Tageszusammenfassung - Montag 3. 9. 2012

End-of-Shift report

Timeframe: Freitag 31-08-2012 18:00 - Montag 03-09-2012 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner

Vuln: TYPO3 Core TYPO3-CORE-SA-2012-004 Multiple Remote Security Vulnerabilities

TYPO3 Core TYPO3-CORE-SA-2012-004 Multiple Remote Security Vulnerabilities


Here we go again: Critical flaw found in just-patched Java

Emergency fix rushed out half-baked Security Explorations, the Polish security startup that discovered the Java SE 7 vulnerabilities that have been the targets of recent web-based exploits, has spotted a new flaw that affects the patched version of Java released this Thursday.…


Security update released for Adobe Photoshop CS6 (APSB12-20)

Today, a Security Bulletin (APSB12-20) has been posted in regards to a security update for Adobe Photoshop CS6 (13.0) for Windows and Macintosh. Adobe recommends that users apply the update for their product installation. This posting is provided “AS IS” with no warranties and confers no rights.


Vuln: unixODBC SQLDriverConnect() FILEDSN and DRIVER Options Buffer Overflow Vulnerabilities

unixODBC SQLDriverConnect() FILEDSN and DRIVER Options Buffer Overflow Vulnerabilities


Vuln: Rugged Operating System Private Key Disclosure Vulnerability

Rugged Operating System Private Key Disclosure Vulnerability


Hackerszene trojanisiert Fernwartungswerkzeug


30 new top cyber security advisors appointed to the EU Agency ENISAs Permanent Stakeholders Group

"A new composition of 30 top IT-security experts have started their term of office as members of ENISAs Permanent Stakeholders Group (PSG). The PSG will give top IT security advice to the EUs cyber security Agency ENISA, the European Network and Information Security Agency. The PSG is a group of leading IT-security experts that gives advice to the Agencys Executive Director in, for example, drawing up a proposal for the Agencys annual Work Programme...."


[webapps] - SugarCRM Community Edition 6.5.2 (Build 8410) Multiple Vulnerabilities

SugarCRM Community Edition 6.5.2 (Build 8410) Multiple Vulnerabilities


American Express doesnt take security seriously

"We've already established that when it comes to security, passwords alone are not a very good choice. Sure, they're better than nothing, but with most people picking insecure passwords and companies saving them in unencrypted formats, there are better solutions out there. American Express takes insecure passwords and makes them even more insecure...."


ICS-CERT - New JSAR, Advisory and Updated Alert

"Still getting caught up after Isaac; while ICS-CERT hasnt been real busy they havent waited for me either. So here is a quick look at a new Joint Security Awareness Report (JSAR), a new privilege escalation advisory and an update on a Siemens related alert. ICS-CERT and US-CERT published a JSAR on Wednesday for the information-stealing malware W32...."


Russia unveils own Android-like, hack-proof mobile operating system

"It seems that Russias defence ministry has little faith in Googles operating systems: it has just unveiled its own encrypted version that has the remarkably familiar feel of an Android. Russias very first smart prototype was presented on the sidelines of a Berlin electronics show this week to deputy prime minister Dmitry Rogozin -- an avowed nationalist who oversees the militarys technological innovation. A slimmed down version of the operating system in computer tablet form is actually


[papers] - Shellcoding in Linux

Shellcoding in Linux


Hit by dubious claims, RBI junks ATM cash retraction

"The banks have done away with the cash retraction system in ATMs. The system, which enabled the machine to take back the currency if it is not removed within a certain time, was withdrawn last week after the Reserve Bank of India (RBI) agreed to National Payments Corporation of Indias proposal for removing the feature from all ATMs to deal with the increasing number of fraudulent claims about non-receipt of cash. Banks have posted messages on their websites that the system has been


VMware sichert Serverprodukte ab