[CERT-daily] Tageszusammenfassung - 13.09.2017

Wed Sep 13 18:04:30 CEST 2017

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 12-09-2017 18:00 − Mittwoch 13-09-2017 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a

=====================
=        News       =
=====================

∗∗∗ Over 4,000 ElasticSearch Servers Found Hosting PoS Malware Files ∗∗∗
---------------------------------------------
The Kromtech Security Center has identified over 4,000 instances of ElasticSearch servers that are hosting files specific to two strains of POS (Point of Sale) malware — AlinaPOS and JackPOS.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/over-4-000-elasticsearch-servers-found-hosting-pos-malware-files/


∗∗∗ Blueborne: Sicherheitslücken gefährden fünf Milliarden Bluetooth-Geräte ∗∗∗
---------------------------------------------
Etwa fünf Milliarden Geräte weltweit sollen von kritischen Bluetooth-Sicherheitslücken betroffen sein. Die Fehler liegen jedoch nicht im Protokoll, sondern in den entsprechenden Stacks von Windows, Linux und Android. Bei Apple sind nur ältere Geräte von Blueborne betroffen.
---------------------------------------------
https://www.golem.de/news/bluetooth-kritische-sicherheitsluecken-ermoeglichen-geraeteuebernahme-1709-130011.html


∗∗∗ Exploit for CVE-2017-8759 detected and neutralized ∗∗∗
---------------------------------------------
The September 12, 2017 security updates from Microsoft include the patch for a previously unknown vulnerability exploited through Microsoft Word as an entry vector. Customers using Microsoft advanced threat solutions were already protected against this threat. The ..
---------------------------------------------
https://blogs.technet.microsoft.com/mmpc/2017/09/12/exploit-for-cve-2017-8759-detected-and-neutralized/


∗∗∗ Hackers Got Into America’s Power Grid. But Don’t Freak Out. ∗∗∗
---------------------------------------------
Last week cybersecurity firm Symantec released a report on what it calls Dragonfly 2.0—a collection of intrusions into industrial and energy-related organizations worldwide. For the last six years, the Dragonfly intrusions and others have regularly gone deeper into the operational networks that control elements of America’s power grid.
---------------------------------------------
http://fortune.com/2017/09/11/dragonfly-2-0-symantec-hackers-power-grid/


∗∗∗ WordPress’ Poor Handling of Plugin Security Exacerbates Malicious Takeover of Display Widgets ∗∗∗
---------------------------------------------
Recently there has been a fair amount of coverage of popular Chrome extensions being modified to include malicious code after the login credentials used to control them in the Chrome Web Store had been compromised ..
---------------------------------------------
https://www.pluginvulnerabilities.com/2017/09/11/wordpress-poor-handling-of-plugin-security-exacerbates-malicious-takeover-of-display-widgets/


∗∗∗ Adobe stopft Sicherheitslücken in Flash, ColdFusion und RoboHelp ∗∗∗
---------------------------------------------
Auch bei Adobe ist wieder Patchday und der Tradition entsprechend patcht die Firma zu dieser Gelegenheit wieder einmal kritische Lücken im Flash Player. Auch ColdFusion und RoboHelp erhalten Updates.
---------------------------------------------
https://heise.de/-3830067


∗∗∗ Compromised LinkedIn accounts used to send phishing links via private message and InMail ∗∗∗
---------------------------------------------
A recent attack uses existing LinkedIn user accounts to send phishing links to their contacts via private message ..
---------------------------------------------
https://blog.malwarebytes.com/threat-analysis/2017/09/compromised-linkedin-accounts-used-to-send-phishing-links-via-private-message-and-inmail/


∗∗∗ Patchday: Microsoft stopft Staatstrojaner-Schlupfloch ∗∗∗
---------------------------------------------
Lücke in Word und .NET-Framework wurde von FinFisher-Malware ausgenutzt
---------------------------------------------
http://derstandard.at/2000064009454


=====================
=    Advisories     =
=====================
∗∗∗ DSA-3971 tcpdump - security update ∗∗∗
---------------------------------------------
https://www.debian.org/security/2017/dsa-3971


∗∗∗ DSA-3970 emacs24 - security update ∗∗∗
---------------------------------------------
https://www.debian.org/security/2017/dsa-3970


∗∗∗ DSA-3969 xen - security update ∗∗∗
---------------------------------------------
https://www.debian.org/security/2017/dsa-3969


∗∗∗ Local File Disclosure in VLC media player iOS app ∗∗∗
---------------------------------------------
https://www.sec-consult.com/en/blog/advisories/local-file-disclosure-in-vlc-media-player-ios-app/index.html


∗∗∗ Multiple Vulnerabilities in IBM Infosphere Information Server / Datastage ∗∗∗
---------------------------------------------
https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-ibm-infosphere-information-server-datastage/index.html

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily