End-of-Shift report
Timeframe: Freitag 07-09-2012 17:56 - Montag 10-09-2012 17:56
Handler: Stephan Richter
Co-Handler: Otmar Lendl
Wordpress 3.4.2 stopft Lücken und korrigiert Fehler
Die Wordpress-Version 3.4.2 korrigiert rund 20 Fehler in der
Weblog-Software und behebt einige Sicherheitsprobleme, die zu einer
Ausweitung der Zugriffsrechte führen können.
http://www.heise.de/security/meldung/Wordpress-3-4-2-stopft-Luecken-und-korrigiert-Fehler-1703202.html/from/atom10
An update from VirusTotal
"Our goal is simple: to help keep you safe on the web. And weve worked hard
to ensure that the services we offer continually improve. But as a small,
resource-constrained company, that can sometimes be challenging...."
http://blog.virustotal.com/2012/09/an-update-from-virustotal.html
Two ICS-CERT Advisories Published Yesterday
"Yesterday ICS-CERT published advisories for control systems
vulnerabilities in two control systems products; one a demonstration
product that doesnt really control anything and the other a distributed
control system that is used in a wide variety of situations. RealWinDemo
AdvisoryThis advisory describes a DLL hijack vulnerability in RealWinDemo
and RealWin products from RealFlex; both products are generally used as
sales demonstration tools, but RealWin has been used in small automation
http://chemical-facility-security-news.blogspot.nl/2012/09/two-ics-cert-advisories-published.html
Adobe confirms Windows 8 users vulnerable to active Flash exploits
"Microsofts Windows 8 is vulnerable to attack by exploits that hackers have
been aiming at PCs for several weeks, Adobe confirmed Friday. Microsoft
said it will not patch the bug in Flash Player until what it called "GA,"
for "general availability." That would be Oct. 26, when Windows 8 hits
retail and PCs powered by the new operating system go on sale."We will
update Flash in Windows 8 via Windows Update as needed," a spokeswoman said
in a reply to questions.
http://www.computerworld.com/s/article/9231076/Adobe_confirms_Windows_8_users_vulnerable_to_active_Flash_exploits
Elderwood hacker gang claims unlimited supply of zero-day bugs -
Symantec
"An elite hacker group targeting defense industry sub-contractors has an
inexhaustible supply of zero-days, or vulnerabilities that have yet to be
publicised, much less patched, according to Symantec. In a blog post, the
security firm said, "The group seemingly has an unlimited supply of
zero-day vulnerabilities."Symantec also laid out its analysis of the gang,
which it said was behind a slew of attacks dubbed the "Elderwood Project,"
after a source code variable used
http://news.techworld.com/security/3380122/elderwood-hacker-gang-claims-unlimited-supply-of-zero-day-bugs-symantec/?olo=rss