End-of-Shift report
Timeframe: Mittwoch 02-10-2013 18:00 − Donnerstag 03-10-2013 18:00
Handler: Robert Waldner
Co-Handler: n/a
Cisco IOS XR Software Memory Exhaustion Vulnerability
Cisco IOS XR Software Memory Exhaustion Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131002-iosxr
IBM WebSphere MQ Security Vulnerability: Multiple security vulnerabilities in IEHS
Multiple security vulnerabilities exist in the IBM Eclipse Help System which is used to provide the product Information Centers for IBM WebSphere MQ and IBM WebSphere MQ File Transfer Edition. Debug Information displayed in browser (CVE-2013-0599) - XSS Alert vulnerability (CVE-2013-0464) - Application source code can be downloaded (CVE-2013-0467)
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_websphere_mq_security_vulnerability_multiple_security_vulnerabilities_in_iehs?lang=en_us
Evince PDF Reader - 2.32.0.145 (Windows) and 3.4.0 (Linux) - Denial Of Service
Evince PDF Reader - 2.32.0.145 (Windows) and 3.4.0 (Linux) - Denial Of Service
http://www.exploit-db.com/exploits/28679
IBM SPSS Collaboration and Deployment Services Unspecified Flaws Let Remote Users Execute Arbitrary Code
IBM SPSS Collaboration and Deployment Services Unspecified Flaws Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1029117
SIEMENS Solid Edge ST4 SEListCtrlX ActiveX Remote Code Execution
SIEMENS Solid Edge ST4 SEListCtrlX ActiveX Remote Code Execution
http://cxsecurity.com/issue/WLB-2013100017
Bugtraq: RootedCON 2014 - Call For Papers
RootedCON 2014 - Call For Papers
http://www.securityfocus.com/archive/1/528963
Denial of service vulnerability in Citrix NetScaler
A Citrix NetScaler component is affected by a denial of service vulnerability. Attackers can keep the appliance in a constant reboot loop resulting in total loss of availability.
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20131003-Citrix_NetScaler_nsconfigd_Denial_of_service_wo_poc_v10.txt
Tor and the Silk Road takedown
Weve had several requests by the press and others to talk about the Silk Road situation today. We only know whats going on by reading the same news sources everyone else is reading. In this case weve been watching carefully to try to learn if there are any flaws with Tor that we need to correct. So far, nothing about this case makes us think that there are new ways to compromise Tor (the software or the network).
https://blog.torproject.org/blog/tor-and-silk-road-takedown
Survey Finds Manufacturers Afflicted with a False Sense of Cyber Security
Though manufacturers think they're doing a better job safeguarding data, cybersecurity breaches are increasing. So says a PricewaterhouseCoopers (PwC) study, which finds that "while organizations have made significant security improvements, they have not kept pace with today's determined adversaries."
http://news.thomasnet.com/IMT/2013/10/02/survey-finds-manufacturers-afflicted-with-a-false-sense-of-cyber-security/
The Top 20 Free Network Monitoring and Analysis Tools for Sys Admins
here are 20 of the best free tools for monitoring devices, services, ports or protocols and analysing traffic on your network. Even if you may have heard of some of these tools before, we're sure you'll find a gem or two amongst this list ...
http://www.gfi.com/blog/the-top-20-free-network-monitoring-and-analysis-tools-for-sys-admins/
18 Free Security Tools for SysAdmins
Here are 18 of the best free security tools for password recovery, password management, penetration testing, vulnerability scanning, steganography and secure data wiping. ... Even if you may have heard of some of these tools before, I'm confident that you'll find a gem or two amongst this list.
http://www.gfi.com/blog/18-free-security-tools-for-sysadmins/
Could the EU cyber security directive cost companies billions?
Many of the world's largest enterprises are not prepared for the new European Union Directive on cyber security, which states that organizations that do not have suitable IT security in place to protect their digital assets will face extremely heavy fiscal penalties. The directive, which was adopted in July this year, will require that organizations circulate early warnings of cyber risks and incidents, and that actual security incidents are reported to cyber security authorities.
http://www.net-security.org/secworld.php?id=15694
On Anonymous
Gabriella Coleman has published an interesting analysis of the hacker group Anonymous: Abstract: Since 2010, digital direct action, including leaks, hacking and mass protest, has become a regular feature of political life on the Internet. The source, strengths and weakness of this activity are considered in this paper through an in-depth analysis of Anonymous, the protest ensemble that has been...
https://www.schneier.com/blog/archives/2013/10/on_anonymous.html
RuggedCom Rugged Operating System Alarms Configuration Security Bypass Security Issue
RuggedCom Rugged Operating System Alarms Configuration Security Bypass Security Issue
https://secunia.com/advisories/55153
Ryan Naraine on Virus Bulletin 2013, Zero Days and Cyberwarfare
Dennis Fisher talks with Ryan Naraine about the news from the Virus Bulletin 2013 conference, whether the use of zero days is overrated and the collateral damage that can result from cyberwarfare attacks.
http://threatpost.com/ryan-naraine-on-virus-bulletin-2013-zero-days-and-cyberwarfare/102510