End-of-Shift report
Timeframe: Donnerstag 06-09-2012 18:00 -ˆ’ Freitag 07-09-2012 18:00
Handler: Stephan Richter
Co-Handler: Otmar Lendl
Microsoft Security Bulletin Advance Notification for September 2012
"This is an advance notification of security bulletins that Microsoft is
intending to release on September 11, 2012. This bulletin advance
notification will be replaced with the September bulletin summary on
September 11, 2012. For more information about the bulletin advance
notification service, see Microsoft Security Bulletin Advance Notification...."
http://technet.microsoft.com/en-us/security/bulletin/ms12-sep
Bugtraq: [security bulletin] HPSBMU02811 SSRT100937 rev.1 - HP Business
Availability Center (BAC) Cross Site Scripting (XSS), Cross Site Request
Forgery (CSRF), and Web Session Hijacking
[security bulletin] HPSBMU02811 SSRT100937 rev.1 - HP Business Availability
Center (BAC) Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF),
and Web Session Hijacking
http://www.securityfocus.com/archive/1/524119
Flash-Lücke im Internet Explorer 10
Die mit Windows 8 ausgelieferte Flash-Version ist von einer
Sicherheitslücke betroffen, die in Verbindung mit dem Internet Explorer 10
auftritt. Der entsprechende Patch von Adobe kann nicht auf den neuen
Internet Explorer angewandt werden.
http://futurezone.at/produkte/11190-flash-luecke-im-internet-explorer-10.php?rss=fuzo
ActiveFax (ActFax) 4.3 Client Importer Buffer Overflow
Topic: ActiveFax (ActFax) 4.3 Client Importer Buffer Overflow Risk: High
Text:## # This file is part of the Metasploit Framework and may be subject
to # redistribution and commercial restrictions. Please...
http://feedproxy.google.com/~r/securityalert_database/~3/uDV-PB41E8E/WLB-2012090068
N24 Dokumentation
Wenn das Web zur Waffe wird
Mit der Weiterentwicklung der Technik von Computern und des Internets
werden auch immer neue Angriffsmöglichkeiten für virtuelle Kriminelle
geschaffen. Die Zeiten, in denen Computerviren lediglich Spam
verursachten, sind vorbei. Die Doku zeigt, welch folgenschwere Schäden
durch Cyber-Attacken in der modernen Welt verursacht werden können:
http://www.n24.de/mediathek/cyber-war-wenn-das-web-zur-waffe-wird_1552737.html
Vuln: Webmin Multiple Input Validation Vulnerabilities
Webmin Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/55446
SSL BEASTie boys develop follow-up CRIME web attack
Ill Communication The security researchers who developed the infamous BEAST
attack that broke SSL/TLS encryption are cooking up a new assault on the
same crucial protocols.
http://go.theregister.com/feed/www.theregister.co.uk/2012/09/07/https_sesh_hijack_attack/
[remote] - SAP NetWeaver Dispatcher DiagTraceR3Info Buffer Overflow
SAP NetWeaver Dispatcher DiagTraceR3Info Buffer Overflow
http://www.exploit-db.com/exploits/21034
US-CERT Alert TA12-251A - Microsoft Update For Minimum Certificate Key
Length
FOR IMMEDIATE PUBLIC RELEASE
National Cyber Awareness System
US-CERT Alert TA12-251A
Microsoft Update For Minimum Certificate Key Length
Original release date: September 07, 2012
http://www.us-cert.gov/cas/techalerts/TA12-251A.html