[CERT-daily] Tageszusammenfassung - Freitag 28-04-2017

Daily end-of-shift report team at cert.at
Fri Apr 28 18:07:10 CEST 2017


=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 27-04-2017 18:00 − Freitag 28-04-2017 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** GE Multilin SR Protective Relays ***
---------------------------------------------
This advisory contains mitigation details for a weak cryptography for passwords vulnerability in GEs Multilin SR protective relays.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-117-01




*** Chrome to Mark More HTTP Pages ‘Not Secure’ ***
---------------------------------------------
Starting with Chrome 62, Google will start marking any HTTP page where users may enter data, ..
---------------------------------------------
http://threatpost.com/chrome-to-mark-more-http-pages-not-secure/125255/




*** Russian-controlled telecom hijacks financial services’ Internet traffic ***
---------------------------------------------
Visa, MasterCard, and Symantec among dozens affected by "suspicious" BGP mishap.
---------------------------------------------
https://arstechnica.com/security/2017/04/russian-controlled-telecom-hijacks-financial-services-internet-traffic/




*** DSA-3836 weechat - security update ***
---------------------------------------------
It was discovered that weechat, a fast and light chat client, is proneto a buffer overflow vulnerability in the IRC plugin, allowing a remote attacker to cause a denial-of-service by sending a specially crafted filename via DCC.
---------------------------------------------
https://www.debian.org/security/2017/dsa-3836




*** DSA-3837 libreoffice - security update ***
---------------------------------------------
It was discovered that a buffer overflow in processing Windows Metafiles may result in denial of service or the execution of arbitrary code if a malformed document is opened.
---------------------------------------------
https://www.debian.org/security/2017/dsa-3837




*** New MacOS Malware, Signed With Legit Apple ID, Found Spying On HTTPS Traffic ***
---------------------------------------------
Many people believe that they are much less likely to be bothered by malware if they use a Mac computer, but is it really true? Unfortunately, No. According to the McAfee Labs, malware attacks on Apples Mac computers were up 744% in 2016, and its researchers ..
---------------------------------------------
https://thehackernews.com/2017/04/apple-mac-malware.html




*** Http 81 Botnet: the Comparison against MIRAI and New Findings ***
---------------------------------------------
OverviewIn our previous blog, we introduced a new IoT botnet spreading over http 81. We will name it in this blog the http81 IoT botnet, while some anti-virus software name it Persirai, and some ..
---------------------------------------------
http://blog.netlab.360.com/http-81-botnet-the-comparison-against-mirai-and-new-findings-en/




*** Facebook und Google überwiesen Betrüger 100 Millionen Dollar ***
---------------------------------------------
Litauer gab sich als Vertreter von Hardware-Zulieferer aus, Beträge zu großem Teil zurückgeholt
---------------------------------------------
http://derstandard.at/2000056723656


More information about the Daily mailing list