[CERT-daily] Tageszusammenfassung - 04.08.2017

Fri Aug 4 18:06:41 CEST 2017

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 03-08-2017 18:00 − Freitag 04-08-2017 18:00
Handler:     Petr Sikuta
Co-Handler:  Stephan Richter

=====================
=        News       =
=====================

∗∗∗ Week In Review – 4th August 2017 ∗∗∗
---------------------------------------------
Creating Fake Identities Everything today seems to be linked to your identity; or perhaps more specifically, to your digital identity. While safeguarding ones identity is important, it is also equally important to find ways to stop people from creating fake identities. Kevin Mitnick belonged to an earlier generation that many of this generations up and comers may not have heard of. While today he is a respectable information security professional, he wasn’t always quite a white hat, and [...]
---------------------------------------------
https://www.alienvault.com/blogs/security-essentials/week-in-review-4th-august-2017


∗∗∗ JavaScript Packages Caught Stealing Environment Variables ∗∗∗
---------------------------------------------
On August 1, npm Inc. — the company that runs the biggest JavaScript package repository — removed 38 JavaScript npm packages that were caught stealing environment variables from infected projects. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/javascript-packages-caught-stealing-environment-variables/


∗∗∗ Verseuchte Chrome-Erweiterung infiziert eine Million User ∗∗∗
---------------------------------------------
Die Erweiterung Web Developer wurde gekapert und durch eine Version mit Schadsoftware ausgetauscht und an User verteilt.
---------------------------------------------
https://futurezone.at/digital-life/verseuchte-chrome-erweiterung-infiziert-eine-million-user/278.784.200


∗∗∗ Verhaftung nach Black Hat: Wanna-Cry-Hacker soll Bankingtrojaner entwickelt haben ∗∗∗
---------------------------------------------
Ein britischer Sicherheitsforscher und Hacker ist in den USA verhaftet worden. Der 23-Jährige hatte unabsichtlich dazu beigetragen, die Ausbreitung von Wanna Cry zu verlangsamen. Er soll an der Entwicklung des Kronos-Bankentrojaners beteiligt gewesen sein.
---------------------------------------------
https://www.golem.de/news/wanna-cry-sicherheitsforscher-malwaretech-in-den-usa-festgenommen-1708-129301-rss.html


∗∗∗ Weekly Security Roundup ∗∗∗
---------------------------------------------
This week, we’ve published an article about session hijacking, a dangerous hacking method that takes control of a user’s account as they are live and using it. Security articles of the week (July 31st – August 4th, 2017) The biggest story from the beginning of this week was the HBO hack that ended up with leaked [...]
---------------------------------------------
https://heimdalsecurity.com/blog/weekly-security-roundup/


∗∗∗ Cisco schließt Super-Admin-Lücke ∗∗∗
---------------------------------------------
Der Netzwerkausrüster stellt elf Sicherheitsupdates für diverse Produkte bereit. Von den Lücken soll ein mittleres bis hohes Risiko ausgehen.
---------------------------------------------
https://heise.de/-3793025


=====================
=    Advisories     =
=====================

∗∗∗ Upcoming Security Updates for Adobe Reader and Acrobat (APSB17-24) ∗∗∗
---------------------------------------------
A prenotification Security Advisory has been posted regarding upcoming Adobe Reader and Acrobat updates scheduled for Tuesday, August 8, 2017.
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1478


∗∗∗ Schneider Electric Pro-face GP-Pro EX ∗∗∗
---------------------------------------------
This advisory contains mitigation details for an uncontrolled search path element vulnerability in Schneider Electric’s Pro-face GP-Pro EX.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-215-01


∗∗∗ IBM Security Bulletin: A vulnerability in libtirpc affects PowerKVM ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=isg3T1025258


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security SiteProtector System ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22004331


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect WebSphere Extreme Scale ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22005297


∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities exist in IBM Cognos TM1 ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22006551


∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities exist in IBM Cognos Insight ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22006550

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily