===================== = End-of-Day report = =====================
Timeframe: Montag 16-10-2017 18:00 − Dienstag 17-10-2017 18:00 Handler: Stephan Richter Co-Handler: n/a
===================== = News = =====================
∗∗∗ Heres a Video of the Latest ATM Malware Sold on the Dark Web ∗∗∗ --------------------------------------------- A hacker or hacker group is selling a strain of ATM malware that can make ATMs spit out cash just by connecting to its USB port and running the malware. --------------------------------------------- https://www.bleepingcomputer.com/news/security/heres-a-video-of-the-latest-a...
∗∗∗ Lenovo Quietly Patches Massive Bug Impacting Its Android Tablets and Zuk, Vibe Phones ∗∗∗ --------------------------------------------- Lenovo customers are being told to update their Android tablets and handsets to protect themselves against a handful of critical vulnerabilities impacting tens of millions of vulnerable Lenovo devices. --------------------------------------------- http://threatpost.com/lenovo-quietly-patches-massive-bug-impacting-its-andro...
∗∗∗ Estonia releases update on Digital ID card vulnerability ∗∗∗ --------------------------------------------- The Estonia government issued an update on a vulnerability potentially affecting digital use of ID cards issued since October 2014. --------------------------------------------- https://www.scmagazineuk.com/estonia-releases-update-on-digital-id-card-vuln...
∗∗∗ Microsoft responded quietly after detecting secret database hack in 2013 ∗∗∗ --------------------------------------------- (Reuters) - Microsoft Corp’s secret internal database for tracking bugs in its own software was broken into by a highly sophisticated hacking group more than four years ago, according to five former employees, in only the second known breach of such a corporate database. --------------------------------------------- https://www.reuters.com/article/us-microsoft-cyber-insight/microsoft-respond...
∗∗∗ KRACK: Hersteller-Updates und Stellungnahmen ∗∗∗ --------------------------------------------- Mittlerweile haben einige von der WPA2-Lücke KRACK betroffene Hersteller Patches veröffentlicht, die die Gefahr abwehren. Andere meldeten sich in Stellungnahmen zu Wort. --------------------------------------------- https://heise.de/-3863455
===================== = Vulnerabilities = =====================
∗∗∗ Security Advisory 2017-05: Security Update for OTRS Business Solution™ ∗∗∗ --------------------------------------------- October 17, 2017 — Please read carefully and check if the version of your OTRS system is affected by this vulnerability. --------------------------------------------- https://www.otrs.com/security-advisory-2017-05-security-update-otrs-business...
∗∗∗ BSRT-2017-006 Vulnerabilities in Workspaces Server components impact BlackBerry Workspaces ∗∗∗ --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNum...
∗∗∗ VU#307015: Infineon RSA library does not properly generate RSA key pairs ∗∗∗ --------------------------------------------- http://www.kb.cert.org/vuls/id/307015
∗∗∗ VU#228519: Wi-Fi Protected Access II (WPA2) handshake traffic can be manipulated to induce nonce and session key reuse ∗∗∗ --------------------------------------------- http://www.kb.cert.org/vuls/id/228519
∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/
∗∗∗ Cross site scripting in Webtrekk Pixel ∗∗∗ --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/cross-site-scripting-in-webtr...
∗∗∗ EMC NetWorker Buffer Overflow in nsrd Lets Remote Users Execute Arbitrary Code ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1039583
∗∗∗ Java vulnerability CVE-2017-10053 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K28418435