Tageszusammenfassung - Donnerstag 13-09-2012

End-of-Shift report

Timeframe: Donnerstag 13-09-2012 08:00 - Donnerstag 13-09-2012 18:00 Handler: Stephan Richter Co-Handler: L. Aaron Kaplan

ICS-CERT Monthly Monitor for August 2012

"Internet facing medical devices may have a very similar security risk profile to industrial control systems (ICSs). ICSs and medical devices are valuable equipment, often critical to the viability of the system to which they are attached. In each case, lives may depend on the devices functioning correctly...."


Vuln: OpenStack Keystone Token Validation CVE-2012-4413 Security Bypass Vulnerability

OpenStack Keystone Token Validation CVE-2012-4413 Security Bypass Vulnerability


Cyber Defence & Network Security Conference - 28-31 Jan, 2013

"As a quick background, this is the best-attended cyber defence and network security conference held by Defence IQ - covered by BBC in both 2011 and 2012. This event combines high-level strategic briefings from 26+ senior international military and cyber experts, combined with valuable and intimate networking opportunities with heads of CERT, Systems Security, Military IT, Counter Terrorism, Cyber Crime and Networks professionals...."


Security update released for ColdFusion 10 and earlier (APSB12-21)

Today, a Security Bulletin (APSB12-21) has been posted in regards to a security hotfix for Adobe ColdFusion 10 and earlier versions for Windows, Macintosh and UNIX. Adobe recommends users update their product installation using the instructions provided in the security bulletin. This posting is provided AS IS with no warranties and confers no rights.


Microsoft disrupts traffic associated with the Nitol botnet, (Thu, Sep 13th)

There is an interesting article that was just published by Microsofts Digital Crimes Unit. Attackers have been infecting manufacturer supply chains to spread their evil warez. Some unnamed manufacturers have been selling products loaded with counterfeit versions of Windows software embedded with harmful malware. The article goes on to say that the Malware allows criminals to steal a persons personal information to access and abuse their online services, including e-mail, social networking


PHP 5.5 soll Passwort-Schlamperei eindaemmen