End-of-Shift report
Timeframe: Donnerstag 13-09-2012 08:00 - Donnerstag 13-09-2012 18:00
Handler: Stephan Richter
Co-Handler: L. Aaron Kaplan
ICS-CERT Monthly Monitor for August 2012
"Internet facing medical devices may have a very similar security risk
profile to industrial control systems (ICSs). ICSs and medical devices are
valuable equipment, often critical to the viability of the system to which
they are attached. In each case, lives may depend on the devices
functioning correctly...."
http://www.us-cert.gov/control_systems/pdf/ICS-CERT_Monthly_Monitor_August_2012.pdf
Vuln: OpenStack Keystone Token Validation CVE-2012-4413 Security Bypass
Vulnerability
OpenStack Keystone Token Validation CVE-2012-4413 Security Bypass Vulnerability
http://www.securityfocus.com/bid/55524
Cyber Defence & Network Security Conference - 28-31 Jan, 2013
"As a quick background, this is the best-attended cyber defence and network
security conference held by Defence IQ - covered by BBC in both 2011 and
2012. This event combines high-level strategic briefings from 26+ senior
international military and cyber experts, combined with valuable and
intimate networking opportunities with heads of CERT, Systems Security,
Military IT, Counter Terrorism, Cyber Crime and Networks professionals...."
http://www.cdans.org/redForms.aspx?id=821954&pdf_form=1
Security update released for ColdFusion 10 and earlier (APSB12-21)
Today, a Security Bulletin (APSB12-21) has been posted in regards to a
security hotfix for Adobe ColdFusion 10 and earlier versions for Windows,
Macintosh and UNIX. Adobe recommends users update their product
installation using the instructions provided in the security bulletin. This
posting is provided AS IS with no warranties and confers no rights.
http://blogs.adobe.com/psirt/2012/09/security-update-released-for-coldfusion-10-and-earlier-apsb12-21.html
Microsoft disrupts traffic associated with the Nitol botnet, (Thu, Sep
13th)
There is an interesting article that was just published by Microsofts
Digital Crimes Unit. Attackers have been infecting manufacturer supply
chains to spread their evil warez. Some unnamed manufacturers have been
selling products loaded with counterfeit versions of Windows software
embedded with harmful malware. The article goes on to say that the Malware
allows criminals to steal a persons personal information to access and
abuse their online services, including e-mail, social networking
http://isc.sans.edu/diary.html?storyid=14086&rss
PHP 5.5 soll Passwort-Schlamperei eindaemmen
http://www.heise.de/security/meldung/PHP-5-5-soll-Passwort-Schlamperei-eindaemmen-1707355.html/from/atom10