End-of-Shift report
Timeframe: Montag 22-10-2012 18:00 − Dienstag 23-10-2012 18:00
Handler: Robert Waldner
Co-Handler: Matthias Fraidl
CyanogenMod protokolliert Sperrmuster
Die Android-Firmware CyanogenMod protokolliert offenbar die zur Entsperrung des Smartphones verwendeten Wischmuster mit. Das hat ein Entwickler bemerkt und mit einem Mini-Patch abgestellt. CyanogenMod ist eine herstellerunabhängige Firmware für Android-Smartphones.
http://www.heise.de/security/meldung/CyanogenMod-protokolliert-Sperrmuster-1733903.html/from/atom10
Google Drive öffnet Hintertür zum Google-Account
Der Windows-Client von Googles Dropbox-Alternative Drive öffnet eine Hintertür in den Google-Account, durch die sich neugierige Mitmenschen unter Umständen Zugriff auf Mails, Kontakte und Termine des Drive-Nutzers verschaffen können.
http://www.heise.de/security/meldung/Google-Drive-oeffnet-Hintertuer-zum-Google-Account-1734695.html/from/atom10
Trend Micro Report for Q3, 2012: Zero-Days, Mobile Malware and Phishing
"Security firm Trend Micro has released its Security Roundup Report for the third quarter of 2012. The figures highlight the fact that the number of malicious elements designed to target Android devices has increased from 30,000 (in June) to almost 175,000 (in September). While some of them are designed to inflate phone bills and fill the crooks pockets, others pose a privacy threat...."
http://news.softpedia.com/news/Trend-Micro-Report-for-Q3-2012-Zero-Days-Mobile-Malware-and-Phishing-301242.shtml
ENISA Midpoint Report: First European Cyber Security Month Is a Success
"The European Network and Information Security Agency (ENISA) has released a midpoint report on the first European Cyber Security Month (ECSM) and the figures are highly encouraging. The campaign has already reached close to 2 million users on Facebook and judging by the upcoming events, it will reach a lot more in the following period. Hundreds of professionals and thousands of regular Internet users have already taken part in events hosted by Portugal, Spain, Norway, Luxemburg and
http://news.softpedia.com/news/ENISA-Midpoint-Report-First-European-Cyber-Security-Month-Is-a-Success-301180.shtml
Vuln: Real Networks RealPlayer Write Access Violation Arbitrary Code Execution Vulnerability
Real Networks RealPlayer Write Access Violation Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/56113
Joomla SQLReport Password Disclosure
Topic: Joomla SQLReport Password Disclosure Risk: Medium Text:Title:Password Disclosure Vulnerability Author:AsSerT && MetAiZM Vendor:Joomla Dork:inurl:com_sqlreport Disclosure: http...
http://feedproxy.google.com/~r/securityalert_database/~3/L88Vk3uNWlw/WLB-2012100197
Solar-power system flaws shine light on Smart Grid threats
"The Homeland Security Department has issued an alert about vulnerabilities in a control system for solar electric systems that could allow unauthorized users to access to the system and execute malicious code. The equipment is sold by the Italian systems integrator Sinapsi, and although a proof-of-concept exploit has been published, no exploits have yet been reported in the wild. The alert is a reminder of the need to incorporate security into increasingly complex and interactive power
http://gcn.com/blogs/cybereye/2012/10/solar-system-flaws-smart-grid-threats.aspx?s=gcndaily_231012
Adobe schließt kritische Shockwave-Lücken
Adobe schließt mit der Shockwave-Version 11.6.8.638 für Windows und Mac OS X zahlreiche kritische Lücken, durch die ein Angreifer potenziell Schadcode ins System schleusen kann. Insgesamt sind den Schwachstellen sechs CVE-Nummern zugeordnet. Es handelt sich vor allem um Pufferüberläufe.
http://www.heise.de/security/meldung/Adobe-schliesst-kritische-Shockwave-Luecken-1735274.html/from/atom10