Daily

daily@lists.cert.at

1 participants
3189 discussions

Tageszusammenfassung - 19.10.2017
by Daily end-of-shift report 19 Oct '17

19 Oct '17

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 18-10-2017 18:00 − Donnerstag 19-10-2017 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ BoundHook Attack Exploits Intel Skylake MPX Feature ∗∗∗ --------------------------------------------- A new attack method takes advantage a feature in Intel’s Skylake microprocessor allowing for post-intrusion application hooking and stealth manipulation of applications. --------------------------------------------- http://threatpost.com/boundhook-attack-exploits-intel-skylake-mpx-feature/1… ∗∗∗ US-CERT study predicts machine learning, transport systems to become security risks ∗∗∗ --------------------------------------------- Youve been warned The Carnegie-Mellon Universitys Software Engineering Institute has nominated transport systems, machine learning, and smart robots as needing better cyber-security risk and threat analysis. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2017/10/19/cert_cc_thr… ∗∗∗ A Look at Locky Ransomware’s Recent Spam Activities ∗∗∗ --------------------------------------------- Ransomware has been one of the most prevalent, prolific, and pervasive threats in the 2017 threat landscape, with financial losses among enterprises and end users now likely to have reached billions of dollars. Locky ransomware, in particular, has come a long way since first emerging in early 2016. Despite the number of times it apparently spent in hiatus, Locky remains a relevant and credible threat given its impact on end users and especially businesses. --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/sDep2mrz5v0/ ∗∗∗ New Attacker Scanning for SSH Private Keys on Websites ∗∗∗ --------------------------------------------- Wordfence is seeing a significant spike in SSH private key scanning activity. We are releasing this advisory to ensure that our customers and the broader WordPress community are aware of this new activity and of the risk of making private SSH keys public, and to explain how to avoid this problem. --------------------------------------------- https://www.wordfence.com/blog/2017/10/ssh-key-website-scans/ ∗∗∗ Baselining Servers to Detect Outliers ∗∗∗ --------------------------------------------- This week I came across an interesting incident response scenario that was more likely a blind hunt. The starting point was the suspicion that a breach may have occurred in one or more of ~500 web servers of a big company on a given date range, even though there was no evidence of leaked data or any other IOC to guide the investigation. To overcome [...] --------------------------------------------- https://isc.sans.edu/diary/rss/22940 ===================== = Vulnerabilities = ===================== ∗∗∗ KRACK Key Reinstall in FT Handshake - PoC ∗∗∗ --------------------------------------------- https://cxsecurity.com/issue/WLB-2017100142 ∗∗∗ Bugtraq: WebKitGTK+ Security Advisory WSA-2017-0008 ∗∗∗ --------------------------------------------- http://www.securityfocus.com/archive/1/541370 ∗∗∗ DFN-CERT-2017-1836: Lucene/Solr: Eine Schwachstelle ermöglicht die Ausführung beliebigen Prorgammcodes ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1836/ ∗∗∗ DFN-CERT-2017-1837: Suricata: Zwei Schwachstellen ermöglichen Denial-of-Service-Angriffe ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1837/ ∗∗∗ DFN-CERT-2017-1846: GitLab: Mehrere Schwachstellen ermöglichen u.a. Cross-Site-Scripting-Angriffe ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1846/ ∗∗∗ Cisco Security Advisories and Alerts ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/publicationListing.x ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ ∗∗∗ Security Advisory – Multiple “BlueBorne” vulnerabilities on Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171018-… ∗∗∗ Security Advisory - App Lock Bypass Vulnerability in Huawei Mobile Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171019-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 18.10.2017
by Daily end-of-shift report 18 Oct '17

18 Oct '17

===================== = End-of-Day report = ===================== Timeframe: Dienstag 17-10-2017 18:00 − Mittwoch 18-10-2017 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ RSA-Sicherheitslücke: Infineon erzeugt Millionen unsicherer Krypto-Schlüssel ∗∗∗ --------------------------------------------- RSA-Schlüssel von Hardware-Kryptomodulen der Firma Infineon lassen sich knacken. Das betrifft unter anderem Debian-Entwickler, Anbieter qualifizierter Signatursysteme, TPM-Chips in Laptops und estnische Personalausweise. --------------------------------------------- https://www.golem.de/news/rsa-sicherheitsluecke-infineon-erzeugt-millionen-… ∗∗∗ Browser security beyond sandboxing ∗∗∗ --------------------------------------------- Security is now a strong differentiator in picking the right browser. We all use browsers for day-to-day activities like staying in touch with loved ones, but also for editing sensitive private and corporate documents, and even managing our financial assets. A single compromise through a web browser can have catastrophic results. It doesn’t help that... --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2017/10/18/browser-security-beyond… ∗∗∗ uBlock Origin ad-blocker knocked for blocking hack attack squawking ∗∗∗ --------------------------------------------- Block all the things! No, wait, not the XSS security alerts Top ad-blocking plugin uBlock Origin has come under fire for being a little too eager in its quest to murder nasty stuff on the internet: it prevents browsers from sounding the alarm on hacking attacks. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2017/10/17/ublock_orig… ∗∗∗ Hancitor malspam uses DDE attack ∗∗∗ --------------------------------------------- Malicious spam (malspam) pushing Hancitor malware (also known as Chanitor or Tordal) changed tactics on Monday 2017-10-16. Instead of pushing Microsoft Word documents with malicious macros, this malspam began pushing Word documents taking advantage of Microsofts Dynamic Data Exchange (DDE) technique. --------------------------------------------- https://isc.sans.edu/diary/22936 ∗∗∗ Klage wegen Urheberrechtsverletzung verbreitet Schadsoftware ∗∗∗ --------------------------------------------- In erfundenen Schreiben behaupten unbekannte Absender/innen, dass Empfänger/innen eine Urheberrechtsverletzung begangen haben und deshalb verklagt werden. Für weiterführende Informationen dazu sollen Adressat/innen eine ZIP-Datei herunterladen. Sie verbirgt Schadsoftware und darf nicht geöffnet werden. --------------------------------------------- https://www.watchlist-internet.at/schadsoftware/klage-wegen-urheberrechtsve… ===================== = Vulnerabilities = ===================== ∗∗∗ HPESBHF03789 rev.2 - Certain HPE Gen9 Systems with HP Trusted Platform Module v2.0 Option, Unauthorized Access to Data ∗∗∗ --------------------------------------------- A potential security vulnerability has been identified in the "HP Trusted Platform Module 2.0 Option" kit. This optional kit is available for HPE Gen9 systems with firmware version 5.51. The vulnerability in TPM firmware 5.51 is that new mathematical methods exist such that RSA keys generated by the TPM 2.0 with firmware 5.51 are cryptographically weakened. This vulnerability could lead to local and remote unauthorized access to data. --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03789en… ∗∗∗ Progea Movicon SCADA/HMI ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-290-01 ∗∗∗ IC3 Issues Alert on IoT Devices ∗∗∗ --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2017/10/17/IC3-Issues-Alert-I… ∗∗∗ Huawei Security Advisories ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories ∗∗∗ IBM Security Bulletin: Vulnerability in Apache Standard Taglibs affects IBM Connections Portlets For WebSphere Portal (CVE-2015-0254) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22006285 ∗∗∗ IBM Security Bulletin: A vulnerability in OpenSSL affects IBM Flex System Manager (FSM) Storage Manager Install Anywhere (SMIA) configuration tool (CVE-2017-3735) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=isg3T1025909 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Sterling Connect:Direct FTP+ ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22009532 ∗∗∗ JSA10826 - 2017-10 Security Bulletin: Junos Space: Multiple vulnerabilities resolved in 17.1R1 release ∗∗∗ --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10826&actp=RSS ∗∗∗ Critical Patch Update - October 2017 ∗∗∗ --------------------------------------------- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html ∗∗∗ Solaris Third Party Bulletin - October 2017 ∗∗∗ --------------------------------------------- http://www.oracle.com/technetwork/topics/security/bulletinoct2017-3958668.h… ∗∗∗ Oracle Linux Bulletin - October 2017 ∗∗∗ --------------------------------------------- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2017-4005… ∗∗∗ Oracle VM Server for x86 Bulletin - October 2017 ∗∗∗ --------------------------------------------- http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2017-400589… ∗∗∗ Multiple vulnerabilities in Linksys E-series products ∗∗∗ --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-… ∗∗∗ Multiple vulnerabilities in Afian AB FileRun ∗∗∗ --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-… ∗∗∗ SSA-523365 (Last Update 2017-10-18): Vulnerability in SIMATIC PCS 7 ∗∗∗ --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-523365… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 17.10.2017
by Daily end-of-shift report 17 Oct '17

17 Oct '17

===================== = End-of-Day report = ===================== Timeframe: Montag 16-10-2017 18:00 − Dienstag 17-10-2017 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Heres a Video of the Latest ATM Malware Sold on the Dark Web ∗∗∗ --------------------------------------------- A hacker or hacker group is selling a strain of ATM malware that can make ATMs spit out cash just by connecting to its USB port and running the malware. --------------------------------------------- https://www.bleepingcomputer.com/news/security/heres-a-video-of-the-latest-… ∗∗∗ Lenovo Quietly Patches Massive Bug Impacting Its Android Tablets and Zuk, Vibe Phones ∗∗∗ --------------------------------------------- Lenovo customers are being told to update their Android tablets and handsets to protect themselves against a handful of critical vulnerabilities impacting tens of millions of vulnerable Lenovo devices. --------------------------------------------- http://threatpost.com/lenovo-quietly-patches-massive-bug-impacting-its-andr… ∗∗∗ Estonia releases update on Digital ID card vulnerability ∗∗∗ --------------------------------------------- The Estonia government issued an update on a vulnerability potentially affecting digital use of ID cards issued since October 2014. --------------------------------------------- https://www.scmagazineuk.com/estonia-releases-update-on-digital-id-card-vul… ∗∗∗ Microsoft responded quietly after detecting secret database hack in 2013 ∗∗∗ --------------------------------------------- (Reuters) - Microsoft Corp’s secret internal database for tracking bugs in its own software was broken into by a highly sophisticated hacking group more than four years ago, according to five former employees, in only the second known breach of such a corporate database. --------------------------------------------- https://www.reuters.com/article/us-microsoft-cyber-insight/microsoft-respon… ∗∗∗ KRACK: Hersteller-Updates und Stellungnahmen ∗∗∗ --------------------------------------------- Mittlerweile haben einige von der WPA2-Lücke KRACK betroffene Hersteller Patches veröffentlicht, die die Gefahr abwehren. Andere meldeten sich in Stellungnahmen zu Wort. --------------------------------------------- https://heise.de/-3863455 ===================== = Vulnerabilities = ===================== ∗∗∗ Security Advisory 2017-05: Security Update for OTRS Business Solution™ ∗∗∗ --------------------------------------------- October 17, 2017 — Please read carefully and check if the version of your OTRS system is affected by this vulnerability. --------------------------------------------- https://www.otrs.com/security-advisory-2017-05-security-update-otrs-busines… ∗∗∗ BSRT-2017-006 Vulnerabilities in Workspaces Server components impact BlackBerry Workspaces ∗∗∗ --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ VU#307015: Infineon RSA library does not properly generate RSA key pairs ∗∗∗ --------------------------------------------- http://www.kb.cert.org/vuls/id/307015 ∗∗∗ VU#228519: Wi-Fi Protected Access II (WPA2) handshake traffic can be manipulated to induce nonce and session key reuse ∗∗∗ --------------------------------------------- http://www.kb.cert.org/vuls/id/228519 ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ ∗∗∗ Cross site scripting in Webtrekk Pixel ∗∗∗ --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/cross-site-scripting-in-webt… ∗∗∗ EMC NetWorker Buffer Overflow in nsrd Lets Remote Users Execute Arbitrary Code ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1039583 ∗∗∗ Java vulnerability CVE-2017-10053 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K28418435 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 16.10.2017
by Daily end-of-shift report 16 Oct '17

16 Oct '17

===================== = End-of-Day report = ===================== Timeframe: Freitag 13-10-2017 18:00 − Montag 16-10-2017 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ TPM Chipsets Generate Insecure RSA Keys. Multiple Vendors Affected ∗∗∗ --------------------------------------------- Infineon TPM chipsets that come with many modern-day motherboards generate insecure RSA encryption keys that put devices at risk of attack. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/tpm-chipsets-generate-insecu… ∗∗∗ List of Firmware & Driver Updates for KRACK WPA2 Vulnerability ∗∗∗ --------------------------------------------- This article will contain an udpated list of firmware and driver updates that resolve the Krack WPA2 vulnerability. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/list-of-firmware-and-driver-… ∗∗∗ Es steht KRACK auf dem Speiseplan! ∗∗∗ --------------------------------------------- [...] heute wurden Details zu den sogenannten "Key Reinstallation Attacks", kurz "KRACK", veröffentlicht (technisches Paper / Webseite). Kurz zusammengefasst stellen diese Schwachstellen die ersten [...] --------------------------------------------- http://www.cert.at/services/blog/20171016132413-2092.html ∗∗∗ Auto: Subaru-Funkschlüssel lässt sich einfach klonen ∗∗∗ --------------------------------------------- Autoschlüssel mit Funkverbindung sind ein beliebtes Ziel für Sicherheitsforscher - und oft eher Opfer als Gegner. Aktuell ist Subaru betroffen, zahlreiche Fahrzeuge des Herstellers sind für einen Angriff verwundbar. Das Unternehmen hat bislang nicht reagiert. --------------------------------------------- https://www.golem.de/news/auto-subaru-funkschluessel-laesst-sich-einfach-kl… ∗∗∗ Ukraine Police Warns of New NotPetya-Style Large Scale CyberAttack ∗∗∗ --------------------------------------------- Remember NotPetya? The Ransomware that shut down thousands of businesses, organisations and banks in Ukraine as well as different parts of Europe in June this year. Now, Ukrainian government authorities are once again warning its citizens to brace themselves for next wave of "large-scale" NotPetya-like cyber attack. According to a press release published Thursday by the Secret Service of [...] --------------------------------------------- https://thehackernews.com/2017/10/ukraine-notpetya-cyberattack.html ∗∗∗ How Power Grid Hacks Work, and When You Should Panic ∗∗∗ --------------------------------------------- After months of reports of energy grid breaches, time to distinguish the elite intrusions from just another spearphishing attack. --------------------------------------------- https://www.wired.com/story/hacking-a-power-grid-in-three-not-so-easy-steps ∗∗∗ Erneut Malware-Angriff auf Kreditkartendaten bei Hyatt ∗∗∗ --------------------------------------------- Wieder ist es Angreifern gelungen, Software in die IT-Systeme der Hotelkette Hyatt einzuschleusen, die Kreditkartendaten der Kunden abgriff. Das sei nun aber behoben, versichert das Unternehmen, das 2015 ähnlich angegriffen wurde. --------------------------------------------- https://heise.de/-3862121 ∗∗∗ Bank Austria überprüft keine Identität mit Probe-SMS ∗∗∗ --------------------------------------------- In einer gefälschten Bank Austria-Nachricht behaupten Kriminelle, dass Kund/innen ihre Identität mit einer Probe-SMS überprüfen lassen müssen. Dafür ist es notwendig, dass sie auf einer Website ihre Verfügernummer, ihr Passwort und ihre Telefonnummer bekannt geben. Es folgt ein Anruf der Täter/innen, mit dem sie die Bekanntgabe eines TAN-Codes fordern. Der TAN-Code ermöglicht es ihnen, das Geld ihrer Opfer zu stehlen. --------------------------------------------- https://www.watchlist-internet.at/phishing/bank-austria-ueberprueft-keine-i… ===================== = Vulnerabilities = ===================== ∗∗∗ Kritische Sicherheitslücke in Adobe Flash Player - aktiv ausgenützt - Patches verfügbar ∗∗∗ --------------------------------------------- Adobe hat bekanntgegeben, dass es aktuell eine kritische Sicherheitslücke in Adobe Flash Player gibt, die auch bereits aktiv ausgenützt wird. CVE-Nummer: CVE-2017-11292 Entsprechend fehlerbereinigte Versionen sind verfügbar. Auswirkungen Durch Ausnützen dieser Lücke kann ein Angreifer laut Adobe beliebigen Code auf betroffenen Systemen [...] --------------------------------------------- https://www.cert.at/warnings/all/20171016.html ∗∗∗ Bugtraq: [RCESEC-2017-002][CVE-2017-14956] AlienVault USM v5.4.2 "/ossim/report/wizard_email.php" Cross-Site Request Forgery leading to Sensitive Information Disclosure ∗∗∗ --------------------------------------------- http://www.securityfocus.com/archive/1/541342 ∗∗∗ Vuln: Atlassian Bamboo CVE-2017-9514 Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/101269 ∗∗∗ Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ DFN-CERT-2017-1814/: Jenkins: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1814/ ∗∗∗ Multiple vulnerabilities in OpenText Documentum Content Server ∗∗∗ --------------------------------------------- http://www.securityfocus.com/archive/1/541333 ∗∗∗ FortiWLC XSS injection via crafted HTTP POST request ∗∗∗ --------------------------------------------- http://fortiguard.com/psirt/FG-IR-17-106 ∗∗∗ FortiMail reflected XSS vulnerability under customized webmail login page ∗∗∗ --------------------------------------------- http://fortiguard.com/psirt/FG-IR-17-099 ∗∗∗ FortiWLC file management OS Command Injection vulnerability ∗∗∗ --------------------------------------------- http://fortiguard.com/psirt/FG-IR-17-119 ∗∗∗ Security Advisory - FRP Bypass Vulnerability in Huawei Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171013-… ∗∗∗ IBM Security Bulletin: IBM Cognos Business Intelligence Server 2017Q3 Security Updater : IBM Cognos Business Intelligence Server is affected by multiple vulnerabilities. ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22009259 ∗∗∗ Multiple vulnerabilities in Micro Focus VisiBroker C++ ∗∗∗ --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-… ∗∗∗ OpenSSL vulnerability CVE-2017-3735 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K21462542 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 13.10.2017
by Daily end-of-shift report 13 Oct '17

13 Oct '17

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 12-10-2017 18:00 − Freitag 13-10-2017 18:00 Handler: Olaf Schwarz Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Android DoubleLocker Ransomware Activates Every Time You Hit Home Button ∗∗∗ --------------------------------------------- A new ransomware targeting Android devices has been spotted in the wild. Codenamed DoubleLocker, the ransomware abuses Androids Accessibility service and reactivates itself every time the user presses the phones Home button. --------------------------------------------- https://www.bleepingcomputer.com/news/security/android-doublelocker-ransomw… ∗∗∗ Fehler in WSUS-Update: Windows-Clients booten nicht mehr ∗∗∗ --------------------------------------------- Fehlerhafte Update-Pakete für Windows 10 und Windows Server 2016, die Microsoft am letzten Patchday veröffentlicht hat, legten in den vergangenen Tagen Rechner in Unternehmensnetzwerken lahm. Betroffen waren nur Umgebungen mit WSUS und SCCM. --------------------------------------------- https://www.heise.de/newsticker/meldung/Fehler-in-WSUS-Update-Windows-Clien… ∗∗∗ Bug auf T-Mobile-Website ermöglichte den Abruf vertraulicher Kundendaten ∗∗∗ --------------------------------------------- In der Website t-mobile.com klaffte ein Sicherheitsleck, das die Abfrage von Kundendatensätzen durch potenzielle Angreifer erlaubte. --------------------------------------------- https://heise.de/-3860676 ∗∗∗ Malvertising on Equifax, TransUnion tied to third party script ∗∗∗ --------------------------------------------- Equifaxs website is once again infected, this time with malvertising that redirects to a fake Flash player. Further investigation reveals TransUnion was also targeted. --------------------------------------------- https://blog.malwarebytes.com/threat-analysis/2017/10/equifax-transunion-we… ===================== = Vulnerabilities = ===================== ∗∗∗ Critical Patch Update - October 2017 ∗∗∗ --------------------------------------------- Critical Patch Update - October 2017 - Pre-Release Announcement --------------------------------------------- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html ∗∗∗ ProMinent MultiFLEX M10a Controller ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-285-01 ∗∗∗ WECON Technology Co., Ltd. LeviStudio HMI Editor ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-285-02 ∗∗∗ Envitech Ltd. EnviDAS Ultimate ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-285-03 ∗∗∗ NXP Semiconductors MQX RTOS ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-285-04 ∗∗∗ Siemens BACnet Field Panels ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-285-05 ∗∗∗ DFN-CERT-2017-1812/">Xen: Mehrere Schwachstelle ermöglichen u.a. das Eskalieren von Privilegien ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1812/ ∗∗∗ IBM Security Bulletin: Vulnerabilities in IBM Java SDK affecting IBM Application Delivery Intelligence v1.0.1, v1.0.1.1, v1.0.2, v5.0.2 and v5.0.2.1. (CVE-2017-10115 and CVE-2017-10116) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22009234 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Installation Manager and IBM Packaging Utility ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22009543 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Rational Application Developer for WebSphere Software ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22008951 ∗∗∗ IBM Security Bulletin: IBM Notes is affected by Open Source XStream Vulnerabilities ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22004066 ∗∗∗ Java SE vulnerability CVE-2017-10115 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K91024405 ∗∗∗ Java SE vulnerability CVE-2017-10108 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K52342540 ∗∗∗ Vulnerability in windows antivirus products (IK-SA-2017-0001) ∗∗∗ --------------------------------------------- http://www.ikarussecurity.com/about-ikarus/security-blog/vulnerability-in-w… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 12.10.2017
by Daily end-of-shift report 12 Oct '17

12 Oct '17

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 11-10-2017 18:00 − Donnerstag 12-10-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Over The Air - Vol. 2, Pt. 3: Exploiting The Wi-Fi Stack on Apple Devices ∗∗∗ --------------------------------------------- Posted by Gal Beniamini, Project ZeroIn this blog post we’ll complete our goal of achieving remote kernel code execution on the iPhone 7, by means of Wi-Fi communication alone.After developing a Wi-Fi firmware exploit in the previous blog post, we are left with the task of using our newly acquired access to gain control over the XNU kernel. To this end, we’ll begin by investigating the isolation mechanisms present on the iPhone. Next, we’ll explore the ways in which the host --------------------------------------------- http://googleprojectzero.blogspot.com/2017/10/over-air-vol-2-pt-3-exploitin… ∗∗∗ Kritische Sicherheitslücke in Thunderbird 52.4 geschlossen ∗∗∗ --------------------------------------------- Die Entwickler von Thunderbird haben sich in der aktuellen Version um mehrere Schwachstellen gekümmert. Wer die neue Version nicht installiert, könnte sich unter Umständen Schadcode einfangen. --------------------------------------------- https://heise.de/-3858847 ∗∗∗ Bankingtrojaner Retefe für macOS in deutscher Sprache ∗∗∗ --------------------------------------------- Eine neue Version vom Retefe-Schädling tarnt sich unter anderem als OS-X-Update und wird derzeit etwa über gefälschte DHL-Mails verteilt. Auch Windows-Nutzer sind gefährdet. --------------------------------------------- https://heise.de/-3859911 ∗∗∗ Hacker stahlen sensible Daten der australischen Rüstungsindustrie ∗∗∗ --------------------------------------------- Rüstungsminister Pyne sieht keine Gefahr für das Militär --------------------------------------------- http://derstandard.at/2000065885898 ∗∗∗ Kritische Lücke in Microsoft Office ermöglicht Remote Code Execution ∗∗∗ --------------------------------------------- Researcher haben eine schwerwiegende Sicherheitslücke in Microsoft Office entdeckt. Beschreibung: Wenn ein Benutzer eine speziell präparierte Datei im Microsoft Excel-Format oder Microsoft Word-Format öffnet, kann in Folge ein Angreifer beliebigen Code, mit den Rechten des angemeldeten Benutzers, auf dem System ausführen. --------------------------------------------- http://www.cert.at/warnings/all/20171011.html ===================== = Vulnerabilities = ===================== ∗∗∗ DSA-3997 wordpress - security update ∗∗∗ --------------------------------------------- Several vulnerabilities were discovered in Wordpress, a web blogging tool.They would allow remote attackers to exploit path-traversal issues, perform SQLinjections and various cross-site scripting attacks. --------------------------------------------- https://www.debian.org/security/2017/dsa-3997 ∗∗∗ DSA-3998 nss - security update ∗∗∗ --------------------------------------------- Martin Thomson discovered that nss, the Mozilla Network Security Servicelibrary, is prone to a use-after-free vulnerability in the TLS 1.2implementation when handshake hashes are generated. A remote attackercan take advantage of this flaw to cause an application using the nsslibrary to crash, resulting in a denial of service, or potentially toexecute arbitrary code. --------------------------------------------- https://www.debian.org/security/2017/dsa-3998 ∗∗∗ JSA10809 - 2017-10 Security Bulletin: SRX Series: Cryptographic weakness in SRX300 Series TPM Firmware (CVE-2017-10606) ∗∗∗ --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10809&actp=RSS ∗∗∗ JSA10810 - 2017-10 Security Bulletin: Junos: rpd core due to receipt of specially crafted BGP packet (CVE-2017-10607) ∗∗∗ --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10810&actp=RSS ∗∗∗ JSA10817 - 2017-10 Security Bulletin: Junos OS: Denial of service vulnerabilities in telnetd (CVE-2017-10614, CVE-2017-10621) ∗∗∗ --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10817&actp=RSS ∗∗∗ JSA10819 - 2017-10 Security Bulletin: Contrail: hard coded credentials (CVE-2017-10616) and XML External Entity (XXE) vulnerability (CVE-2017-10617) ∗∗∗ --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10819&actp=RSS ∗∗∗ Java SE vulnerability CVE-2017-10078 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K41815723 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 11.10.2017
by Daily end-of-shift report 11 Oct '17

11 Oct '17

===================== = End-of-Day report = ===================== Timeframe: Dienstag 10-10-2017 18:00 − Mittwoch 11-10-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Antivirus: Symantec will keine Code-Reviews durch Regierungen mehr ∗∗∗ --------------------------------------------- Aus Angst vor Spionage will die Sicherheitsfirma Symantec nach Angaben ihres CEO keine Regierungen mehr in den eigenen Code schauen lassen. Anlass war offenbar eine Anfrage der russischen Regierung. --------------------------------------------- https://www.golem.de/news/antivirus-symantec-will-keine-code-reviews-durch-… ∗∗∗ Internal Accenture Data, Customer Information Exposed in Public Amazon S3 Bucket ∗∗∗ --------------------------------------------- Global consulting firm Accenture is the latest giant organization leaving sensitive internal and customer data exposed in a publicly available Amazon Web Services S3 storage bucket. --------------------------------------------- http://threatpost.com/internal-accenture-data-customer-information-exposed-… ∗∗∗ October 2017 security update release ∗∗∗ --------------------------------------------- Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend .. --------------------------------------------- https://blogs.technet.microsoft.com/msrc/2017/10/10/october-2017-security-u… ∗∗∗ Credit Card Stealer Investigation Uncovers Malware Ring ∗∗∗ --------------------------------------------- During a recent investigation, I found a new piece of malicious code being used to steal credit card information from compromised Magento sites. What I didn’t know was how many domains would be uncovered as part of the malware campaign. Each of the malicious domain names was specifically chosen to appear as legitimate as possible to the website .. --------------------------------------------- https://blog.sucuri.net/2017/10/credit-card-stealer-investigation-uncovers-… ∗∗∗ iOS: So einfach lassen sich Passwörter von Apple-Nutzern stehlen ∗∗∗ --------------------------------------------- Softwareentwickler zeigt, wie leicht täuschend echt aussehende Passwort-Anfragen erstellt werden können --------------------------------------------- http://derstandard.at/2000065785641 ∗∗∗ BSI warnt nicht vor Kaspersky-Produkten ∗∗∗ --------------------------------------------- Russische Hacker sollen Virenscanner der russischen Firma genutzt haben --------------------------------------------- http://derstandard.at/2000065833977 ∗∗∗ October 2017 Office Update Release ∗∗∗ --------------------------------------------- The October 2017 Public Update releases for Office are now available! This month, there are 26 security updates and 27 non-security updates. All of the security and non-security updates are listed in .. --------------------------------------------- https://blogs.technet.microsoft.com/office_sustained_engineering/2017/10/10… ===================== = Vulnerabilities = ===================== ∗∗∗ LAVA Computer MFG Inc. Ether-Serial Link ∗∗∗ --------------------------------------------- This advisory contains mitigation details for an authentication bypass by spoofing vulnerability in the LAVA Ether-Serial Links firmware. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-283-01 ∗∗∗ JanTek JTC-200 ∗∗∗ --------------------------------------------- This advisory contains mitigation details for cross-site request forgery and improper authentication vulnerabilities in JanTeks JTC-200 TCP/IP converter. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-283-02 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 10.10.2017
by Daily end-of-shift report 10 Oct '17

10 Oct '17

===================== = End-of-Day report = ===================== Timeframe: Montag 09-10-2017 18:00 − Dienstag 10-10-2017 18:00 Handler: Alexander Riepl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ ATMii Malware Makes Windows 7 and Windows Vista ATMs Spit Out Cash ∗∗∗ --------------------------------------------- Security researchers have discovered a new ATM malware strain named ATMii that targets only ATMs running on Windows 7 and Windows Vista. --------------------------------------------- https://www.bleepingcomputer.com/news/security/atmii-malware-makes-windows-… ∗∗∗ Changes in Password Best Practices ∗∗∗ --------------------------------------------- NIST recently published their four-volume SP800-63-3 Digital Identity Guidelines. Among other things, they make three important suggestions when it comes to passwords:Stop it with the annoying password complexity rules. They make passwords harder to remember. They increase errors because artificially complex passwords are harder to type in. And they dont help that much. Its better to allow people to use pass phrases.Stop it with password expiration. That was an old idea for an old way we used [...] --------------------------------------------- https://www.schneier.com/blog/archives/2017/10/changes_in_pass.html ∗∗∗ The Absurdly Underestimated Dangers of CSV Injection ∗∗∗ --------------------------------------------- In some ways this is old news, but in other ways…well, I think few realize how absolutely devastating and omnipresent this vulnerability can be. It is an attack vector available in every application I’ve ever seen that takes user input and allows administrators to bulk export to CSV. --------------------------------------------- http://georgemauer.net/2017/10/07/csv-injection.html ∗∗∗ Financial Times bekämpft Werbebetrug ∗∗∗ --------------------------------------------- Millionenverluste durch Domain-Spoofing: Werbenetzwerke verkauften Videowerbung für Leser der Financial Times, die aber tatsächlich auf anderen Websites ausgespielt wurde. --------------------------------------------- https://www.heise.de/newsticker/meldung/Financial-Times-bekaempft-Werbebetr… ∗∗∗ Google-Analyse: Microsoft patcht Windows 7/8 teilweise nicht ∗∗∗ --------------------------------------------- Forscher von Google haben nachgewiesen, dass Microsoft Sicherheitslücken in Windows 10 behoben hat, die gleichen Lücken in Windows 7 und 8 jedoch offen ließ. Patches kamen erst, als die Veröffentlichung durch Project Zero drohte. --------------------------------------------- https://heise.de/-3852695 ∗∗∗ Über 37.000 Chrome-Nutzer installierten gefälschte Adblock-Plus-Extension ∗∗∗ --------------------------------------------- Die Browser-Erweiterung Adblock Plus soll vor Werbung und Schadcode schützen. Eine kürzlich aus dem Chrome Web Store entfernte Extension gleichen Namens führte das genaue Gegenteil im Schilde. Im Zweifel ist eine Neuinstallation ratsam. --------------------------------------------- https://heise.de/-3854625 ∗∗∗ Sicherheits-App der Erste Bank ist Schadsoftware ∗∗∗ --------------------------------------------- Kriminelle versenden eine gefälschte Erste Bank und Sparkasse-Nachricht. Darin behaupten sie, dass das Konto von Kund/innen eingeschränkt worden sei und sie zur weiteren Benutzung eine Sicherheits-App installieren müssen. Die angebliche Sicherheits-App ist Schadsoftware. Wer sie isntalliert, ermöglicht Kriminellen Zugriff auf das eigene Konto. --------------------------------------------- https://www.watchlist-internet.at/schadsoftware/sicherheits-app-der-erste-b… ===================== = Vulnerabilities = ===================== ∗∗∗ SAP Security Patch Day – October 2017 ∗∗∗ --------------------------------------------- This post by SAP Product Security Response Team shares information on Patch Day Security Notes* that are released on second Tuesday of every month and fix vulnerabilities discovered in SAP products. SAP strongly recommends that [...] --------------------------------------------- https://blogs.sap.com/2017/10/10/sap-security-patch-day-october-2017/ ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Host On-Demand ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22009289 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect (formerly Tivoli Storage Manager) Operations Center and Client Management Services (CVE-2017-10115, CVE-2017-10116) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22009293 ∗∗∗ IBM Security Bulletin: WebSphere Application Server Edge Caching Proxy may be vulnerable to HTTP response splitting (CVE-2017-1503) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22006815 ∗∗∗ IBM Security Bulletin: Open Source Apache Cordova Android Vulnerabilities affect IBM Worklight and IBM MobileFirst Platform Foundation ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg2C1000350 ∗∗∗ IBM Security Bulletin:IBM Integration Bus is affected by deserialization RCE vulnerability in IBM WebSphere JMS Client ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22008829 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 09.10.2017
by Daily end-of-shift report 09 Oct '17

09 Oct '17

===================== = End-of-Day report = ===================== Timeframe: Freitag 06-10-2017 18:00 − Montag 09-10-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Sicherheitssoftware: Schlangenöl oder notwendiges Übel? ∗∗∗ --------------------------------------------- Als Schlangenöl wurden in Zeiten des Wilden Westens vorwiegend medizinische Produkte und Hilfsmittel bezeichnet, deren Wirkung wenig bis keinen Ursprung in den darin verwendeten Zutaten hatte oder schlicht nicht existent war. Der Begriff wird mittlerweile auch im Software-Kontext für Produkte verwendet, die mehr versprechen, als sie halten können. Besonders .. --------------------------------------------- https://www.dfn-cert.de/aktuell/sicherheitssoftware-schlangenoel.html ∗∗∗ Foren-Tool Disqus gehackt: 17,5 Millionen User betroffen ∗∗∗ --------------------------------------------- Der Vorfall, bei dem Usernamen und Passwörter abgegriffen wurden, ereignete sich bereits vor fünf Jahren. Disqus will bis jetzt nichts davon gewusst haben. --------------------------------------------- https://futurezone.at/digital-life/foren-tool-disqus-gehackt-17-5-millionen… ∗∗∗ Passwortmanager im Vergleich: Das letzte Passwort, das du dir jemals merken musst ∗∗∗ --------------------------------------------- Menschen scheinen nicht dafür gemacht, sich sehr viele komplizierte Passwörter zu merken. Abhilfe schaffen Passwortmanager. Wir haben die Lösungen von Keepass, Lastpass, 1Password und Dashlane verglichen - und bei allen Stärken gefunden. --------------------------------------------- https://www.golem.de/news/passwortmanager-im-vergleich-das-letzte-passwort-… ∗∗∗ After selling his site for millions, founder hacked it for a second payday ∗∗∗ --------------------------------------------- Rigzone founder sentenced for data duplication scheme "Operation Resume Hoard" was going well. Initiated around April 1, 2015, it represented David W. Kents plan to build the membership of his oil and gas industry .. --------------------------------------------- www.theregister.co.uk/2017/10/07/after_selling_site_for_millions_founder_ha… ∗∗∗ Dnsmasq: A Reality Check and Remediation Practices ∗∗∗ --------------------------------------------- Dnsmasq is the de-facto tool for meeting the DNS/DHCP requirements of small servers and embedded devices. Recently, Google Security researchers identified seven vulnerabilities that can allow a remote attacker to execute code on, leak information from, or crash a device running a Dnsmasq version earlier than 2.78, if configured .. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/dnsmasq-reality-… ∗∗∗ John Kellys Hacked Phone Could Be a Major National Security Issue ∗∗∗ --------------------------------------------- When the former head of the Department of Homeland Security and current White House Chief of Staffs personal smartphone gets hacked, nothing good can happen. --------------------------------------------- https://www.wired.com/story/john-kelly-hacked-phone ∗∗∗ TLS 1.3: Security-Devices verhindern die Einführung ∗∗∗ --------------------------------------------- Alle Security-Experten sind sich einig, dass der Standard TLS 1.3 ein deutlicher Schritt zu mehr Sicherheit im Internet wäre. Doch ausgerechnet Security-Devices, die Verschlüsselung aufbrechen, verhindern die Einführung auf nicht absehbare Zeit. --------------------------------------------- https://heise.de/-3852819 ∗∗∗ Testing Security Keys ∗∗∗ --------------------------------------------- http://www.imperialviolet.org/2017/10/08/securitykeytest.html ===================== = Vulnerabilities = ===================== ∗∗∗ DSA-3993 tor - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2017/dsa-3993 ∗∗∗ DSA-3994 nautilus - security update ∗∗∗ --------------------------------------------- https://www.debian.org/security/2017/dsa-3994 ∗∗∗ Symantec Endpoint Encryption / Symantec Encryption Desktop DoS ∗∗∗ --------------------------------------------- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=se… ∗∗∗ HPESBHF03777 rev.2 - HPE Intelligent Management Center (iMC) PLAT, Remote Denial of Service ∗∗∗ --------------------------------------------- https://h20565.www2.hpe.com/portal/site/hpsc/template.PAGE/action.process/p… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 06.10.2017
by Daily end-of-shift report 06 Oct '17

06 Oct '17

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 05-10-2017 18:00 − Freitag 06-10-2017 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Hackers Hijack Ongoing Email Conversations to Insert Malicious Documents ∗∗∗ --------------------------------------------- A group of hackers is using a sophisticated technique of hijacking ongoing email conversations to insert malicious documents that appear to be coming from a legitimate source and infect other targets participating in the same conversational thread. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/hackers-hijack-ongoing-email… ∗∗∗ IT-Sicherheit: Für das FBI Botnetze ausschalten ∗∗∗ --------------------------------------------- Der deutsche IT-Sicherheitsforscher Tillmann Werner hat der US-Behörde FBI geholfen, einen gefährlichen Hacker zu jagen. --------------------------------------------- https://www.golem.de/news/it-sicherheit-fuer-das-fbi-botnetze-ausschalten-1… ∗∗∗ Geheimdienste: Wenn Hacker Hacker hacken, scheitert die Attribution ∗∗∗ --------------------------------------------- Einen Hack bis zu seinem Ursprung zurückzuverfolgen, gilt im IT-Sicherheitsbereich als schwieriges Geschäft. Neue Forschungen von Kaspersky zeigen, dass die Situation noch verfahrener ist, als bislang angenommen. --------------------------------------------- https://www.golem.de/news/geheimdienste-wenn-hacker-hacker-hacken-scheitert… ∗∗∗ Whats in a cable? The dangers of unauthorized cables, (Fri, Oct 6th) ∗∗∗ --------------------------------------------- As data speeds have increased over the last few years, and interface ports have become more and more multi-functioning and integrated, cables have started to pose a very particular and real danger. So far, they often have been ignored and considered "dumb wires". But far from that, many cables these days hold logic chips of their own and in some cases even upgradable (replaceable) firmware. --------------------------------------------- https://isc.sans.edu/diary/rss/22904 ∗∗∗ Dumb bug of the week: Apples macOS reveals your encrypted drives password in the hint box ∗∗∗ --------------------------------------------- High Sierra update derided by devs as half-baked | Apple on Thursday released a security patch for macOS High Sierra 10.13 to address vulnerabilities in Apple File System (APFS) volumes and its Keychain software. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2017/10/05/apple_patch… ∗∗∗ Wenn Facebook-Freund/innen nach Geld fragen ∗∗∗ --------------------------------------------- Nachdem Facebook-Konten erfolgreich gehackt wurden, versuchen Betrüger daraus Kapital zu schlagen. Aus diesem Grund schreiben sie Kontakte an und erfinden Geschichten, um an schnelles Geld zu kommen. Um kein Opfer dieser Masche zu werden, sollte den Inhalten nicht leichtfertig geglaubt werden. --------------------------------------------- https://www.watchlist-internet.at/facebook-betrug/wenn-facebook-freundinnen… ∗∗∗ Cyber-Sicherheit am Arbeitsplatz: Persönliche Daten im Internet schützen ∗∗∗ --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2017/ECSM_BSI_06… ===================== = Vulnerabilities = ===================== ∗∗∗ GE CIMPLICITY ∗∗∗ --------------------------------------------- This advisory contains mitigation details for a stack-based buffer overflow vulnerability in GEs CIMPLICITY. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-278-01 ∗∗∗ ZDI-17-838: (0Day) Microsoft Windows WAV File Uninitialized Pointer Denial of Service Vulnerability ∗∗∗ --------------------------------------------- This vulnerability allows remote attackers to cause a denial-of-service condition on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-17-838/ ∗∗∗ DFN-CERT-2017-1757: Ruby: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1757/ ∗∗∗ HPESBHF03786 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution ∗∗∗ --------------------------------------------- https://h20565.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=e… ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in the IBM SDK Java Technology Edition affect IBM Notes ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22009253 ∗∗∗ IBM Security Bulletin: Multiple DB2 vulnerabilities affect IBM Spectrum Protect (formerly Tivoli Storage Manger) Server (CVE-2017-1105, CVE-2017-1297) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22009194 ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in Open Source zlib affect IBM Netezza SQL Extensions ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22001212 ∗∗∗ Linux kernel vulnerability CVE-2017-14106 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K62178133 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily