[CERT-daily] Tageszusammenfassung - Freitag 20-05-2016

Fri May 20 18:03:47 CEST 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 19-05-2016 18:00 − Freitag 20-05-2016 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** DSA-3584 librsvg - security update ***
---------------------------------------------
Gustavo Grieco discovered several flaws in the way librsvg, a SAX-basedrenderer library for SVG files, parses SVG files with circulardefinitions. A remote attacker can take advantage of these flaws tocause an application using the librsvg library to crash.
---------------------------------------------
https://www.debian.org/security/2016/dsa-3584


*** Petya and Mischa - Ransomware Duet (part 1) ***
---------------------------------------------
After being defeated about a month ago, Petya comes back with new tricks. Now, not as a single ransomware, but in a bundle with another malicious payload - Mischa. Both are named after the satellites from the GoldenEye movie. They deploy attacks on ..
---------------------------------------------
https://blog.malwarebytes.org/threat-analysis/2016/05/petya-and-mischa-ransomware-duet-p1/


*** EITest campaign still going strong, (Fri, May 20th) ***
---------------------------------------------
Originally reported by Malwarebytes in October 2014 [1], the EITest campaign has been going strong ever since. Earlier this year, I documented how the campaign has evolved over time [2]. During its run, I had only noticed the EITest campaign use Angler EK to distribute a variety of ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21081


*** TLS/GCM: Gefahr durch doppelte Nonces ***
---------------------------------------------
Moderne TLS-Verbindungen nutzen üblicherweise das AES-GCM-Verschlüsselungsverfahren. Das benötigt einen sogenannten Nonce-Wert, der sich nicht wiederholen darf. Ansonsten ist die Sicherheit dahin.
---------------------------------------------
http://www.golem.de/news/tls-gcm-gefahr-durch-doppelte-nonces-1605-121005.html


*** Important Security-Bulletin Pre-Announcement ***
---------------------------------------------
https://typo3.org/news/article/important-security-bulletin-pre-announcement-1/


*** Resource Data Management Intuitive 650 TDB Controller Vulnerabilities ***
---------------------------------------------
This advisory contains mitigation details for a privilege escalation vulnerability and a cross-site request forgery vulnerability in Resource Data Management's Intuitive 650 TDB Controller.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-140-01


*** Siemens SIPROTEC Information Disclosure Vulnerabilities ***
---------------------------------------------
This advisory contains mitigation details for information disclosure vulnerabilities in the Siemens SIPROTEC 4 and SIPROTEC Compact.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-140-02


*** Hacked in a public space? Thanks, HTTPS ***
---------------------------------------------
Kali Linux, laptop, coffee - hack on! Have you ever bothered to look at who your browser trusts? The padlock of a HTTPS connection doesnt mean anything if you cant trust the other end of the connection and its upstream signatories. Do you ..
---------------------------------------------
www.theregister.co.uk/2016/05/20/https_wifi_trust_in_a_public_place/


*** Wichtiger Sicherheits-Patch für Typo3 voraus ***
---------------------------------------------
In vielen Typo3-Versionen klafft offensichtlich eine schwerwiegende Sicherheitslücke. Ein Patch soll Anfang nächster Woche erscheinen.
---------------------------------------------
http://heise.de/-3212058


*** l+f: Erpressung für den guten Zweck ***
---------------------------------------------
Ein Verschlüsselungs-Trojaner fordert ein horrende Summe und will damit Gutes tun. Wer's glaubt ...
---------------------------------------------
http://heise.de/-3212111