[CERT-daily] Tageszusammenfassung - Mittwoch 1-02-2017

Wed Feb 1 18:19:10 CET 2017

=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 31-01-2017 18:00 − Mittwoch 01-02-2017 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** BINOM3 Electric Power Quality Meter ***
---------------------------------------------
This advisory contains mitigation details for vulnerabilities in BINOM3s electric power quality meter.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-031-01


*** Ecava IntegraXor ***
---------------------------------------------
This advisory contains mitigation details for an SQL injection vulnerability in the Ecava IntegraXor web server.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-031-02


*** "Ändere-dein-Passwort-Tag": Pro und Contra Passwortwechsel ***
---------------------------------------------
Ist es sinnvoll, sein Passwort regelmäßig und vorsichtshalber zu ändern? Was in einigen Firmen verpflichtent ist, ist in Security-Kreisen umstritten. Unter Umständen kann das sogar kontraproduktiv sein.
---------------------------------------------
https://heise.de/-3613327


*** Cerber tops Windows 10 ransomware charts ***
---------------------------------------------
Crims aimed for a Christmas Number One and scored Net scum behind the Cerber ransomware have been pounding enterprises infecting more corporate machines than any other, according to Microsoft.…
---------------------------------------------
www.theregister.co.uk/2017/02/01/cerber_windows_10/


*** We need to talk about Granny: Shes way more likely to fall for phishing ***
---------------------------------------------
If you want to catch as many people as you can, go for the old legal razzle dazzle Usenix Enigma 2017 Research has shown that older people – particularly older ..
---------------------------------------------
www.theregister.co.uk/2017/02/01/why_old_women_biggest_phishing_victims/


*** Quick Analysis of Data Left Available by Attackers, (Wed, Feb 1st) ***
---------------------------------------------
While hunting for interesting cases, I found the following phishing email mimicking an UPS delivery notification:  When you click on the link, you are redirected to the ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=22015


*** Popular PlayStation and Xbox Gaming Forums Hacked; 2.5 Million Users Data Leaked ***
---------------------------------------------
Do you own an account on one of the two hugely popular PlayStation and Xbox gaming forums? Your details may have been exposed, as it has been revealed that the two ..
---------------------------------------------
http://thehackernews.com/2017/01/gaming-forum-hacking.html


*** Nächstes Hacker-Ziel: Ihr Hirn ***
---------------------------------------------
Neue Gehirn-Computer-Schnittstellen bringen die Gefahr von Hirn-Malware mit sich. Was wie eine Postillon-Schlagzeile klingt, beschäftigt ernsthafte Sicherheitsforscher.
---------------------------------------------
https://heise.de/-3613672


*** Hacker Phineas Fisher dementiert, verhaftet worden zu sein ***
---------------------------------------------
Katalanische Behörden hatten nach Hausdurchsuchungen mehrere Personen festgenommen
---------------------------------------------
http://derstandard.at/2000051907276


*** Insiderhandel: Mitarbeiter verkaufen Firmengeheimnisse im Darknet ***
---------------------------------------------
Auf illegalen Online-Marktplätzen werden derzeit offenbar gezielt Insider angeworben, um mit deren Informationen kriminelle Geschäfte zu ermöglichen. Die Bandbreite ..
---------------------------------------------
http://www.golem.de/news/insiderhandel-mitarbeiter-verkaufen-firmengeheimnisse-im-darknet-1702-125924.html


*** Hacker One: Die Sicherheitslücken der US-Armee ***
---------------------------------------------
Sicherheitsforscher hatten einen Monat Zeit, um die US-Armee zu hacken. 118 Sicherheitslücken wurden gefunden und beseitigt. Eine davon ermöglichte den Zugriff auf ein ..
---------------------------------------------
http://www.golem.de/news/hacker-one-die-sicherheitsluecken-der-us-armee-1702-125935.html


*** Cisco Prime Home Authentication Bypass Vulnerability ***
---------------------------------------------
A vulnerability in the web-based GUI of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication and execute actions with administrator ..
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-prime-home


*** Disclosure of Additional Security Fix in WordPress 4.7.2 ***
---------------------------------------------
WordPress 4.7.2 was released last Thursday, January 26th. If you have not already updated, please do so immediately. In addition to the three security vulnerabilities mentioned in the original release post, WordPress 4.7 and 4.7.1 had one additional ..
---------------------------------------------
https://make.wordpress.org/core/2017/02/01/disclosure-of-additional-security-fix-in-wordpress-4-7-2/