[CERT-daily] Tageszusammenfassung - 08.08.2017

Daily end-of-shift report team at cert.at
Tue Aug 8 18:06:36 CEST 2017


=====================
= End-of-Day report =
=====================

Timeframe:   Montag 07-08-2017 18:00 − Dienstag 08-08-2017 18:00
Handler:     Alexander Riepl
Co-Handler:  

=====================
=        News       =
=====================

∗∗∗ Hotspot Shield: VPN-Provider soll Nutzer per Javascript ausspionieren ∗∗∗
---------------------------------------------
Der VPN-Provider Hotspot soll seine Nutzer durch Javascript-Elemente und Werbung ausspionieren - obwohl er genau das Gegenteil behauptet. Das wirft eine US-Bürgerrechtsorganisation dem Unternehmen vor und hat Beschwerde bei der FTC eingereicht.
---------------------------------------------
https://www.golem.de/news/hotspot-shield-vpn-provider-soll-javascript-in-verbindungen-einschleusen-1708-129361.html


∗∗∗ Google Patches 10 Critical Bugs in August Android Security Bulletin ∗∗∗
---------------------------------------------
Googles August Android Security Bulletin featured patches for nearly a dozen remote code execution bugs impacting Googles Pixel and Nexus handsets.
---------------------------------------------
http://threatpost.com/google-patches-10-critical-bugs-in-august-android-security-bulletin/127276/


∗∗∗ Microsoft to remove WoSign and StartCom certificates in Windows 10 ∗∗∗
---------------------------------------------
Microsoft has concluded that the Chinese Certificate Authorities (CAs) WoSign and StartCom have failed to maintain the standards required by our Trusted Root Program. Observed unacceptable security practices include back-dating SHA-1 certificates, ..
---------------------------------------------
https://blogs.technet.microsoft.com/mmpc/2017/08/08/microsoft-to-remove-wosign-and-startcom-certificates-in-windows-10/


∗∗∗ How Chat App Discord Is Abused by Cybercriminals to Attack ROBLOX Players ∗∗∗
---------------------------------------------
Cybercriminals targeting gamers are nothing new. We’ve reported many similar incidents in the past, from fake game apps to real-money laundering through online game currencies. Usually the aim is simple: to steal personal information and monetize it. And ..
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/chat-app-discord-abused-cybercriminals-attack-roblox-players/


∗∗∗ Practical Analysis of the Cybersecurity of European Smart Grids ∗∗∗
---------------------------------------------
This paper summarizes the experience gained during a series of practical cybersecurity assessments of various components of Europe’s smart electrical grids.
---------------------------------------------
http://digitalsubstation.com/en/2017/08/07/practical-analysis-of-nbsp-the-cybersecurity-of-nbsp-european-smart-grids/


∗∗∗ Google warnt Entwickler von Chrome-Erweiterungen vor Phishing-Mails ∗∗∗
---------------------------------------------
Betrüger sind auf der Jagd nach Log-in-Daten von Entwickler-Accounts, um Chrome-Erweiterungen mit Schadcode zu verseuchen und anschließend zu verteilen, warnt Google.
---------------------------------------------
https://heise.de/-3795160


∗∗∗ Hacker erpressen HBO mit weiteren "Game of Thrones"-Folgen ∗∗∗
---------------------------------------------
Erpresser haben Skript zu Folge 5 von Staffel 7 veröffentlicht und fordern Geld, um weitere Publizierungen zu unterlassen
---------------------------------------------
http://derstandard.at/2000062391623


∗∗∗ IWF warnt: Cyber-Angriffe gefährden weltweite Finanzstabilität ∗∗∗
---------------------------------------------
Attacken von Hackern und Kriminellen immer raffinierter
---------------------------------------------
http://derstandard.at/2000062403498



=====================
=    Advisories     =
=====================

∗∗∗ Security Bulletins Posted ∗∗∗
---------------------------------------------
Adobe has published security bulletins for Adobe Flash Player (APSB17-23), Adobe Acrobat and Reader (APSB17-24), Adobe Experience Manager (APSB17-26) and Adobe Digital Editions (APSB17-27). Adobe recommends users update their product installations to the ..
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1480


∗∗∗ Vulnerability in F2FS File System Leads To Memory Corruption on Android, Linux ∗∗∗
---------------------------------------------
August’s Android Security Bulletin includes three file system vulnerabilities (CVE-2017-10663, CVE-2017-10662, and CVE-2017-0750 that were discovered by Trend Micro researchers. These vulnerabilities could cause memory corruption on the affected devices, ..
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/vulnerability-f2fs-file-system-leads-memory-corruption-android-linux/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list