End-of-Shift report
Timeframe: Dienstag 03-12-2013 18:00 − Mittwoch 04-12-2013 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
Mitigating attacks on Industrial Control Systems (ICS); the new Guide from EU Agency ENISA
The EU's cyber security agency ENISA has provided a new manual for better mitigating attacks on Industrial Control Systems (ICS), supporting vital industrial processes primarily in the area of critical information infrastructure (such as the energy and chemical transportation industries) where sufficient knowledge is often lacking. As ICS are now often connected to Internet platforms, extra security preparations have to be taken. This new guide provides the necessary key considerations...
http://www.enisa.europa.eu/media/press-releases/mitigating-attacks-on-industrial-control-systems-the-new-guide-from-enisa
Elecsys Director Gateway Improper Input Validation Vulnerability
Adam Crain of Automatak and independent researchers Chris Sistrunk and Adam Todorski have identified an improper input validation in the Elecsys Director Gateway application. Elecsys has produced a patch that mitigates this vulnerability. Adam Todorski has tested the patch to validate that it resolves the vulnerability.This vulnerability could be exploited remotely.
http://ics-cert.us-cert.gov/advisories/ICSA-13-337-01
Ruby on Rails Multiple Bugs Let Remote Users Deny Service, Conduct Cross-Site Scripting Attacks, and Generate Unsafe Queries
Ruby on Rails Multiple Bugs Let Remote Users Deny Service, Conduct Cross-Site Scripting Attacks, and Generate Unsafe Queries
http://www.securitytracker.com/id/1029420
Cisco ONS 15454 Controller Cards Can Be Reset By Remote Users
http://www.securitytracker.com/id/1029421
D-Link DIR Series Routers __show_info.php information disclosure
http://xforce.iss.net/xforce/xfdb/89343