Tageszusammenfassung - Montag 10-09-2012

End-of-Shift report

Timeframe: Freitag 07-09-2012 17:56 - Montag 10-09-2012 17:56 Handler: Stephan Richter Co-Handler: Otmar Lendl

Wordpress 3.4.2 stopft Lücken und korrigiert Fehler

Die Wordpress-Version 3.4.2 korrigiert rund 20 Fehler in der Weblog-Software und behebt einige Sicherheitsprobleme, die zu einer Ausweitung der Zugriffsrechte führen können.


An update from VirusTotal

"Our goal is simple: to help keep you safe on the web. And weve worked hard to ensure that the services we offer continually improve. But as a small, resource-constrained company, that can sometimes be challenging...."


Two ICS-CERT Advisories Published Yesterday

"Yesterday ICS-CERT published advisories for control systems vulnerabilities in two control systems products; one a demonstration product that doesnt really control anything and the other a distributed control system that is used in a wide variety of situations. RealWinDemo AdvisoryThis advisory describes a DLL hijack vulnerability in RealWinDemo and RealWin products from RealFlex; both products are generally used as sales demonstration tools, but RealWin has been used in small automation


Adobe confirms Windows 8 users vulnerable to active Flash exploits

"Microsofts Windows 8 is vulnerable to attack by exploits that hackers have been aiming at PCs for several weeks, Adobe confirmed Friday. Microsoft said it will not patch the bug in Flash Player until what it called "GA," for "general availability." That would be Oct. 26, when Windows 8 hits retail and PCs powered by the new operating system go on sale."We will update Flash in Windows 8 via Windows Update as needed," a spokeswoman said in a reply to questions.


Elderwood hacker gang claims unlimited supply of zero-day bugs - Symantec

"An elite hacker group targeting defense industry sub-contractors has an inexhaustible supply of zero-days, or vulnerabilities that have yet to be publicised, much less patched, according to Symantec. In a blog post, the security firm said, "The group seemingly has an unlimited supply of zero-day vulnerabilities."Symantec also laid out its analysis of the gang, which it said was behind a slew of attacks dubbed the "Elderwood Project," after a source code variable used