===================== = End-of-Day report = =====================
Timeframe: Montag 15-01-2018 18:00 − Dienstag 16-01-2018 18:00 Handler: Nina Bieringer Co-Handler: Stephan Richter
===================== = News = =====================
∗∗∗ Skygofree: Kaspersky findet mutmaßlichen Staatstrojaner ∗∗∗ --------------------------------------------- Ein Unternehmen aus Italien soll hinter einer Android-Malware stecken, die seit Jahren verteilt wird. Interessant ist dabei die Vielzahl an Kontrollmöglichkeiten der Angreifer - von HTTP über XMPP und die Firebase-Dienste. --------------------------------------------- https://www.golem.de/news/skygofree-kaspersky-findet-mutmasslichen-staatstro...
∗∗∗ WhatsApp und Signal: Forscher beschreiben Schwächen verschlüsselter Gruppenchats ∗∗∗ --------------------------------------------- Zwar ist die Ende-zu-Ende-Verschlüsselung bei WhatsApp und Signal sicher, das Drumherum lässt aber eventuell zu wünschen übrig. So wird ein von Spionen gekaperter Kontrollserver mitunter zur Schwachstelle. --------------------------------------------- https://heise.de/-3942046
===================== = Vulnerabilities = =====================
∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (ca-certificates, gdk-pixbuf, and graphicsmagick), Fedora (qtpass), openSUSE (python-openpyxl and syncthing), Slackware (kernel), and Ubuntu (gdk-pixbuf). --------------------------------------------- https://lwn.net/Articles/744503/rss
∗∗∗ BlackBerry powered by Android Security Bulletin – January 2018 ∗∗∗ --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNum...
∗∗∗ Vuln: Atlassian JIRA CVE-2017-16862 Cross Site Request Forgery Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/102506
∗∗∗ Vuln: Atlassian JIRA CVE-2017-16864 Cross Site Scripting Vulnerabiliy ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/102505
∗∗∗ IBM Fix available for Insecure Direct Object Reference in IBM Cúram Social Program Management (CVE-2018-1362) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012528
∗∗∗ IBM Security Bulletin: Rational Developer for System z – Add support for TLS v1.2 with MS-CAPI in HCE ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011808
∗∗∗ IBM Security Bulletin: IBM Developer for z Systems – Add support for TLS v1.2 with MS-CAPI in HCE ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011816
∗∗∗ IBM Security Bulletin: IBM i2 COPLINK BeanShell Vulnerability (CVE-2016-2510) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21982952
∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in Oracle Outside In Technology affect IBM Rational DOORS Next Generation (CVE-2017-10141, CVE-2017-10196) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012619
∗∗∗ IBM Security Bulletin: IBM FileNet Content Manager, IBM Content Foundation, and IBM Case Foundation are affected by the ability to execute remote attacker’s arbitrary code on a target machine vulnerability ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22010868
∗∗∗ IBM Security Bulletin: Security vulnerabilities in IBM Java Runtime affect IBM RLKS Administration and Reporting Tool Admin ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012476
∗∗∗ IBM Security Bulletin: Vulnerability in Open Source cURL Libcurl affects IBM PureApplication. (CVE-2017-1000257) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22011203
∗∗∗ IBM Security Bulletin: IBM Kenexa LCMS Premier on Cloud is affected by Open Source Commons FileUpload Apache Vulnerabilities ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22011720
∗∗∗ IBM Security Bulletin: Vulnerabilities in libxml2 affect Intel® Manycore Platform Software Stack (Intel® MPSS) for Linux and Windows ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099753
∗∗∗ [R1] SecurityCenter 5.6.1 Fixes Multiple Third-party Vulnerabilities ∗∗∗ --------------------------------------------- http://www.tenable.com/security/tns-2017-16