[CERT-daily] Tageszusammenfassung - Donnerstag 17-11-2016

Daily end-of-shift report team at cert.at
Thu Nov 17 18:07:40 CET 2016


=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 16-11-2016 18:00 − Donnerstag 17-11-2016 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** VMSA-2016-0020 ***
---------------------------------------------
vRealize Operations update addresses REST API deserialization vulnerability
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2016-0020.html




*** VMSA-2016-0016.1 ***
---------------------------------------------
vRealize Operations (vROps) updates address privilege escalation vulnerability
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2016-0016.html




*** Drupal Core - Moderately Critical - Multiple Vulnerabilities - SA-CORE-2016-005 ***
---------------------------------------------
https://www.drupal.org/SA-CORE-2016-005




*** VMSA-2016-0018.1 ***
---------------------------------------------
VMware product updates address local privilege escalation vulnerability in Linux kernel
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2016-00201.html




*** VMSA-2016-0018.1 ***
---------------------------------------------
VMware product updates address local privilege escalation vulnerability in Linux kernel
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2016-0018.html




*** Antivirus tools are a useless box-ticking exercise says Google security chap ***
---------------------------------------------
Advocates whitelists and other tools that genuinely help security Kiwicon Google senior security engineer Darren Bilby has asked fellow hackers to expend less effort ..
---------------------------------------------
www.theregister.co.uk/2016/11/17/google_hacker_pleads_try_whitelists_not_just_bunk_antivirus_ids/




*** DSA-3716 firefox-esr - security update ***
---------------------------------------------
Multiple security issues have been found in the Mozilla Firefox webbrowser: Multiple memory safety errors, buffer overflows and otherimplementation errors may ..
---------------------------------------------
https://www.debian.org/security/2016/dsa-3716




*** Tails 2.7 is out ***
---------------------------------------------
https://tails.boum.org/news/version_2.7/




*** Malware Hunters Catch New Android Spyware For Governments In The Wild ***
---------------------------------------------
A group of malware hunters has caught a new Android spyware in the wild. The spyware is marketed to governments and police forces and was made in Italy—but it wasn’t built by the infamous surveillance tech vendor Hacking Team.
---------------------------------------------
https://motherboard.vice.com/read/malware-hunters-catch-new-android-spyware-raxir




*** Internet of Things: US-Regierung veröffentlicht Security-Strategie ***
---------------------------------------------
Sechs Empfehlungen für ein weniger unsicheres Internet of Things hat die US-Regierung ausgearbeitet. Das offizielle Dokument könnte Entwicklern und Sicherheitsabteilungen Rückenwind geben.
---------------------------------------------
https://heise.de/-3488886




*** Erpressungs-Trojaner Ransoc soll Social-Media-Accounts ausspionieren ***
---------------------------------------------
Sicherheitsforschern zufolge droht Ransoc damit, persönliche Daten zu veröffentlichen. Dafür soll er eine individuelle Erpresserbotschaft mit privaten Bildern und Informationen bauen.
---------------------------------------------
https://heise.de/-3488976




*** Call for Papers Domain pulse 2017 ***
---------------------------------------------
Das Generalthema des Domain pulse 2017 lautet „Netzwerken in Netzwerken“ – im weitesten Sinne des Begriffs. Wer oder was wird vernetzt? Wie wichtig ist Vernetzung? Wo findet sie statt? Wie kann sie bestmöglich gelingen? Und welche Probleme kann sie lösen?
---------------------------------------------
http://www.domainpulse.at/de/call-for-papers




*** Forensik-Tool-Hersteller: Apple speichert iPhone-Anrufprotokolle in iCloud – für viele Monate ***
---------------------------------------------
Apple synchronisiert die Anrufhistorie von iCloud-Nutzern automatisch ohne darauf explizit hinzuweisen. Die Software des Herstellers soll Strafverfolgungsbehörden ..
---------------------------------------------
https://heise.de/-3490866




*** Confessions of a Google Spammer ***
---------------------------------------------
Before I became an inbound marketer, I once made $50,000 a month spamming Google. I worked a maximum of 10 hours a week. And I am telling you from the bottom of my heart: never, never ever follow in my footsteps.
---------------------------------------------
https://readthink.com/confessions-of-a-google-spammer-4f2e0c3e9869


More information about the Daily mailing list