[CERT-daily] Tageszusammenfassung - Dienstag 10-02-2015
Daily end-of-shift report
team at cert.at
Tue Feb 10 18:14:12 CET 2015
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 09-02-2015 18:00 − Dienstag 10-02-2015 18:00
Handler: Robert Waldner
Co-Handler: Alexander Riepl
*** Safer Internet Day: BSI-Poster für mehr Sicherheit im Netz ***
---------------------------------------------
Mit 40 "leicht umsetzbaren" Tipps sollen Internetnutzer die allermeisten Standardangriffe im Internet abwehren können, meint das Bundesamt für Sicherheit in der Informationstechnik. Deswegen hat es die auf Postern zusammengefasst und online gestellt.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Safer-Internet-Day-BSI-Poster-fuer-mehr-Sicherheit-im-Netz-2544800.html
*** European Cyber Security Month reporting to the benefit of EU citizen ***
---------------------------------------------
ENISA publishes a report on the deployment of the European Cyber Security Month. The objective of this report is to:
* Present its preparatory work
* Carry out an objective evaluation
* Draw conclusions that can be used in future editions of the ECSM
---------------------------------------------
http://www.enisa.europa.eu/media/news-items/european-cyber-security-month-reporting-to-the-benefit-of-eu-citizen
*** TR-32 - key-value store and NoSQL security recommendations ***
---------------------------------------------
Key-value stores, caches or NoSQL databases became an important piece of software in today's internet and web services. In contrast to conventional DB sytems, the security model of NoSQL data stores is often very limited due to their inherent nature to be used within internal trusted networks. Strong attention should be given to the configuration of key-value stores especially regarding their access from the Internet.
---------------------------------------------
http://www.circl.lu/pub/tr-32/
*** PlugX, Go-To Malware for Targeted Attacks, More Prominent Than Ever ***
---------------------------------------------
The popular remote access tool PlugX enjoyed an ascent in popularity in 2014 and is now a go-to malware for attack groups.
---------------------------------------------
http://threatpost.com/plugx-go-to-malware-for-targeted-attacks-more-prominent-than-ever/110936
*** Cisco Security Advisories ***
---------------------------------------------
Cisco Prime Infrastructure Cross-Site Scripting Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2153
---------------------------------------------
Cisco Prime Infrastructure Cross-Site Request Forgery Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2152
---------------------------------------------
Cisco IOS Software Zone-Based Firewall Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0593
---------------------------------------------
Cisco IOS Software Kernel Timer Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0592
---------------------------------------------
Cisco Prime Security Manager Cross-Site Scripting Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3365
---------------------------------------------
Cisco Prime Infrastructure Cross-Frame Scripting Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2147
---------------------------------------------
Cisco IOS Shell Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0606
More information about the Daily
mailing list