[CERT-daily] Tageszusammenfassung - 19.12.2017

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 18-12-2017 18:00 − Dienstag 19-12-2017 18:00
Handler:     Nina Bieringer
Co-Handler:  Alexander Riepl

=====================
=       News        =
=====================

∗∗∗ Dual EC: Wie Cisco, Avast und die NSA TLS 1.3 behindern ∗∗∗
---------------------------------------------
Auch der jüngste Entwurf des TLS-1.3-Protokolls führt zu Verbindungsabbrüchen. Google nennt jetzt einige Schuldige, darunter ein Gerät von Cisco, ein Virenscanner - und eine Spur zur NSA-Hintertüre Dual EC in der RSA-BSAFE-Bibliothek.
---------------------------------------------
https://www.golem.de/news/dual-ec-wie-cisco-avast-und-die-nsa-tls-1-3-behindern-1712-131758.html


∗∗∗ aPAColypse now: Exploiting Windows 10 in a Local Network with WPAD/PAC and JScript ∗∗∗
---------------------------------------------
Many widely-deployed technologies, viewed through 20/20 hindsight, seem like an odd or unnecessarily risky idea. Engineering decisions in IT are often made with imperfect information and under time pressure, and some oddities of the IT stack can best be ..
---------------------------------------------
http://googleprojectzero.blogspot.com/2017/12/apacolypse-now-exploiting-windows-10-in_18.html


∗∗∗ Multifunktionstrojaner Loapi kann Android-Smartphones physisch beschädigen ∗∗∗
---------------------------------------------
Loapi ist die eierlegende Wollmilchsau unter den Android-Trojanern und geht so hart zu Werk, dass Smartphones aufplatzen können.
---------------------------------------------
https://heise.de/-3921651


∗∗∗ The Market for Stolen Account Credentials ∗∗∗
---------------------------------------------
Past stories here have explored the myriad criminal uses of a hacked computer, the various ways that your inbox can be spliced and diced to help cybercrooks ply their trade, and the value of a hacked company. Todays post looks at the price of stolen credentials for just about any e-commerce, bank site or popular online ..
---------------------------------------------
https://krebsonsecurity.com/2017/12/the-market-for-stolen-account-credentials/


∗∗∗ Breaking: Aggressive WordPress Brute Force Attack Campaign Started Today, 3am UTC ∗∗∗
---------------------------------------------
A massive distributed brute force attack campaign targeting WordPress sites started this morning at 3am Universal Time, 7pm Pacific Time. The attack is broad in that it uses a large number of attacking IPs, and is also deep in that each IP is generating a huge number of attacks. This is the most aggressive ..
---------------------------------------------
https://www.wordfence.com/blog/2017/12/aggressive-brute-force-wordpress-attack/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security Advisory 2017-10: Security Update for OTRS Framework ∗∗∗
---------------------------------------------
https://www.otrs.com/security-advisory-2017-10-security-update-otrs-framework/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily