[CERT-daily] Tageszusammenfassung - Donnerstag 3-10-2013

Thu Oct 3 18:04:31 CEST 2013

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 02-10-2013 18:00 − Donnerstag 03-10-2013 18:00
Handler:     Robert Waldner
Co-Handler:  n/a

*** Cisco IOS XR Software Memory Exhaustion Vulnerability ***
---------------------------------------------
Cisco IOS XR Software Memory Exhaustion Vulnerability
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131002-iosxr


*** IBM WebSphere MQ Security Vulnerability: Multiple security vulnerabilities in IEHS ***
---------------------------------------------
Multiple security vulnerabilities exist in the IBM Eclipse Help System which is used to provide the product Information Centers for IBM WebSphere MQ and IBM WebSphere MQ File Transfer Edition. Debug Information displayed in browser (CVE-2013-0599) - XSS Alert vulnerability (CVE-2013-0464) - Application source code can be downloaded (CVE-2013-0467)
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_websphere_mq_security_vulnerability_multiple_security_vulnerabilities_in_iehs?lang=en_us


*** Evince PDF Reader - 2.32.0.145 (Windows) and 3.4.0 (Linux) - Denial Of Service ***
---------------------------------------------
Evince PDF Reader - 2.32.0.145 (Windows) and 3.4.0 (Linux) - Denial Of Service
---------------------------------------------
http://www.exploit-db.com/exploits/28679


*** IBM SPSS Collaboration and Deployment Services Unspecified Flaws Let Remote Users Execute Arbitrary Code ***
---------------------------------------------
IBM SPSS Collaboration and Deployment Services Unspecified Flaws Let Remote Users Execute Arbitrary Code
---------------------------------------------
http://www.securitytracker.com/id/1029117


*** SIEMENS Solid Edge ST4 SEListCtrlX ActiveX Remote Code Execution ***
---------------------------------------------
SIEMENS Solid Edge ST4 SEListCtrlX ActiveX Remote Code Execution
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013100017


*** Bugtraq: RootedCON 2014 - Call For Papers ***
---------------------------------------------
RootedCON 2014 - Call For Papers
---------------------------------------------
http://www.securityfocus.com/archive/1/528963


*** Denial of service vulnerability in Citrix NetScaler ***
---------------------------------------------
A Citrix NetScaler component is affected by a denial of service vulnerability. Attackers can keep the appliance in a constant reboot loop resulting in total loss of availability.
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20131003-Citrix_NetScaler_nsconfigd_Denial_of_service_wo_poc_v10.txt


*** Tor and the Silk Road takedown ***
---------------------------------------------
Weve had several requests by the press and others to talk about the Silk Road situation today. We only know whats going on by reading the same news sources everyone else is reading. In this case weve been watching carefully to try to learn if there are any flaws with Tor that we need to correct. So far, nothing about this case makes us think that there are new ways to compromise Tor (the software or the network).
---------------------------------------------
https://blog.torproject.org/blog/tor-and-silk-road-takedown


*** Survey Finds Manufacturers Afflicted with a False Sense of Cyber Security ***
---------------------------------------------
Though manufacturers think they're doing a better job safeguarding data, cybersecurity breaches are increasing. So says a PricewaterhouseCoopers (PwC) study, which finds that "while organizations have made significant security improvements, they have not kept pace with today's determined adversaries."
---------------------------------------------
http://news.thomasnet.com/IMT/2013/10/02/survey-finds-manufacturers-afflicted-with-a-false-sense-of-cyber-security/


*** The Top 20 Free Network Monitoring and Analysis Tools for Sys Admins ***
---------------------------------------------
 here are 20 of the best free tools for monitoring devices, services, ports or protocols and analysing traffic on your network. Even if you may have heard of some of these tools before, we're sure you'll find a gem or two amongst this list ...
---------------------------------------------
http://www.gfi.com/blog/the-top-20-free-network-monitoring-and-analysis-tools-for-sys-admins/


*** 18 Free Security Tools for SysAdmins ***
---------------------------------------------
Here are 18 of the best free security tools for password recovery, password management, penetration testing, vulnerability scanning, steganography and secure data wiping. ... Even if you may have heard of some of these tools before, I'm confident that you'll find a gem or two amongst this list.
---------------------------------------------
http://www.gfi.com/blog/18-free-security-tools-for-sysadmins/


*** Could the EU cyber security directive cost companies billions? ***
---------------------------------------------
Many of the world's largest enterprises are not prepared for the new European Union Directive on cyber security, which states that organizations that do not have suitable IT security in place to protect their digital assets will face extremely heavy fiscal penalties. The directive, which was adopted in July this year, will require that organizations circulate early warnings of cyber risks and incidents, and that actual security incidents are reported to cyber security authorities.
---------------------------------------------
http://www.net-security.org/secworld.php?id=15694


*** On Anonymous ***
---------------------------------------------
Gabriella Coleman has published an interesting analysis of the hacker group Anonymous: Abstract: Since 2010, digital direct action, including leaks, hacking and mass protest, has become a regular feature of political life on the Internet. The source, strengths and weakness of this activity are considered in this paper through an in-depth analysis of Anonymous, the protest ensemble that has been...
---------------------------------------------
https://www.schneier.com/blog/archives/2013/10/on_anonymous.html


*** RuggedCom Rugged Operating System Alarms Configuration Security Bypass Security Issue ***
---------------------------------------------
RuggedCom Rugged Operating System Alarms Configuration Security Bypass Security Issue
---------------------------------------------
https://secunia.com/advisories/55153


*** Ryan Naraine on Virus Bulletin 2013, Zero Days and Cyberwarfare ***
---------------------------------------------
Dennis Fisher talks with Ryan Naraine about the news from the Virus Bulletin 2013 conference, whether the use of zero days is overrated and the collateral damage that can result from cyberwarfare attacks.
---------------------------------------------
http://threatpost.com/ryan-naraine-on-virus-bulletin-2013-zero-days-and-cyberwarfare/102510