[CERT-daily] Tageszusammenfassung - 17.10.2017

Daily end-of-shift report team at cert.at
Tue Oct 17 18:16:23 CEST 2017


=====================
= End-of-Day report =
=====================

Timeframe:   Montag 16-10-2017 18:00 − Dienstag 17-10-2017 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Heres a Video of the Latest ATM Malware Sold on the Dark Web ∗∗∗
---------------------------------------------
A hacker or hacker group is selling a strain of ATM malware that can make ATMs spit out cash just by connecting to its USB port and running the malware.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/heres-a-video-of-the-latest-atm-malware-sold-on-the-dark-web/


∗∗∗ Lenovo Quietly Patches Massive Bug Impacting Its Android Tablets and Zuk, Vibe Phones ∗∗∗
---------------------------------------------
Lenovo customers are being told to update their Android tablets and handsets to protect themselves against a handful of critical vulnerabilities impacting tens of millions of vulnerable Lenovo devices.
---------------------------------------------
http://threatpost.com/lenovo-quietly-patches-massive-bug-impacting-its-android-tablets-and-zuk-vibe-phones/128489/


∗∗∗ Estonia releases update on Digital ID card vulnerability ∗∗∗
---------------------------------------------
The Estonia government issued an update on a vulnerability potentially affecting digital use of ID cards issued since October 2014.
---------------------------------------------
https://www.scmagazineuk.com/estonia-releases-update-on-digital-id-card-vulnerability/article/700661/


∗∗∗ Microsoft responded quietly after detecting secret database hack in 2013 ∗∗∗
---------------------------------------------
(Reuters) - Microsoft Corp’s secret internal database for tracking bugs in its own software was broken into by a highly sophisticated hacking group more than four years ago, according to five former employees, in only the second known breach of such a corporate database.
---------------------------------------------
https://www.reuters.com/article/us-microsoft-cyber-insight/microsoft-responded-quietly-after-detecting-secret-database-hack-in-2013-idUSKBN1CM0D0


∗∗∗ KRACK: Hersteller-Updates und Stellungnahmen ∗∗∗
---------------------------------------------
Mittlerweile haben einige von der WPA2-Lücke KRACK betroffene Hersteller Patches veröffentlicht, die die Gefahr abwehren. Andere meldeten sich in Stellungnahmen zu Wort.
---------------------------------------------
https://heise.de/-3863455



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security Advisory 2017-05: Security Update for OTRS Business Solution™ ∗∗∗
---------------------------------------------
October 17, 2017 — Please read carefully and check if the version of your OTRS system is affected by this vulnerability.
---------------------------------------------
https://www.otrs.com/security-advisory-2017-05-security-update-otrs-business-solution/


∗∗∗ BSRT-2017-006 Vulnerabilities in Workspaces Server components impact BlackBerry Workspaces ∗∗∗
---------------------------------------------
http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000045696


∗∗∗ VU#307015: Infineon RSA library does not properly generate RSA key pairs ∗∗∗
---------------------------------------------
http://www.kb.cert.org/vuls/id/307015


∗∗∗ VU#228519: Wi-Fi Protected Access II (WPA2) handshake traffic can be manipulated to induce nonce and session key reuse ∗∗∗
---------------------------------------------
http://www.kb.cert.org/vuls/id/228519


∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/


∗∗∗ Cross site scripting in Webtrekk Pixel ∗∗∗
---------------------------------------------
https://www.sec-consult.com/en/blog/advisories/cross-site-scripting-in-webtrekk-pixel/index.html


∗∗∗ EMC NetWorker Buffer Overflow in nsrd Lets Remote Users Execute Arbitrary Code ∗∗∗
---------------------------------------------
http://www.securitytracker.com/id/1039583


∗∗∗ Java vulnerability CVE-2017-10053 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K28418435

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list