[CERT-daily] Tageszusammenfassung - Mittwoch 20-02-2013

Daily end-of-shift report team at cert.at
Wed Feb 20 18:19:10 CET 2013

= End-of-Shift report =

Timeframe:   Dienstag 19-02-2013 18:00 − Mittwoch 20-02-2013 18:00
Handler:     Stephan Richter
Co-Handler:  Christian Wojner

*** Bugtraq: FreeBSD Security Advisory FreeBSD-SA-13:01.bind ***
FreeBSD Security Advisory FreeBSD-SA-13:01.bind

*** Bugtraq: FreeBSD Security Advisory FreeBSD-SA-13:02.libc ***
FreeBSD Security Advisory FreeBSD-SA-13:02.libc

*** Oracle stopft Sicherheitslecks: Updates für Java 1.4 bis 7 ***
Oracle hat erneut ein Update für die Java-Laufzeitumgebung veröffentlicht. Es schliesst fünf Sicherheitslücken, drei davon mit der höchsten Gefährdungsstufe. Auch die Schwachstelle "Lucky 13" soll beseitigt sein. Weitere Patches sollen im April folgen.

*** Apple FINALLY fills gaping Java hole that pwned its own devs ***
Zero-day vuln also downed Facebook staff and other Mac users Apple has belatedly patched a security hole in the Java engine it ships with Mac OS X - the very hole exploited by hackers to infect Apples own developers, their counterparts at Facebook and scores of other Mac-using companies.

*** CloudFlare vs Incapsula vs ModSecurity - A Comparative Penetration Testing Analysis Report ***
This document contains the results of a comparative penetration test
conducted by a team of security specialists at Zero Science Lab against
three 'leading' web application firewall solutions. Our goal was to
bypass security controls in place, in any way we can, circumventing
whatever filters they have. This report also outlines the setup and
configuration process, as well as a detailed security assessment.

More information about the Daily mailing list