[CERT-daily] Tageszusammenfassung - 15.12.2017

Daily end-of-shift report team at cert.at
Fri Dec 15 18:10:33 CET 2017


=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 14-12-2017 18:00 − Freitag 15-12-2017 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Microsoft Considers Adding Python as an Official Scripting Language to Excel ∗∗∗
---------------------------------------------
Microsoft is considering adding Python as one of the official Excel scripting languages, according to ..
---------------------------------------------
https://www.bleepingcomputer.com/news/microsoft/microsoft-considers-adding-python-as-an-official-scripting-language-to-excel/


∗∗∗ Vigilante Removes Malware from Netgear Site After Company Fails to Do So for 2 Years ∗∗∗
---------------------------------------------
An anonymous vigilante has taken matters into his own hands and removed malware from a Netgear site after the ..
---------------------------------------------
https://www.bleepingcomputer.com/news/security/vigilante-removes-malware-from-netgear-site-after-company-fails-to-do-so-for-2-years/


∗∗∗ The spy under your christmas tree ∗∗∗
---------------------------------------------
In the past few years, makers of internet-enabled toys have made the headlines multiple times, but not in a good way. Privacy and data protection clearly is not the highest priority in this sector. In Germany, the sale of some of those toys has already been banned after they were classified as concealed surveillance ..
---------------------------------------------
https://www.gdatasoftware.com/blog/2017/12/30277-the-spy-under-your-christmas-tree


∗∗∗ Joanna Rutkowska: Qubes OS soll "einfach wie Ubuntu" werden ∗∗∗
---------------------------------------------
Die Gründerin von Qubes OS, Joanna Rutkowska, erklärt die grundlegenden Ideen und Konzepte des auf Sicherheit fokussierten Projektes. Außerdem verrät die Entwicklerin im Gespräch mit Golem.de weiter ..
---------------------------------------------
https://www.golem.de/news/joanna-rutkowska-qubes-os-soll-einfach-wie-ubuntu-werden-1712-131679.html


∗∗∗ Determining your risk ∗∗∗
---------------------------------------------
Red Hat continues to be a leader in transparency regarding security problems that are discovered in our software and the steps we take to fix them. We publish data about vulnerabilities on our security metrics page and ..
---------------------------------------------
https://access.redhat.com/blogs/766093/posts/2998921


∗∗∗ Javascript Injection Creates Rogue WordPress Admin User ∗∗∗
---------------------------------------------
Earlier this year, we faced a growing volume of infections related to a vulnerability in outdated versions of the Newspaper and Newsmag themes. The infection type was always the same: malicious JavaScript designed to display unauthorized pop-ups or completely redirect visitors to spammy websites, which the hackers then monetized through advertisement ..
---------------------------------------------
https://blog.sucuri.net/2017/12/javascript-injection-creates-rogue-wordpress-admin-user.html


∗∗∗ Root-Lücke in Firewalls von Palo Alto Networks ∗∗∗
---------------------------------------------
Kombinieren Angreifer drei Sicherheitslücken, könnten sie Firewalls von Palo Alto Networks kompromittieren, warnt ein Sicherheitsforscher.
---------------------------------------------
https://heise.de/-3918909



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Information Disclosure in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway Client TLS Handshake ∗∗∗
---------------------------------------------
A vulnerability has been identified in the Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway Packet Engine that could ..
---------------------------------------------
https://support.citrix.com/article/CTX230612

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list