[CERT-daily] Tageszusammenfassung - Mittwoch 22-05-2013

Wed May 22 18:08:49 CEST 2013

=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 21-05-2013 18:00 − Mittwoch 22-05-2013 18:00
Handler:     Stephan Richter
Co-Handler:  Robert Waldner


*** Researchers find critical vulnerabilities in popular game engines ***
---------------------------------------------
Attackers could exploit the flaws to compromise game clients and servers, researchers from ReVuln said
---------------------------------------------
http://www.csoonline.com/article/733773/researchers-find-critical-vulnerabilities-in-popular-game-engines?source=rss_application_security


*** WordPress Events Manager Plugin Multiple Cross-Site Scripting Vulnerabilities ***
---------------------------------------------
Multiple vulnerabilities have been discovered in the Events Manager plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.
---------------------------------------------
https://secunia.com/advisories/53478


*** Bugtraq: Multiple Vulnerabilities in Wordpress Plugins ***
---------------------------------------------
[waraxe-2013-SA#104] - Multiple Vulnerabilities in Spider Event Calendar Wordpress Plugin
[waraxe-2013-SA#105] - Multiple Vulnerabilities in Spider Catalog Wordpress Plugin
---------------------------------------------
http://www.securityfocus.com/archive/1/526660
http://www.securityfocus.com/archive/1/526661


*** The Top 10 Internet Resources to Use After Suffering a Cyber Breach ***
---------------------------------------------
Most cyber breaches into your online presence will be directed at your website server and its accompanying databases or accounts. And, if you’ve been the victim of a server hack, it probably occurred through one of two different means. The first would be an attack at some sort of weakness in third party web applications, or...
---------------------------------------------
http://resources.infosecinstitute.com/the-top-10-internet-resources-to-use-after-suffering-a-cyber-breach/


*** Oracle Solaris Multiple Vulnerabilities ***
---------------------------------------------
https://secunia.com/advisories/53462
https://secunia.com/advisories/53468


*** Bugtraq: Trend Micro DirectPass 1.5.0.1060 - Multiple Vulnerabilities ***
---------------------------------------------
The Vulnerability Laboratory Research Team discovered multiple software vulnerabilities in the official Trend Micro DirectPass v1.5.0.1060 Software.
---------------------------------------------
http://www.securityfocus.com/archive/1/526658


*** Apache Struts "ParameterInterceptor" Security Bypass Vulnerability ***
---------------------------------------------
A vulnerability has been reported in Apache Struts, which can be exploited by malicious people to bypass certain security restrictions.
---------------------------------------------
https://secunia.com/advisories/53495


*** IBM Eclipse Help System information disclosure ***
---------------------------------------------
Multiple IBM products could allow a remote attacker to obtain sensitive information, caused by an error in the IBM Eclipse Help System. A specially-crafted URL could cause an error message to be returned in the browser that may contain sensitive information.
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/83613


*** DHS to Share Zero-Day Intelligence ***
---------------------------------------------
The U.S. Department of Homeland Security (DHS) is developing a system that will enable classified vulnerability data to be shared with the private sector. The information, primarily Zero-Day vulnerability data, will be sold via a select group of service providers.

Siehe auch: http://www.dhs.gov/enhanced-cybersecurity-services
Siehe auch: http://www.csoonline.com/article/733557/experts-ding-dhs-vulnerability-sharing-plan-as-too-limited
---------------------------------------------
http://www.securityweek.com/dhs-share-zero-day-intelligence