Tageszusammenfassung - Donnerstag 3-10-2013

End-of-Shift report

Timeframe: Mittwoch 02-10-2013 18:00 − Donnerstag 03-10-2013 18:00 Handler: Robert Waldner Co-Handler: n/a

Cisco IOS XR Software Memory Exhaustion Vulnerability

Cisco IOS XR Software Memory Exhaustion Vulnerability

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131002-iosxr


IBM WebSphere MQ Security Vulnerability: Multiple security vulnerabilities in IEHS

Multiple security vulnerabilities exist in the IBM Eclipse Help System which is used to provide the product Information Centers for IBM WebSphere MQ and IBM WebSphere MQ File Transfer Edition. Debug Information displayed in browser (CVE-2013-0599) - XSS Alert vulnerability (CVE-2013-0464) - Application source code can be downloaded (CVE-2013-0467)

https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_websphere_mq_security_vulnerability_multiple_security_vulnerabilities_in_iehs?lang=en_us


Evince PDF Reader - 2.32.0.145 (Windows) and 3.4.0 (Linux) - Denial Of Service

Evince PDF Reader - 2.32.0.145 (Windows) and 3.4.0 (Linux) - Denial Of Service

http://www.exploit-db.com/exploits/28679


IBM SPSS Collaboration and Deployment Services Unspecified Flaws Let Remote Users Execute Arbitrary Code

IBM SPSS Collaboration and Deployment Services Unspecified Flaws Let Remote Users Execute Arbitrary Code

http://www.securitytracker.com/id/1029117


SIEMENS Solid Edge ST4 SEListCtrlX ActiveX Remote Code Execution

SIEMENS Solid Edge ST4 SEListCtrlX ActiveX Remote Code Execution

http://cxsecurity.com/issue/WLB-2013100017


Bugtraq: RootedCON 2014 - Call For Papers

RootedCON 2014 - Call For Papers

http://www.securityfocus.com/archive/1/528963


Denial of service vulnerability in Citrix NetScaler

A Citrix NetScaler component is affected by a denial of service vulnerability. Attackers can keep the appliance in a constant reboot loop resulting in total loss of availability.

https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20131003-Citrix_NetScaler_nsconfigd_Denial_of_service_wo_poc_v10.txt


Tor and the Silk Road takedown

Weve had several requests by the press and others to talk about the Silk Road situation today. We only know whats going on by reading the same news sources everyone else is reading. In this case weve been watching carefully to try to learn if there are any flaws with Tor that we need to correct. So far, nothing about this case makes us think that there are new ways to compromise Tor (the software or the network).

https://blog.torproject.org/blog/tor-and-silk-road-takedown


Survey Finds Manufacturers Afflicted with a False Sense of Cyber Security

Though manufacturers think they're doing a better job safeguarding data, cybersecurity breaches are increasing. So says a PricewaterhouseCoopers (PwC) study, which finds that "while organizations have made significant security improvements, they have not kept pace with today's determined adversaries."

http://news.thomasnet.com/IMT/2013/10/02/survey-finds-manufacturers-afflicted-with-a-false-sense-of-cyber-security/


The Top 20 Free Network Monitoring and Analysis Tools for Sys Admins

here are 20 of the best free tools for monitoring devices, services, ports or protocols and analysing traffic on your network. Even if you may have heard of some of these tools before, we're sure you'll find a gem or two amongst this list ...

http://www.gfi.com/blog/the-top-20-free-network-monitoring-and-analysis-tools-for-sys-admins/


18 Free Security Tools for SysAdmins

Here are 18 of the best free security tools for password recovery, password management, penetration testing, vulnerability scanning, steganography and secure data wiping. ... Even if you may have heard of some of these tools before, I'm confident that you'll find a gem or two amongst this list.

http://www.gfi.com/blog/18-free-security-tools-for-sysadmins/


Could the EU cyber security directive cost companies billions?

Many of the world's largest enterprises are not prepared for the new European Union Directive on cyber security, which states that organizations that do not have suitable IT security in place to protect their digital assets will face extremely heavy fiscal penalties. The directive, which was adopted in July this year, will require that organizations circulate early warnings of cyber risks and incidents, and that actual security incidents are reported to cyber security authorities.

http://www.net-security.org/secworld.php?id=15694


On Anonymous

Gabriella Coleman has published an interesting analysis of the hacker group Anonymous: Abstract: Since 2010, digital direct action, including leaks, hacking and mass protest, has become a regular feature of political life on the Internet. The source, strengths and weakness of this activity are considered in this paper through an in-depth analysis of Anonymous, the protest ensemble that has been...

https://www.schneier.com/blog/archives/2013/10/on_anonymous.html


RuggedCom Rugged Operating System Alarms Configuration Security Bypass Security Issue

RuggedCom Rugged Operating System Alarms Configuration Security Bypass Security Issue

https://secunia.com/advisories/55153


Ryan Naraine on Virus Bulletin 2013, Zero Days and Cyberwarfare

Dennis Fisher talks with Ryan Naraine about the news from the Virus Bulletin 2013 conference, whether the use of zero days is overrated and the collateral damage that can result from cyberwarfare attacks.

http://threatpost.com/ryan-naraine-on-virus-bulletin-2013-zero-days-and-cyberwarfare/102510