Tageszusammenfassung - Donnerstag 25-10-2012

End-of-Shift report

Timeframe: Mittwoch 24-10-2012 18:00 − Donnerstag 25-10-2012 18:00 Handler: Robert Waldner Co-Handler: n/a

Bugtraq: VUPEN Security Research - Oracle Java Font Processing Glyph Element Memory Corruption Vulnerability

VUPEN Security Research - Oracle Java Font Processing Glyph Element Memory Corruption Vulnerability

http://www.securityfocus.com/archive/1/524507

---

Bugtraq: VUPEN Security Research - Oracle Java Font Processing "maxPointCount" Heap Overflow Vulnerability

VUPEN Security Research - Oracle Java Font Processing "maxPointCount" Heap Overflow Vulnerability

http://www.securityfocus.com/archive/1/524506

---

Bugtraq: [waraxe-2012-SA#094] - Multiple Vulnerabilities in Wordpress GRAND Flash Album Gallery Plugin

[waraxe-2012-SA#094] - Multiple Vulnerabilities in Wordpress GRAND Flash Album Gallery Plugin

http://www.securityfocus.com/archive/1/524509

---

Microsoft Office Word 2010 Stack Exhaustion

Topic: Microsoft Office Word 2010 Stack Exhaustion Risk: Low Text:Title : Microsoft Office Word 2010 Stack Overflow Version : Microsoft Office professional Plus 2010 Date : 2012...

http://feedproxy.google.com/~r/securityalert_database/~3/nm8w9gqy73w/WLB-2012100208

---

National and International Cyber Security Exercises: Survey, Analysis & Recommendations

"Cyber exercises are an important tool to assess the preparedness of a community against cyber crises, technology failures and critical information infrastructure incidents. ENISA supports the stakeholders involved in EU cyber exercises. This report aims to support European and international bodies involved in cyber exercises with lessons learned about cyber exercises and recommendations for the future...."

http://www.enisa.europa.eu/activities/Resilience-and-CIIP/cyber-crisis-cooperation/cyber-exercises/exercise-survey2012

---

Researcher to demonstrate feature-rich malware that works as a browser extension

"Security researcher Zoltan Balazs has developed a remote-controlled piece of malware that functions as a browser extension and is capable of modifying Web pages, downloading and executing files, hijacking accounts, bypassing two-factor authentication security features enforced by some websites, and much more. Balazs, who works as an IT security consultant for professional services firm Deloitte in Hungary, created the proof-of-concept malware in order to raise awareness about the security

http://www.computerworld.com/s/article/9232848/Researcher_to_demonstrate_feature_rich_malware_that_works_as_a_browser_extension