[CERT-daily] Tageszusammenfassung - Dienstag 12-03-2013
Daily end-of-shift report
team at cert.at
Tue Mar 12 20:22:36 CET 2013
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 11-03-2013 18:00 − Dienstag 12-03-2013 18:00
Handler: Matthias Fraidl
Co-Handler: Christian Wojner
*** Improving the security for Android embedded systems ***
---------------------------------------------
"McAfee has delivered a whitelisting security solution for Android based embedded systems. McAfee Application Control for Android resides in the Android kernel, embedded in the operating system and provides protection from the installation or execution of a malicious application on an Android-based device. McAfee also provides protection at the application layer to Android devices...."
---------------------------------------------
http://www.net-security.org/secworld.php?id=14574
*** Blacklist NJABL geht außer Betrieb ***
---------------------------------------------
Die Anti-Spam-Blacklist NJABL hat ihre Datenbasis bereits ausgeblendet. Verantwortlichen von Mailservern, die sie dennoch weiterhin abfragen, droht Ungemach, sobald der Hoster auch die Namensdienst-Einträge abklemmt.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/2971dffa/l/0L0Sheise0Bde0Csecurity0Cmeldung0CBlacklist0ENJABL0Egeht0Eausser0EBetrieb0E1820A4240Bhtml0Cfrom0Crss0A9/story01.htm
*** Australien: Hackerangriffe auf die Zentralbank ***
---------------------------------------------
Australische Medien berichten von Hackerangriffen auf die Zentralbank des Landes und sprechen dabei von Spuren nach China und kompromittierten Informationen. Die Zentralbank bestätigt, dass es Cyberattacken gab, sonst nichts.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/2971ee42/l/0L0Sheise0Bde0Csecurity0Cmeldung0CAustralien0EHackerangriffe0Eauf0Edie0EZentralbank0E1820A3720Bhtml0Cfrom0Crss0A9/story01.htm
*** Google Docs CSRF & Clickjacking ***
---------------------------------------------
Topic: Google Docs CSRF & Clickjacking Risk: Medium Text:CSRF & Clickjacking : Google Document, Drawing, Forms, Spreadsheet, Presentation Attacker can create Google Document, Dra...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/K1SfuqKrTTM/WLB-2013030090
*** Vuln: Piwik Unspecified Cross Site Scripting Vulnerability ***
---------------------------------------------
Piwik Unspecified Cross Site Scripting Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/58392
*** TinyMCE XSS Vulnerability ***
---------------------------------------------
Topic: TinyMCE XSS Vulnerability Risk: Low Text:Vulnerability Report Author: Justin C. Klein Keane Date: 5 March, 2013 CVE-2012-4230 Descrip...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/vAEUomxc8S8/WLB-2013030083
*** Windows 8: Flash als Standard ***
---------------------------------------------
Der Internet Explorer unter Windows 8 und RT soll wesentlich mehr Flash-Inhalte per default zulassen. Damit rückt der Software-Hersteller noch weiter von seiner bisherigen Linie bei der Flash-Unterstützung ab.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/2977bea5/l/0L0Sheise0Bde0Csecurity0Cmeldung0CWindows0E80EFlash0Eals0EStandard0E1820A7980Bhtml0Cfrom0Crss0A9/story01.htm
*** Chess CAPTCHA - a serious defence against spammers? ***
---------------------------------------------
"CAPTCHAs - the questions that a website asks you to answer to prove if youre a human being or not - come in many shapes and forms. Although they most commonly ask you to decipher some words hidden in a distorted graphic, there are more elaborate versions which can ask you to solve some complicated mathematical calculation or ask you to add toppings to a pizza in an attempt to stop automated bots leaving spammy messages...."
---------------------------------------------
http://nakedsecurity.sophos.com/2013/03/12/chess-captcha/
*** Phishing emails sent in pairs to lend authenticity, says training company ***
---------------------------------------------
"Phishing emails are now being deployed in pairs to create the illusion of authenticity, says security awareness training firm PhishMe. Phishing emails try to trick the recipient into doing something risky by disguising malicious attachments or links in seemingly genuine content. In this new type of phishing email campaign, attackers typically send out a benign email that contains nothing harmful and does not ask for any information or response from the recipient...."
---------------------------------------------
http://www.computerweekly.com/news/2240179364/Phishing-emails-sent-in-pairs-to-lend-authenticity-says-training-company
*** Google Play: Potentially Unwanted ***
---------------------------------------------
Google Play has a problem and it isnt malware.Depending on location, Potentially Unwanted Applications (PUA) can be rather difficult to avoid.Heres a screenshot of User Reviews from a "weather widget" application:In English (both U.S. and U.K.), there are eight user reviews. Just eight. Even if you click on a link to "Read All User Reviews".But if you use the Danish UI this is one additional review youll see:And its good that Danes can see it, because the
---------------------------------------------
http://www.f-secure.com/weblog/archives/00002521.html
More information about the Daily
mailing list