Tageszusammenfassung - Dienstag 20-11-2012

End-of-Shift report

Timeframe: Montag 19-11-2012 18:00 − Dienstag 20-11-2012 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner

Bugtraq: CVE-2012-4366: Insecure default WPA2 passphrase in multiple Belkin wireless routers

CVE-2012-4366: Insecure default WPA2 passphrase in multiple Belkin wireless routers

http://www.securityfocus.com/archive/1/524767


Hotfix für ColdFusion 10

Das Update schließt eine DoS-Lücke in der Windows-Version von Adobes Anwendungsserver.

http://www.heise.de/security/meldung/Hotfix-fuer-ColdFusion-10-1752975.html/from/atom10


Vuln: Splunk Multiple Cross-Site Scripting and Denial of Service Vulnerabilities

Splunk Multiple Cross-Site Scripting and Denial of Service Vulnerabilities

http://www.securityfocus.com/bid/56581


An Android Malware Analysis: DroidKungFu

"Few users are aware of how Android malware works. Few understand their complexity or the amount of data they can pillage from handsets. As such, we decided to come up with a short series of articles to take apart some of the most common and potentially dangerous Android malware strands that wreak havoc on smartphones...."

http://www.hotforsecurity.com/blog/an-android-malware-analysis-droidkungfu-4474.html


Nintendo fixes Wii U network after claims of accidental hack

"Just hours after the US launch of Nintendos latest game console, the Wii U, a video game fan claims that he accidentally "hacked" into the consoles online component - the Miiverse. A Wii U user called "Trike" posted on NeoGAF that he had stumbled across a secret debug menu in the Miiverse that gave him access to a Japanese language list of administrators, with seemingly the ability to regenerate passwords and delete the access rights of admins."At first it asked...

http://nakedsecurity.sophos.com/2012/11/19/nintendos-wii-u-network-hack/


Malware made which can share a smartcard over the internet

Use a bank or ID card as though you had it with you Security researchers have developed proof-of-concept malware that allows attackers to obtain remote access to smart card readers attached to compromised Windows PCs.…

http://go.theregister.com/feed/www.theregister.co.uk/2012/11/20/smart_card_reader_malware/


Raiffeisen Introduces PhotoTAN to Protect Customer Transactions Against Malware

"European banks, which are said to have implemented far more advanced security mechanisms to protect their customers than the ones from the US, are trying to live up to their reputation. Swiss bank Raiffeisen has introduced a new security feature that relies on Crontos Visual Transaction Signing Solution. Available for customers in Switzerland starting today, the CrontoSign is designed to protect online transactions against cyberattacks that rely on clever information-stealing Trojans such...

http://news.softpedia.com/news/Raiffeisen-Introduces-PhotoTAN-to-Protect-Customer-Transactions-Against-Malware-308040.shtml


WhatsApp stopft Sicherheitsloch – und verlangt Abo-Gebühren

Der Betreiber der beliebten SMS-Alternative WhatsApp hat heimlich Änderungen an seinem Dienst vorgenommen, um eine seit längerer Zeit bekannte Schwachstelle zu stopfen. Auf viele Nutzer wartete jedoch gleich die nächste böse Überraschung: Die WhatsApp-Nutzung kostet auf den meisten Smartphone-Plattformen ab sofort Geld.

http://www.heise.de/security/meldung/WhatsApp-stopft-Sicherheitsloch-und-verlangt-Abo-Gebuehren-1753088.html/from/atom10


Bugtraq: OSSIM 4.0.2 open-source SIEM solution does not verify .deb signatures

OSSIM 4.0.2 open-source SIEM solution does not verify .deb signatures

http://www.securityfocus.com/archive/1/524779


Bugtraq: SonicWALL CDP 5040 v6.x - Multiple Web Vulnerabilities

SonicWALL CDP 5040 v6.x - Multiple Web Vulnerabilities

http://www.securityfocus.com/archive/1/524777