End-of-Shift report
Timeframe: Freitag 30-11-2012 18:00 − Montag 03-12-2012 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
Bugtraq: NGS000263 Technical Advisory: Symantec Messaging Gateway Easy CSRF to add a backdoor-administrator
NGS000263 Technical Advisory: Symantec Messaging Gateway Easy CSRF to add a backdoor-administrator
http://www.securityfocus.com/archive/1/524879
Schöne Bescherung - Hacker veröffentlicht Exploits für MySQL und SSH
Der berüchtigte Hacker mit dem Pseudonym KingCope hat offenbar seine Altbestände ausgemistet und zum ersten Advent eine ganze Reihe von Exploits veröffentlicht, die zum Teil schon aus dem Jahr 2011 stammen. Primäres Ziel ist die mittlerweile von Oracle übernommene Open-Source-Datenbank MySQL; aber auch die SSH-Server der Firma SSH und FreeSSHd/FreeFTPd sind akut gefährdet.
http://www.heise.de/security/meldung/Schoene-Bescherung-Hacker-veroeffentlicht-Exploits-fuer-MySQL-und-SSH-1760967.html/from/atom10
The top 25 computing coding errors that lead to 85% of criminal internet activity
"The list is being hailed as a major breakthrough that should gradually make theInternet much safer. "When consumers see that most vulnerabilities are caused by amere 25 weaknesses, a new standard for due diligence is likely to emerge," saysKonrad Vesey, a member of the National Security Agencys Information AssuranceDirectorate...."
http://www.sans.org/top25-software-errors/#s4
OurWebFTP 5.3.5 Cross Site Scripting
Topic: OurWebFTP 5.3.5 Cross Site Scripting Risk: Low Text:HTTPCS Advisory : HTTPCS112 Product : OurWebFTP Version : 5.3.5 Page : /index.php Variables : mwb_control2=Enter&mw...
http://feedproxy.google.com/~r/securityalert_database/~3/Z9CTYZ5_rmc/WLB-2012120027
Libsyn Cross Site Scripting
Topic: Libsyn Cross Site Scripting Risk: Low Text:As you can see from my publications for last five years, I like holes which are placed at hundreds or millions of web sites. S...
http://feedproxy.google.com/~r/securityalert_database/~3/xmo2Up5J5oE/WLB-2012120026
FortiWeb 4kC,3kC,1kC & VA Cross Site Vulnerabilities
Topic: FortiWeb 4kC,3kC,1kC & VA Cross Site Vulnerabilities Risk: Low Text:Title: FortiWeb 4kC,3kC,1kC & VA - Cross Site Vulnerabilities Date: == 2012-12-01 References: ==
http://...
http://feedproxy.google.com/~r/securityalert_database/~3/WC5HCX-SaKI/WLB-2012120022
Critical infrastructure systems should never have moved online, warn security experts
"UK businesses linked to critical infrastructure areas have opened themselves up to cyber attacks by prematurely moving key systems online, according to prominent security experts. Co-founder of information security site The Jericho Forum, Paul Simmonds, highlighted the fact that the desire to cut costs by moving systems online has left firms vulnerable to cyber attacks."Im worried were rushing headlong into connecting parts of critical infrastructure items to the internet," ...
http://www.v3.co.uk/v3-uk/news/2228538/critical-infrastructure-systems-should-never-have-moved-online-warn-security-experts
Blogger demonstrieren gewieften Passwortklau
Mitarbeitern der Firma Neophasis haben herausgefunden, dass mit relativ einfachen Mitteln Passwörter und andere Nutzerdaten per JavaScript-Modifikationen aus Web-Browsern abgegriffen werden können. Dass der Diebstahl über eine oft genutzte Tastenkombination funktioniert, macht die Schwachstelle gefährlich.
http://www.heise.de/security/meldung/Blogger-demonstrieren-gewieften-Passwortklau-1761237.html/from/atom10
Opera Web Browser 12.11 WriteAV Vulnerability
Topic: Opera Web Browser 12.11 WriteAV Vulnerability Risk: Medium Text:Title : Opera Web Browser 12.11 WriteAV Vulnerability Version : 12.11 Build 1661 and 12.12 Date : 2012-12-03 Vend...
http://feedproxy.google.com/~r/securityalert_database/~3/bY9KoqQu62A/WLB-2012120031
Safety First: That Means Mobile Banking
"The answer surprises; here is the question: Is it safer to bank using a desktop computer or an app on a mobile phone? The answer is that, all considered, you are vastly safer with that mobile banking app."Fraudsters go after the low-hanging fruit, and that is PC-based banking," said Andreas Baumhof, chief technology officer at ThreatMetrix, in an interview. There is substantially more traffic over online banking channels than there is mobile, and thus the keener interest of ...
http://www.themobilityhub.com/author.asp?section_id=2262&doc_id=254931