Tageszusammenfassung - Dienstag 10-02-2015

End-of-Shift report

Timeframe: Montag 09-02-2015 18:00 − Dienstag 10-02-2015 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl

Safer Internet Day: BSI-Poster für mehr Sicherheit im Netz

Mit 40 "leicht umsetzbaren" Tipps sollen Internetnutzer die allermeisten Standardangriffe im Internet abwehren können, meint das Bundesamt für Sicherheit in der Informationstechnik. Deswegen hat es die auf Postern zusammengefasst und online gestellt.

http://www.heise.de/newsticker/meldung/Safer-Internet-Day-BSI-Poster-fuer-mehr-Sicherheit-im-Netz-2544800.html

---

European Cyber Security Month reporting to the benefit of EU citizen

ENISA publishes a report on the deployment of the European Cyber Security Month. The objective of this report is to: * Present its preparatory work * Carry out an objective evaluation * Draw conclusions that can be used in future editions of the ECSM

http://www.enisa.europa.eu/media/news-items/european-cyber-security-month-reporting-to-the-benefit-of-eu-citizen

---

TR-32 - key-value store and NoSQL security recommendations

Key-value stores, caches or NoSQL databases became an important piece of software in today's internet and web services. In contrast to conventional DB sytems, the security model of NoSQL data stores is often very limited due to their inherent nature to be used within internal trusted networks. Strong attention should be given to the configuration of key-value stores especially regarding their access from the Internet.

http://www.circl.lu/pub/tr-32/

---

PlugX, Go-To Malware for Targeted Attacks, More Prominent Than Ever

The popular remote access tool PlugX enjoyed an ascent in popularity in 2014 and is now a go-to malware for attack groups.

http://threatpost.com/plugx-go-to-malware-for-targeted-attacks-more-prominent-than-ever/110936

---

Cisco Security Advisories

Cisco Prime Infrastructure Cross-Site Scripting Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2153 Cisco Prime Infrastructure Cross-Site Request Forgery Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2152 Cisco IOS Software Zone-Based Firewall Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0593 Cisco IOS Software Kernel Timer Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0592 Cisco Prime Security Manager Cross-Site Scripting Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3365 Cisco Prime Infrastructure Cross-Frame Scripting Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2147 Cisco IOS Shell Denial of Service Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0606