[CERT-daily] Tageszusammenfassung - 10.08.2017

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 09-08-2017 18:00 − Donnerstag 10-08-2017 18:00
Handler:     Alexander Riepl
Co-Handler:  

=====================
=        News       =
=====================

∗∗∗ IT-Branche: "Sicherheitspaket" gefährdet Cybersicherheit ∗∗∗
---------------------------------------------
In einem offenen Brief warnen Vertreter der österreichischen IT-Branche vor Gefahren für die Cybersicherheit durch das von der ÖVP geplante „Sicherheitspaket“.
---------------------------------------------
https://futurezone.at/netzpolitik/it-branche-sicherheitspaket-gefaehrdet-cybersicherheit/279.799.371


∗∗∗ Mystery Company Offers $250,000 Bounty for VM Escape Vulnerabilities ∗∗∗
---------------------------------------------
An unnamed firm is paying up to $250,000 for vulnerabilities related to its virtualization platform.
---------------------------------------------
http://threatpost.com/mystery-company-offers-250000-bounty-for-vm-escape-vulnerabilities/127343/


∗∗∗ SAP Patch Tuesday Update Resolves 19 Flaws, Three High Severity ∗∗∗
---------------------------------------------
SAP released 19 patches on Tuesday, including a trio of vulnerabilities marked high severity in its business management software.
---------------------------------------------
http://threatpost.com/sap-patch-tuesday-update-resolves-19-flaws-three-high-severity/127357/


∗∗∗ Salesforce sacks two top security engineers for their DEF CON talk ∗∗∗
---------------------------------------------
Revealing penetration-testing tool sealed staffers fate Salesforce fired two of its senior security engineers after they revealed details of an internal tool for testing IT defenses at DEF CON last month.…
---------------------------------------------
www.theregister.co.uk/2017/08/10/salesforce_fires_its_senior_security_engineers_after_defcon_talk/


∗∗∗ Bundeskriminalamt (BK) warnt österreichische Unternehmen vor CEO-Betrug ∗∗∗
---------------------------------------------
http://www.bmi.gv.at/cms/bk/_news/start.aspx?id=534C4362372B557557664D3D&page=0&view=1



∗∗∗ The Shadow Brokers Have Made Almost $90,000 Selling Hacking Tools by Subscription, Researcher Says ∗∗∗
---------------------------------------------
An anonymous researcher has been able to identify the email address of people who have subscribed to the monthly dump service by the mysterious hacking group.
---------------------------------------------
https://motherboard.vice.com/en_us/article/neejqw/the-shadow-brokers-have-made-almost-dollar90000-selling-hacking-tools-by-subscription-researcher-says


∗∗∗ Alleged vDOS Operators Arrested, Charged ∗∗∗
---------------------------------------------
Two young Israeli men alleged by this author to have co-founded vDOS -- until recently the largest and most profitable cyber attack-for-hire service online -- were arrested and formally indicted this week in Israel on conspiracy and hacking charges.
---------------------------------------------
https://krebsonsecurity.com/2017/08/alleged-vdos-operators-arrested-charged/


=====================
=    Advisories     =
=====================
∗∗∗ Session Cache API - Critical - Multiple vulnerabilities - DRUPAL-SA-CONTRIB-2017-065 ∗∗∗
---------------------------------------------
https://www.drupal.org/node/2900951


∗∗∗ Facebook Like Button - Moderately Critical - XSS - DRUPAL-SA-CONTRIB-2017-066 ∗∗∗
---------------------------------------------
https://www.drupal.org/node/2900966

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily