End-of-Shift report
Timeframe: Montag 11-02-2013 18:00 − Dienstag 12-02-2013 18:00
Handler: Robert Waldner
Co-Handler: Matthias Fraidl
Microsoft Report Examines Socio-Economic Relationships to Malware Infections
"Tired of all those malware and vulnerability reports that count how many of each have been reported to security companies? Well, Microsoft has taken a different tack in its latest Security Intelligence Report (SIR) by globally comparing regions relative security against socio-economic factors including the maturity of a national or regional cybersecurity policy. The results arent so surprising; areas such as Europe with well-defined, long-standing and enforceable policies rate much better
http://threatpost.com/en_us/blogs/microsoft-report-examines-socio-economic-relationships-malware-infections-020813
Bugtraq: Atmel "secure" crypto co-processor series microprocessors (AT91SAM7XC) leaking keys, plus bonus DESFire hack
Atmel "secure" crypto co-processor series microprocessors (AT91SAM7XC) leaking keys, plus bonus DESFire hack
http://www.securityfocus.com/archive/1/525643
Feds Offer $20M For Critical Open Source Energy Network Cybersecurity Tools
coondoggie writes "The US Department of Energy today said it would spend $20 million on the development of advanced cybersecurity tools to help protect the nations vulnerable energy supply. The DOE technologies developed under this program should be interoperable, scalable, cost-effective advanced tools that do not impede critical energy delivery functions, that are innovative and can easily be commercialized or made available through open source for no cost." Read more of this
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/9TMHc5f0eM4/story01.htm
Dorkbot worm lurks on Skype and MSN Messenger again
"The Dorkbot/Rodpicom worm, which spreads via messaging applications and leads to additional malware infections, is currently doing rounds on Skype and MSN Messenger, warns Fortinet. The vicious circle starts with potential victims receiving a direct message from a contact, asking "LOL is this your new profile pic?
http://goo...."
http://www.net-security.org/malware_news.php?id=2408
Brother HL5370 Command Execution & Password Guessing
Topic: Brother HL5370 Command Execution & Password Guessing Risk: High Text:Tested on Brother HL5370 latest firmware so far, confirmed working against many others by Brother documentation >From Brothe...
http://feedproxy.google.com/~r/securityalert_database/~3/x_kg5EVaYGc/WLB-2013020078
Huawei Mobile Partner Poor Permissions
Topic: Huawei Mobile Partner Poor Permissions Risk: High Text:1. DESCRIPTION Huawei Mobile Partner application contains a flaw that may allow an attacker to gain access to unauthorized ...
http://feedproxy.google.com/~r/securityalert_database/~3/LXaaPcg1qMI/WLB-2013020076
Windows Manage Persistent Payload Installer
Topic: Windows Manage Persistent Payload Installer Risk: Low Text:## # ## This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Ple...
http://feedproxy.google.com/~r/securityalert_database/~3/vb4FCkPCJRg/WLB-2013020075
Wordpress newscast Theme SQL Injection
Topic: Wordpress newscast Theme SQL Injection Risk: Medium Text: # # Exploit Title: wordpress newscast Theme SQL Injection # Google Dork: inurl:/wp-content/themes/newscast & inurl:"s...
http://feedproxy.google.com/~r/securityalert_database/~3/Stvaf5d_Ze4/WLB-2013020079
Wordpress image news slider v3 Plugin SQL Injection
Topic: Wordpress image news slider v3 Plugin SQL Injection Risk: Medium Text: # # Exploit Title: wordpress image news slider v3 Plugin SQL Injection # Google Dork: inurl:/wp-content/plugins/wp-...
http://feedproxy.google.com/~r/securityalert_database/~3/KzGKRl1pfrw/WLB-2013020082
cURL auf Abwegen
Ein Server kann cURL über Umwege dazu bringen, beim Abruf einer Webseite beliebigen Code auf dem System auszuführen.
http://rss.feedsportal.com/c/32407/f/463925/s/287bfbd2/l/0L0Sheise0Bde0Csecurity0Cmeldung0CcURL0Eauf0EAbwegen0E180A0A4330Bhtml0Cfrom0Crss0A9/story01.htm
Microsoft will am Februar-Patchday 57 Lücken schließen
Der nächste Patchday bringt zwölf Bulletins, von denen fünf kritische Lücken schließen. Abgesichert werden unter anderem sämtliche Windows-Versionen, der Internet Explorer und Exchange.
http://rss.feedsportal.com/c/32407/f/463925/s/287bfbd1/l/0L0Sheise0Bde0Csecurity0Cmeldung0CMicrosoft0Ewill0Eam0EFebruar0EPatchday0E570ELuecken0Eschliessen0E180A0A760A0Bhtml0Cfrom0Crss0A9/story01.htm