[CERT-daily] Tageszusammenfassung - Dienstag 5-03-2013

Tue Mar 5 18:51:47 CET 2013

=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 04-03-2013 18:00 − Dienstag 05-03-2013 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** D-Link DSL-2740B (ADSL Router) Authentication Bypass ***
---------------------------------------------
Topic: D-Link DSL-2740B (ADSL Router) Authentication Bypass Risk: High Text:+ + # Exploit Title : D-Link DSL-2740B (ADSL Router) Authentication Bypass # Date : 10-02-2013 #...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/2Fn9pSNqklg/WLB-2013030027


*** Cloudflare Briefly Drops Off Internet Deflecting DDOS Attack ***
---------------------------------------------
"CloudFlares Juniper routers choked on a slight programming change designed to deflect a distributed denial-of-service attack, knocking the companys services off the Internet for about an hour early Sunday morning. The San Francisco-based company provides a service that speeds up the delivery of web pages and reduces bandwidth. It also provides a suite of security tools that helps website owners identify and filter malicious traffic...."
---------------------------------------------
http://www.cio.com/article/729658/Cloudflare_Briefly_Drops_Off_Internet_Deflecting_DDOS_Attack?taxonomyId=3089


*** Cyber Security Bulletin (SB13-063) - Vulnerability Summary for the Week of February 25, 2013 ***
---------------------------------------------
"The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability...
---------------------------------------------
http://www.us-cert.gov/ncas/bulletins/SB13-063


*** Vuln: OpenStack Keystone CVE-2013-0282 Security Bypass Vulnerability ***
---------------------------------------------
OpenStack Keystone CVE-2013-0282 Security Bypass Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/58033


*** Heads-UP - EU, US go separate ways on cybersecurity ***
---------------------------------------------
"Europe and the United States look set to implement different approaches to cybersecurity, with Washington adopting voluntary reporting mechanisms against Brussels compulsory measures. The difference approaches threaten to create problems for companies across the two major trade blocs. President Barack Obama on 12 February issued an executive order on cybersecurity that calls for voluntary sharing of information on cyberattacks between business and government...."
---------------------------------------------
http://www.euractiv.com/specialreport-cybersecurity/eu-us-set-different-approach-cyb-news-518252


*** Java trotz Notfall-Patch verwundbar ***
---------------------------------------------
Oracle hat aktualisierte Versionen von Java 5, 6 und 7 bereitgestellt. Sie schließen zwei kritische Lücken, von denen eine bereits von Cyber-Kriminellen ausgenutzt wird. Sicher ist Java allerdings trotzdem nicht.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/2936e0b6/l/0L0Sheise0Bde0Csecurity0Cmeldung0CJava0Etrotz0ENotfall0EPatch0Everwundbar0E18159920Bhtml0Cfrom0Crss0A9/story01.htm


*** Open standards are key for security in the cloud ***
---------------------------------------------
"The current divide between proprietary and open approaches to enterprise cloud computing has implications beyond the obvious. More than just issues of cloud interoperability and data portability, open standards have benefits for user identity, authentication and security intelligence that closed or proprietary clouds threaten to compromise. Our belief is that an open cloud is a more secure one and it begins with identity...."
---------------------------------------------
http://www.net-security.org/article.php?id=1812