End-of-Shift report
Timeframe: Dienstag 05-03-2013 18:00 − Mittwoch 06-03-2013 18:00
Handler: Stephan Richter
Co-Handler: Otmar Lendl
[TYPO3-announce] TYPO3 CMS Core Security Advisory TYPO3-CORE-SA-2013-001
It has been discovered that the TYPO3 Core is susceptible to SQL Injection and Open Redirection
For more details on the issues please read the accordant advisory
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-001/
Bugtraq: [IA32] HP Intelligent Management Center v5.1 E0202 topoContent.jsf Non-Persistent Cross-Site Scripting
[IA32] HP Intelligent Management Center v5.1 E0202 topoContent.jsf Non-Persistent Cross-Site Scripting
http://www.securityfocus.com/archive/1/525888
Vuln: Schneider Electric Products Multiple Security Vulnerabilities
Schneider Electric Products Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/57435
Blackhole outfitted with exploit for recently patched Java flaw
"The exploit for the recently patched CVE-2013-0431 Java vulnerability has been added to the Blackhole exploit kit, Trend Micro researchers report. The fact was discovered through the analysis of the latest PayPal-themed spam run that leads to a page hosting the exploit kit. Users are presented with a "Receipt for your PayPal payment to" email, and are urged to verify the details of the payment order by clicking on a link included in the message...."
http://www.net-security.org/malware_news.php?id=2430
CSA: What are 2013s top cloud security threats?
"The Cloud Security Alliance (CSA) has released a new report designed to examine the most pervasive security threats still threatening cloud in 2013. Called The Notorious Nine presumably using the same nomenclature that Enid Blyton employed for the protagonists of her fabled childrens books the CSA enlisted the help of industry experts, and is designed to be used in conjunction with other CSA best practice guides; Security Guidance for Critical Areas in Cloud Computing V. 3 and Security as...
http://www.cloudcomputing-news.net/news/2013/mar/04/csa-what-are-2013s-top-cloud-security-threats/
Pwn Pad Steals the Show at RSA Cyber Security Conference in San Francisco
"Pwnie Express, the Vermont-based firm known for the Pwn Plug and Power Pwn, released a new appliance at RSA: the Pwn Pad. This handheld tablet allows security-and-IT-focused personnel to safely test their own network for wireless and wired security issues. The product brings an unprecedented level of ease to security testing, and has been met with critical acclaim at RSA...."
http://www.sfgate.com/business/prweb/article/Pwn-Pad-Steals-the-Show-at-RSA-Cyber-Security-4330096.php