End-of-Shift report
Timeframe: Donnerstag 31-01-2013 18:00 − Freitag 01-02-2013 18:00
Handler: Matthias Fraidl
Co-Handler: Robert Waldner
Yahoo! Hack Demonstrates the Risks Posed by Third-Party Code in Cloud Computing
"Security firm Imperva has published its January Hacker Intelligence Initiative Report. The study, entitled Lessons Learned from the Yahoo! Hack, underscores the dangers of third-party code in cloud computing...."
http://news.softpedia.com/news/Yahoo-Hack-Demonstrates-the-Risks-Posed-by-Third-Party-Code-in-Cloud-Computing-325289.shtml
Apple blockiert Java-Plugin erneut
Die jüngste Java-Version steht nun auf der Plugin-Blockierliste von OS X. Apple verweist auf eine neuere Version von Oracle, die derzeit noch nicht erhältlich ist.
http://rss.feedsportal.com/c/32407/f/463925/s/2819d5fb/l/0L0Sheise0Bde0Cmeldung0CApple0Eblockiert0EJava0EPlugin0Eerneut0E17952560Bhtml0Cfrom0Crss0A9/story01.htm
BSI warnt vor virenverseuchten ELSTER-Steuerbescheiden
Cyber-Kriminelle haben eine neue Masche entdeckt, um Malware unter das Volk zu bringen.Sie behaupten, der schädliche Anhang sei vom Finanzamt.
http://rss.feedsportal.com/c/32407/f/463925/s/2819d5f9/l/0L0Sheise0Bde0Cmeldung0CBSI0Ewarnt0Evor0Evirenverseuchten0EELSTER0ESteuerbescheiden0E17951740Bhtml0Cfrom0Crss0A9/story01.htm
Largest cyber security exercise "Cyber Europe 2012" report published in 23 languages
"ENISA has published the new report of the largest ever pan-Europe cyber security exercise, Cyber Europe 2012, which is available in 23 languages. Almost 600 individual players participated, including actors from the private sector (financial, telecom and Internet), for the first time. The conclusion: for fast and effective response to cyber incidents, knowledge of procedures and information flows is crucial...."
https://www.enisa.europa.eu/media/press-releases/largest-cyber-security-exercise-cyber-europe-report-published-in-23-languages-by-eu-agency-enisa
Wordpress simple-shout-box Plugin SQL Injection
Topic: Wordpress simple-shout-box Plugin SQL Injection Risk: Medium Text:# Exploit Title: wordpress-simple-shout-box Plugin SQL Injection # Google Dork: inurl:wp-content/plugins/wordpress-simple-shou...
http://feedproxy.google.com/~r/securityalert_database/~3/zqhX_F2Yo-Y/WLB-2013010235
Wordpress portfolio-slideshow-pro v3 Plugin SQL Injection
Topic: Wordpress portfolio-slideshow-pro v3 Plugin SQL Injection Risk: Medium Text:# Exploit Title: Wordpress portfolio-slideshow-pro v3 Plugin SQL Injection # Google Dork: inurl:wp-content/plugins/portfolio-...
http://feedproxy.google.com/~r/securityalert_database/~3/d9I9Cwtp2QI/WLB-2013010236
Vuln: Squid cachemgr.cgi Incomplete Fix Remote Denial of Service Vulnerability
Squid cachemgr.cgi Incomplete Fix Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/57646
FreeBSD 9.1 ftpd Remote Denial of Service
Topic: FreeBSD 9.1 ftpd Remote Denial of Service Risk: Medium Text:FreeBSD 9.1 ftpd Remote Denial of Service Maksymilian Arciemowicz
http://cxsecurity.org/ http://cxsec.org/ Public Date: 0...
http://feedproxy.google.com/~r/securityalert_database/~3/gHoxPhhFEEc/WLB-2013020003
Wordpress wp-table-reloaded plugin cross-site scripting in SWF
Topic: Wordpress wp-table-reloaded plugin cross-site scripting in SWF Risk: Low Text:# Exploit Title: Wordpress wp-table-reloaded plugin cross-site scripting in SWF # Release Date: 24/01/13 # Author: hip [Insig...
http://feedproxy.google.com/~r/securityalert_database/~3/Y1QTuWd0xI0/WLB-2013020001
FreeBSD/GNU ftpd remote denial of service exploit
Topic: FreeBSD/GNU ftpd remote denial of service exploit Risk: Medium Text:
http://feedproxy.google.com/~r/securityalert_database/~3/eYD2LcbgKzE/WLB-2013010233
Facebook spam leads to Exploit Kit
To no wonders, the Blackhole Exploit Kit is still trying to infect users. One of the techniques commonly used is to send the victim an email from for example Facebook, Linkedin, Twitter, ... . Asking to click on a link. We'll take a small peek at those tactics. We received the following email: Hi , You [...]
http://pandalabs.pandasecurity.com/facebook-spam-leads-to-exploit-kit/
Heisec-Netzwerkcheck spürt offene UPnP-Dienste auf
Millionen Netzwerkgeräte wie Router antworten auf UPnP-Anfragen aus dem Internet und sind damit potenziell angreifbar. Mit dem Netzwerkcheck von heise Security überprüfen Sie, ob Ihr Equipment auch dazugehört.
http://rss.feedsportal.com/c/32407/f/463925/s/2821dff3/l/0L0Sheise0Bde0Cmeldung0CHeisec0ENetzwerkcheck0Espuert0Eoffene0EUPnP0EDienste0Eauf0E17947330Bhtml0Cfrom0Crss0A9/story01.htm
Filthy! old! blog! bug! blamed! for! Yahoo! webmail! hijacks!
Unpatched WordPress flaw clears way for inbox takeovers Yahoo! webmail accounts are being hijacked by hackers exploiting an eight-month-old bug in the web giants blog, security biz Bitdefender warns.
http://go.theregister.com/feed/www.theregister.co.uk/2013/02/01/yahoo_webmail_hijacks/