Tageszusammenfassung - Mittwoch 13-02-2013

End-of-Shift report

Timeframe: Dienstag 12-02-2013 18:00 − Mittwoch 13-02-2013 18:00 Handler: Robert Waldner Co-Handler: Matthias Fraidl

Data protection practices in EU and Asia

"Research undertaken by Field Fisher Waterhouse into the existing legal framework mandating encryption of personal data in the EU and Asia. The study details legal requirements in the EU and Asia and reveals a trajectory of data protection regulation towards encryption as a compliance imperative. The litany of highly visible data breach incidents in 2012, further compounded by the steep penalties being delivered by data protection watchdogs, means that the pressure to protect the integrity

http://www.net-security.org/secworld.php?id=14395


Neues Sicherheits-Update für Ruby on Rails

Mit den Rails-Versionen 3.2.12 und 3.1.11 und 2.3.17 werden kritische Sicherheitslücken geschlossen. Zusätzlich sollen Nutzer das Gem für JSON auf die neuste Version aktualisieren.

http://rss.feedsportal.com/c/32407/f/463925/s/287dc9e1/l/0L0Sheise0Bde0Csecurity0Cmeldung0CNeues0ESicherheits0EUpdate0Efuer0ERuby0Eon0ERails0E180A25570Bhtml0Cfrom0Crss0A9/story01.htm


Summary for February 2013 - Version: 1.1

This bulletin summary lists security bulletins released for February 2013. With the release of the security bulletins for February 2013, this bulletin summary replaces the bulletin advance notification originally issued February 7, 2013.

http://technet.microsoft.com/en-us/security/bulletin/ms13-feb


RADIUS Authentication Bypass

Please give us your feedback on Cisco Security Intelligence Operations. Thanks! Remote Authentication Dial In User Service (RADIUS) authentication on adevice that is running certain versions of Cisco Internetworking OperatingSystem (IOS) and configured with a fallback method to none canbe bypassed.Systems that are configured for other authentication methods or thatare not configured with a fallback method tonone are not affected.Only the systems that are running certain versions of Cisco IOS

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20050629-aaa?vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=RADIUS Authentication Bypass&vs_k=1

How Lockheed Martins Kill Chain Stopped SecurID Attack

"A few months after RSA had rocked the security world with news that it had been breached and its SecurID database exposed in a sophisticated attack, defense contractor Lockheed Martin discovered an intruder in its network using legitimate credentials."We almost missed it," says Steve Adegbite, director of cybersecurity for Lockheed Martin, of the intrusion sometime around May or early June 2011. "We thought at first it was a new person in the department ... but then it

http://www.darkreading.com/authentication/167901072/security/attacks-breaches/240148399/how-lockheed-martin-s-kill-chain-stopped-securid-attack.html


SonicWALL Scrutinizer 9.5.2 SQL Injection

Topic: SonicWALL Scrutinizer 9.5.2 SQL Injection Risk: Medium Text:Title: Sonicwall Scrutinizer v9.5.2 - SQL Injection Vulnerability Date: == 2013-02-13 References: == htt...

http://feedproxy.google.com/~r/securityalert_database/~3/2p4Vvj_j1ng/WLB-2013020093


Vuln: EMC NetWorker nsrindexd RPC Service Buffer Overflow Vulnerability

EMC NetWorker nsrindexd RPC Service Buffer Overflow Vulnerability

http://www.securityfocus.com/bid/57182


Zero-Day-Lücke im Adobe Reader

Sicherheitsforscher haben ein speziell präpariertes PDF-Dokument entdeckt, das offenbar eine bislang unbekannte Schwachstelle im Reader ausnutzt.

http://rss.feedsportal.com/c/32407/f/463925/s/288471e5/l/0L0Sheise0Bde0Csecurity0Cmeldung0CZero0EDay0ELuecke0Eim0EAdobe0EReader0E180A29120Bhtml0Cfrom0Crss0A9/story01.htm


OpenEMR 4.1.1 (ofc_upload_image.php) Arbitrary File Upload Vulnerability

Topic: OpenEMR 4.1.1 (ofc_upload_image.php) Arbitrary File Upload Vulnerability Risk: High Text:

http://feedproxy.google.com/~r/securityalert_database/~3/Q1XBAdgibv4/WLB-2013020094