===================== = End-of-Day report = =====================
Timeframe: Donnerstag 22-03-2018 18:00 − Freitag 23-03-2018 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl
===================== = News = =====================
∗∗∗ Wichtige Updates sichern GitLab ab ∗∗∗ --------------------------------------------- Wer Software-Projekte über GitLab verwaltet, sollte zügig die aktuellen Sicherheitspatches installieren. Sonst könnten Angreifer eventuell Schadcode ausführen. --------------------------------------------- https://www.heise.de/meldung/Wichtige-Updates-sichern-GitLab-ab-4002151.html
∗∗∗ Atlanta: Kryptotrojaner trifft Stadtverwaltung ∗∗∗ --------------------------------------------- Die US-Metropole Atlanta wurde von einem Kryptotrojaner getroffen, der Teile des Computernetzes der Stadtregierung lahmgelegt hat. Derzeit versuchen das FBI und das Heimatschutzministerium, das Problem zu beheben. --------------------------------------------- https://www.heise.de/meldung/Atlanta-Kryptotrojaner-trifft-Stadtverwaltung-4...
===================== = Vulnerabilities = =====================
∗∗∗ Siemens SIMATIC WinCC OA UI Mobile App ∗∗∗ --------------------------------------------- This advisory includes mitigations for an improper access control vulnerability in the Siemens WinCC OA UI mobile app for Android and IOS. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-081-01
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Financial Transaction Manager for Corporate Payment Services for Multiplatforms ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014820
∗∗∗ IBM Security Bulletin: There are potential Cross Site Scripting (XSS) vulnerabilities in the Duplicate Detect component in Financial Transaction Manager (FTM) for Check Services (CVE-2018-1390) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014795
∗∗∗ IBM Security Bulletin: IBM API Connect has released 5.0.8.2 iFix in response to the vulnerabilities known as Spectre and Meltdown. ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22014530