End-of-Shift report
Timeframe: Freitag 22-02-2013 18:00 − Montag 25-02-2013 18:00
Handler: Matthias Fraidl
Co-Handler: L. Aaron Kaplan
SCADA & Security of Critical Infrastructures
"In the last few years there has been an increase within the worldwide security community consciousness of the risks related to cyber-attacks against critical infrastructures of a countries; an event considered by principal security experts extremely likely. Probably the strongest jolt has been caused by events such as the spread of the cyber weapon Stuxnet. This represented a historic change in the conception of military conflict: by using a malicious code, an actor in cyberspace could
http://resources.infosecinstitute.com/scada-security-of-critical-infrastructures/
How researcher Hacked Facebook OAuth To Get Full Permission On Any Facebook Account
"A Security Researcher Nir Goldshlager, has discovered a security flaw in Facebook that allowed him to take a full control over any Facebook account. OAuth is used by Facebook to communicate between Applications and Facebook users, Usally users must allow/accept the application request to access their account before the communication can start. Facebook application might ask for different permissions...."
http://www.ehackingnews.com/2013/02/how-researcher-hacked-facebook-oauth-to.html
Auch Rechner bei Microsoft gehackt
Nach Facebook, Twitter und Apple ist auch Microsoft Opfer eines Hacker-Angriffs geworden. Das gab der Konzern in einem Blog bekannt.
http://rss.feedsportal.com/c/32407/f/463925/s/28df5094/l/0L0Sheise0Bde0Csecurity0Cmeldung0CAuch0ERechner0Ebei0EMicrosoft0Egehackt0E180A93840Bhtml0Cfrom0Crss0A9/story01.htm
When web sites go bad: bible . org compromise
"This is more of an "awareness" item to show to coworkers and relatives that you cant be careful enough. "bible . org" is a site that offers as the name implies access to the bible and related commentary as well as translations. Sadly, earlier this week the site go appearantly compromissed...."
http://www.cyberwarzone.com/when-web-sites-go-bad-bible-org-compromise
SQL Injection vulnerability in extension CoolURI (cooluri)
It has been discovered that the extension "CoolURI" (cooluri) is vulnerable to SQL Injection.
http://typo3.org/news/article/sql-injection-vulnerability-in-extension-basic-seo-features-seo-basics-copy-1/
Several vulnerabilities in third party extensions
Several vulnerabilities have been found in the following third-party TYPO3 extensions: attacalendar, attacpetition, eu_subscribe, exinit_job_offer, fefilebrowser, js_css_optimizer, kk_csv2table, lonewsseo, mn_mysql2json, news_search, tipafriend_plus, twitter_auth, sofortueberweisung2commerce, sys_messages
http://typo3.org/news/article/several-vulnerabilities-in-third-party-extensions-2/
Oracle Enterprise Manager dBClone SQL Injection
Topic: Oracle Enterprise Manager dBClone SQL Injection Risk: Medium Text: --BEGIN PGP SIGNED MESSAGE -- Hash: SHA1 TeamSHATTER Security Advisory SQL Injection in Oracle Enterprise Manager (dBCl...
http://feedproxy.google.com/~r/securityalert_database/~3/hJWisPeyKXY/WLB-2013020171
Samsung Galaxy S3 Screen-Lock Bypass
Topic: Samsung Galaxy S3 Screen-Lock Bypass Risk: Medium Text:MTI Technology Vulnerability Research Team www.mti.com ukpentestinfo"at"mti.com Samsung Galaxy S3 partial screen-lock...
http://feedproxy.google.com/~r/securityalert_database/~3/Ao6gcgJr_qc/WLB-2013020165
Berichte: Hacker griffen Firmen und Behörden an
Hacker aus China haben 2012 deutsche Behörden und die Unternehmen EADS und ThyssenKrupp angegriffen, berichten Focus und Spiegel.
http://rss.feedsportal.com/c/32407/f/463925/s/28e67749/l/0L0Sheise0Bde0Csecurity0Cmeldung0CBerichte0EHacker0Egriffen0EFirmen0Eund0EBehoerden0Ean0E180A95640Bhtml0Cfrom0Crss0A9/story01.htm
Firefox to spit out third-party cookies
Mozilla says Apples got it more or less right The Mozilla Foundation has set up camp alongside Apple in the 'cookies are bad' section of the Internet, decreeing that three versions hence its flagship Firefox browser wont accept cookies from anyone other than the publisher of websites it visits.
http://go.theregister.com/feed/www.theregister.co.uk/2013/02/25/firefox_cookies_policy/
Schwachstellen auf dem Silbertablett
Eine neue Suchmaschine namens Punkspider präsentiert die Scan-Ergebnisse der Sicherheitstests von Millionen von Web-Sites offen für jedermann. Ärger ist damit programmiert.
http://rss.feedsportal.com/c/32407/f/463925/s/28eebfbc/l/0L0Sheise0Bde0Csecurity0Cmeldung0CSchwachstellen0Eauf0Edem0ESilbertablett0E1810A1620Bhtml0Cfrom0Crss0A9/story01.htm