End-of-Shift report
Timeframe: Montag 01-10-2012 18:00 − Dienstag 02-10-2012 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
SQL Injection bei Trend Micro Control Manager
Ein Update beseitigt eine SQL-Injection-Lücke in Trends Security-Management-Plattform.
http://www.heise.de/security/meldung/SQL-Injection-bei-Trend-Micro-Control-Manager-1721234.html/from/atom10
Cisco CallManager vulnerable to brute force attack
"Roberto Suggi Liverani, founder of the OWASP (Open Web Application Security Project) New Zealand chapter discover a vulnerability in Cisco CallManager AKA Unified Communications Manager. It is a software-based call-processing system developed by Cisco Systems. He described on his blog security review, I have found a quick way to perform PIN brute force attack against accounts registered with a Cisco Unified Communications Manager (CallManager)...."
http://thehackernews.com/2012/10/cisco-callmanager-vulnerable-to-brute.html
Expert fingers DDoS toolkit used in bank cyberattacks
"Cyberattackers who disrupted the websites of U.S. banks over the last two weeks used a highly sophisticated toolkit -- a finding that points to a well-funded operation, one security vendor said on Monday. Prolexic Technologies said the distributed denial of service (DDoS) toolkit called itsoknoproblembro was used against some of the banks which included Wells Fargo, U.S. Bank, PNC Bank, Bank of America and JPMorgan Chase. Each of the banks was struck on separate days...."
http://www.csoonline.com/article/717727/expert-fingers-ddos-toolkit-used-in-bank-cyberattacks
IBM Lotus Notes Traveler 8.5.3 XSS & CSRF & Brute Force
Topic: IBM Lotus Notes Traveler 8.5.3 XSS & CSRF & Brute Force Risk: Low Text:I want to warn you about Brute Force, Cross-Site Scripting, Cross-Site Request Forgery and Redirector vulnerabilities in IBM ...
http://feedproxy.google.com/~r/securityalert_database/~3/Gq2FiubAbh0/WLB-2012100020
Switchvox Asterisk 5.1.2 Cross Site Scripting
Topic: Switchvox Asterisk 5.1.2 Cross Site Scripting Risk: Low Text:Title: Switchvox Asterisk v5.1.2 - Multiple Web Vulnerabilities Date: == 2012-09-10 References: == http...
http://feedproxy.google.com/~r/securityalert_database/~3/KtK8D-i6E-o/WLB-2012100019
OPlayer 2.0.05 iOS Cross Site Scripting
Topic: OPlayer 2.0.05 iOS Cross Site Scripting Risk: Low Text:Title: OPlayer v2.0.05 iOS - Multiple Web Vulnerabilities Date: == 2012-10-01 References: ==
http://www....
http://feedproxy.google.com/~r/securityalert_database/~3/NytSNRlZ814/WLB-2012100018
GTA UTM Firewall GB 6.0.3 Cross Site Scripting
Topic: GTA UTM Firewall GB 6.0.3 Cross Site Scripting Risk: Low Text:Title: GTA UTM Firewall GB 6.0.3 - Multiple Web Vulnerabilities Date: == 2012-09-10 References: == http:...
http://feedproxy.google.com/~r/securityalert_database/~3/vljvCj4a1PU/WLB-2012100017
DDoS attacks reach new level of sophistication
"Prolexic Technologies warned of an escalating threat from unusually large and highly sophisticated DDoS attacks. The DDoS attacks have been launched in the last week using the so-called itsoknoproblembro DDoS toolkit. The malicious actor(s) behind the attacks have used this potent tool in conjunction with sophisticated attack methods that clearly demonstrate knowledge of common DDoS mitigation methods...."
http://www.net-security.org/secworld.php?id=13704
How a single spam from China ended up as an attack on the White House
"FoxNews leads today with a dramatic story entitled "Washington confirms Chinese hack attack on White House computer."In other important news, experts confirmed that there was a "high probability" that tomorrow, 03 October 2012, due to the rotation of the earth on its axis, the sun would once again give the impression of rising in the East. They also claimed that dinosaurs would "in all likelihood" continue in their state of alleged extinction.(You read it
http://nakedsecurity.sophos.com/2012/10/02/how-a-single-spam-from-china-ended-up-as-an-attack-on-the-white-house/
Bugtraq: CVE-2012-3819: Stack Overflow in DartWebserver.dll <= 1.9
CVE-2012-3819: Stack Overflow in DartWebserver.dll <= 1.9
http://www.securityfocus.com/archive/1/524273
[papers] - A Pentesters Guide to Hacking OData
A Pentesters Guide to Hacking OData
http://www.exploit-db.com/download_pdf/21664
PCI Security Standard: Mobile Payment Acceptance Security Guidelines, (Tue, Oct 2nd)
What would Cyber Security Awareness Month with a Standards theme be without discussing some semblance of PCI-related content? Carefully avoiding the debate over the benefits and drawback of PCI DSS, Ill instead focus on a recent read with a quick summary of PCI Mobile Payment Acceptance Security Guidelines for Developers. This guideline hit my radar on 14 SEP courtesy of Ians Dragon News Bytes and was intriguing as I had just published Mobile application security best practices in a BYOD world
http://isc.sans.edu/diary.html?storyid=14206&rss
Bugtraq: [security bulletin] HPSBST02818 SSRT100960 rev.1 - HP IBRIX X9000 Storage, Remote Disclosure of Information
[security bulletin] HPSBST02818 SSRT100960 rev.1 - HP IBRIX X9000 Storage, Remote Disclosure of Information
http://www.securityfocus.com/archive/1/524275