb 15 18:02:16 CET 2013


=======================
= End-of-Shift report =
=======================
Timeframe:   Donnerstag 14-02-2013 18:00 − Freitag 15-02-2013 18:00
Handler:     Matthias Fraidl
Co-Handler:  Robert Waldner

*** CFP: 8th International Workshop on Critical Information Infrastructures Security ***
---------------------------------------------
"(CRITIS 2013) Amsterdam, The Netherlands September 16-18, 2013Deadline for submission of papers: May 10, 2013Notification to authors: June 30, 2013Camera-ready papers: August 16, 2013The eighth CRITIS Conference on Critical Information Infrastructures Security is set to continue a tradition of presenting innovative research and exploring new challenges for the protection of critical information-based infrastructures. This conference focus is on the challenges regarding resilience of smart
---------------------------------------------
http://www.critis2013.nl/




*** Cisco Unified IP Phone Local Kernel System Call Input Validation Vulnerability ***
---------------------------------------------
Please give us your feedback on Cisco Security Intelligence Operations. Thanks! Cisco Unified IP Phones 7900 Series versions 9.3(1)SR1 and prior contain an arbitrary code execution vulnerability that could allow a local attacker to execute code or modify arbitrary memory with elevated privileges.This vulnerability is due to a failure to properly validate input passed to kernel system calls from applications running in userspace. An attacker could exploit this issue by gaining local access to
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130109-uipphone?vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=Cisco Unified IP Phone Local Kernel System Call Input Validation Vulnerability&




*** Adobe adds anti-spearphishing feature for Word embedded Flash ***
---------------------------------------------
"Scheduled update fixes 17 critical flaws in Flash, two in Shockwave and adds Click to Play auto-launch check for embedded Flash in Office documents. Hot of the heels of Adobes Flash zero-day fixes last Friday, the company has released a new update which integrates a security feature that could have helped prevent recent spearphishing attacks using embedded Flash in older versions of Microsoft Office documents. The Flash Player updates fix 17 critical vulnerabilities affecting it on
---------------------------------------------
http://www.cso.com.au/article/453621/adobe_adds_anti-spearphishing_feature_word_embedded_flash/




*** Edimax EW-7206APg & EW-7209APg Redirection / XSS / Header Injection ***
---------------------------------------------
Topic: Edimax EW-7206APg & EW-7209APg Redirection / XSS / Header Injection Risk: Low Text:Device Name: EW-7206APg / EW-7209APg Vendor: Edimax Vulnerable Firmware Releases: Device: EW-7206APg Hardw...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/hKlz2mqtt70/WLB-2013020105




*** TP-Link TL-WA701N / TL-WA701ND Directory Traversal & XSS ***
---------------------------------------------
Topic: TP-Link TL-WA701N / TL-WA701ND Directory Traversal & XSS Risk: Medium Text:Device Name: TL-WA701N / TL-WA701ND Vendor: TP-Link Vulnerable Firmware Releases: Firmware Version: 3.12.6 Bui...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/KnenNycHmss/WLB-2013020104




*** Raidsonic IB-NAS5220 / IB-NAS4220-B XSS / Authentication Bypass ***
---------------------------------------------
Topic: Raidsonic IB-NAS5220 / IB-NAS4220-B XSS / Authentication Bypass Risk: High Text:Device Name: IB-NAS5220 / IB-NAS4220-B Vendor: Raidsonic Vulnerable Firmware Releases: Product Name IB-NAS5220...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/wLNEwqEuBik/WLB-2013020107




*** Websense Security Labs Releases 2013 Threat Report ***
---------------------------------------------
"Websense Security Labs has released its 2013 Threat Report. The study details the most prevalent mobile, social, email and web-based threats from last year. As far as the web is concerned, experts say it has become significantly more malicious in 2012...."
---------------------------------------------
http://news.softpedia.com/news/Websense-Security-Labs-Releases-2013-Threat-Report-329467.shtml




*** Wachsender Markt für Zero-Day-Exploits ***
---------------------------------------------
Mit ihrer offensiven Cyberwar-Strategie fördert die US-Regierung einen globalen Markt für IT-Sicherheitslücken, beklagen Experten. Das könnte das Web noch unsicherer machen, als es heute schon ist.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Wachsender-Markt-fuer-Zero-Day-Exploits-1803225.html/from/atom10




*** Apple kündigt Fix für Passcode-Problem in iOS 6.1 und 6.1.1 an ***
---------------------------------------------
Das Unternehmen zeigt sich über den Fehler informiert, mit dem sich auf Kontakte, Fotoalbum sowie Telefonfunktion zugreifen lässt.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/28978a85/l/0L0Sheise0Bde0Csecurity0Cmeldung0CApple0Ekuendigt0EFix0Efuer0EPasscode0EProblem0Ein0EiOS0E60E10Eund0E60E10E10Ean0E180A41560Bhtml0Cfrom0Crss0A9/story01.htm




*** Mobile network infections increase by 67% ***
---------------------------------------------
"Kindsight released a new report that reveals security threats to home and mobile networks, including a small decline in home network infections and an increase in mobile network infections. Highlights include:The rate of home network infections decreased from 13 to 11 percent in Q4; 6 percent exhibited high-level threats, such as bots, rootkits and banking Trojans. The ZeroAccess botnet continued to be the most common malware threat, infecting 0...."
---------------------------------------------
http://www.net-security.org/malware_news.php?id=2415






More information about the Daily mailing list