[CERT-daily] Tageszusammenfassung - 14.12.2017

Thu Dec 14 18:14:40 CET 2017

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 13-12-2017 18:00 − Donnerstag 14-12-2017 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ The Intel ME vulnerabilities are a big deal for some people, harmless for most ∗∗∗
---------------------------------------------
(Note: all discussion here is based on publicly disclosed information, and I am not speaking on behalf of my employers)I wrote about the potential impact of the most recent Intel ME vulnerabilities a couple of weeks ago. The details of the vulnerability were released last week, and its not absolutely the worst case scenario but its still ..
---------------------------------------------
https://mjg59.dreamwidth.org/49788.html


∗∗∗ Sneaky *.BAT File Leads to Spoofed Banking Page ∗∗∗
---------------------------------------------
If you thought using BAT files was old hat, think again. While monitoring our Secure Email Gateway Cloud service, we came across several suspect spam emails targeting Brazilian users. The figure ..
---------------------------------------------
http://trustwave.com/Resources/SpiderLabs-Blog/Sneaky--BAT-File-Leads-to-Spoofed-Banking-Page/


∗∗∗ Attack on Fox-IT shows how a DNS hijack can break multiple layers of security ∗∗∗
---------------------------------------------
Dutch security firm Fox-IT deserves praise for being open about an attack on its client network. There are some important lessons to be learned about DNS ..
---------------------------------------------
https://www.virusbulletin.com:443/blog/2017/12/attack-fox-it-shows-how-dns-hijack-can-break-multiple-layers-security/


∗∗∗ Triton Malware Targets Industrial Safety Systems In the Middle East ∗∗∗
---------------------------------------------
A rare and dangerous new form of malware targets the industrial safety control systems that protect human life.
---------------------------------------------
https://www.wired.com/story/triton-malware-targets-industrial-safety-systems-in-the-middle-east


∗∗∗ Dezember-Patchday bei SAP ∗∗∗
---------------------------------------------
Es stehen Sicherheitsupdates für verschiedene SAP-Produkte bereit. Zwei Lücken sind mit dem Bedrohungsgrad "hoch" eingestuft.
---------------------------------------------
https://heise.de/-3918036


∗∗∗ Mirai: Wie Minecraft-Betrug das ganze Internet in die Knie zwang ∗∗∗
---------------------------------------------
Drei US-amerikanische Studenten gestehen Urheberschaft – Wollten eigentlich nur mit Angriffen gegen Spieleserver Geld machen
---------------------------------------------
http://derstandard.at/2000070340698


∗∗∗ 34C3: Das Programm für den Hacker-Kongress steht ∗∗∗
---------------------------------------------
Keynote von Science-Fiction-Autor Charles Stross – Findet heuer erstmals in Leipzig statt
---------------------------------------------
http://derstandard.at/2000070364235


∗∗∗ New MacOS malware steals bank log-in details and intellectual property ∗∗∗
---------------------------------------------
https://www.scmagazineuk.com/news/new-macos-malware-steals-bank-log-in-details-and-intellectual-property/article/718542/


=====================
=  Vulnerabilities  =
=====================

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily