[CERT-daily] Tageszusammenfassung - 16.10.2018

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 15-10-2018 18:00 − Dienstag 16-10-2018 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a

=====================
=       News        =
=====================


∗∗∗ pEp-Foundation hat Sicherheitslücke in Enigmail/pEp geschlossen ∗∗∗
---------------------------------------------
Die pEp-Foundation hat eine Sicherheitslücke gestopft: Das Add-on Enigmail unter Windows hatte vorgeblich verschlüsselte Mails im Klartext verschickt.
---------------------------------------------
http://heise.de/-4191426


∗∗∗ Android 9 Pie: Google knüpft Backup-Verschlüsselung an gerätespezifische Passcodes ∗∗∗
---------------------------------------------
Der Zugriff auf Anwendungsdaten in Androids Cloud-Backups erfordert künftig einen Entschlüsselungskey, den selbst Google nicht kennt.
---------------------------------------------
http://heise.de/-4191017


∗∗∗ Old dog, new tricks - Analysing new RTF-based campaign distributing Agent Tesla, Loki with PyREbox ∗∗∗
---------------------------------------------
Cisco Talos has discovered a new malware campaign that drops the sophisticated information-stealing trojan called "Agent Tesla," and other malware such as the Loki information stealer. Initially, Talos telemetry systems detected a ..
---------------------------------------------
https://blog.talosintelligence.com/2018/10/old-dog-new-tricks-analysing-new-rtf_15.html


∗∗∗ Phishers are after something unusual in ploy targeting book publishers ∗∗∗
---------------------------------------------
In a new twist on the theme, the scammers have their sights set on book manuscripts, among other ..
---------------------------------------------
http://feedproxy.google.com/~r/eset/blog/~3/lABhPeu59as/


∗∗∗ Fake-Shop-Alarm auf macbooks-billiger.de ∗∗∗
---------------------------------------------
Auf macbooks-billiger.de werden Apple-Produkte, wie MacBooks, iPhones, Apple Watches und iPads zu konkurrenzlos günstigen Preisen angeboten. Wie das geht, fragen Sie? Die Antwort lautet „Betrug!“. Sie ..
---------------------------------------------
https://www.watchlist-internet.at/index.php?id=71&tx_news_pi1[news]=3169&tx_news_pi1[controller]=News&tx_news_pi1[action]=detail&cHash=5cd2c26d0640a48ea4cf4488b0199b74


∗∗∗ Removing Old Versions of TLS ∗∗∗
---------------------------------------------
In March of 2020, Firefox will disable support for TLS 1.0 and TLS 1.1. On the Internet, 20 years is an eternity. TLS 1.0 will be 20 years old in January 2019. In that time, TLS has protected ..
---------------------------------------------
https://blog.mozilla.org/security/2018/10/15/removing-old-versions-of-tls/


=====================
=  Vulnerabilities  =
=====================


∗∗∗ DSA-4319 spice - security update ∗∗∗
---------------------------------------------
https://www.debian.org/security/2018/dsa-4319


∗∗∗ DSA-4318 moin - security update ∗∗∗
---------------------------------------------
https://www.debian.org/security/2018/dsa-4318

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily