End-of-Shift report
Timeframe: Freitag 12-07-2013 18:00 − Montag 15-07-2013 18:00
Handler: Stephan Richter
Co-Handler: n/a
Atlassian Confluence 4.3.5 XSS / Clickjacking
Topic: Atlassian Confluence 4.3.5 XSS / Clickjacking Risk: Low Text: == BAE Systems Detica Security Advisory: DS-2013-005 == Title: Atlassian Confluence Mu...
http://cxsecurity.com/issue/WLB-2013070102
Juniper JUNOS Bugs Let Remote Users Deny Service, Obtain Information, and Execute Arbitrary Code
Juniper JUNOS Bugs Let Remote Users Deny Service, Obtain Information, and Execute Arbitrary Code
http://www.securitytracker.com/id/1028775
OSZE-Studie warnt vor Cyberangriffen auf die Energieversorgung
Die Staatengemeinschaft hat Empfehlungen zum Schutz der Energieversorgung vor Schadsoftware veröffentlicht.
http://www.heise.de/security/meldung/OSZE-Studie-warnt-vor-Cyberangriffen-auf-die-Energieversorgung-1917043.html
Pflege von Webserver Apache 2.0 eingestellt
Version 2.0.65 ist die letzte Aktulaisierung des Apache HTTP Server 2.0. Wer ihn noch einsetzt, muss reagieren: Ein Sicherheitsproblem bleibt ungelöst.
http://www.heise.de/newsticker/meldung/Pflege-von-Webserver-Apache-2-0-eingestellt-1917101.html
Bugtraq: Full Disclosure ASUS Wireless Routers Ten Models - Multiple Vulnerabilities on AiCloud enabled units
Full Disclosure ASUS Wireless Routers Ten Models - Multiple Vulnerabilities on AiCloud enabled units
http://www.securityfocus.com/archive/1/527275
Google study finds users ignore Chrome security warnings
Research tracks 25m browser warning messages, says Chrome users reckless or clueless Youre surfing the net when Chrome decides not to bring you the web site of your choice, but instead a page warning that the site youd hoped to visit might be bogus or contain malware.…
http://go.theregister.com/feed/www.theregister.co.uk/2013/07/15/google_study_finds_chrome_is_leastsecure_browser/
Squid HTTP Header Port Number Handling Denial of Service Vulnerability
Squid HTTP Header Port Number Handling Denial of Service Vulnerability
https://secunia.com/advisories/54142
Vuln: PHP CVE-2013-4113 Heap Memory Corruption Vulnerability
PHP CVE-2013-4113 Heap Memory Corruption Vulnerability
http://www.securityfocus.com/bid/61128
Cyrus SASL Library "crypt()" NULL Pointer Dereference Vulnerability
Cyrus SASL Library "crypt()" NULL Pointer Dereference Vulnerability
https://secunia.com/advisories/54098
HPSBST02890 rev.3 - HP StoreOnce D2D Backup System, Remote Unauthorized Access, Modification, and Escalation of Privilege
A potential security vulnerability has been identified with HP StoreOnce D2D Backup System. The vulnerability could be exploited remotely resulting in unauthorized access, modification, and escalation of privilege.
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03813919
Cisco Unified MeetingPlace Web Conferencing XSS Vulnerability
A vulnerability in the web framework of Cisco Unified MeetingPlace could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against users of the web interface on the affected system.
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3419
Weiterer Fehler in Androids Signaturprüfung
Chinesische Blogger wollen eine weitere Schwachstelle gefunden haben, mit der Androids Signaturüberprüfung ausgetrickst werden kann. Zumindest CyanogenMod-Nutzer können schon patchen.
http://www.heise.de/security/meldung/Weiterer-Fehler-in-Androids-Signaturpruefung-1917183.html
After PRISM, Europe has to move to its own clouds, says Estonias president
Summary: The EU needs to be more self-reliant after the recent revelations about the NSA, according to Toomas Hendrik Ilves - but that shouldnt mean European countries cutting themselves off.
http://www.zdnet.com/after-prism-europe-has-to-move-to-its-own-clouds-says-estonias-president-7000018048/
F5 BIG-IP APM / FirePass Client Java Applet "filename" Directory Traversal Vulnerability
F5 BIG-IP APM / FirePass Client Java Applet "filename" Directory Traversal Vulnerability
https://secunia.com/advisories/53477
Targeted Attacks Hit Asian, European Government Agencies
Trend Micro researchers have uncovered a targeted attack launched against government agencies in various countries. The email claimed to be from the Chinese Ministry of National Defense, although it appears to have been sent from a Gmail account and did not use a Chinese name. Figure 1. Phishing message The document contains a malicious attachment, [...]Post from: Trendlabs Security Intelligence Blog - by Trend MicroTargeted Attacks Hit Asian, European Government Agencies
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/u3ICCpFkqt0/