[CERT-daily] Tageszusammenfassung - 12.12.2017

Tue Dec 12 22:06:22 CET 2017

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 11-12-2017 18:00 − Dienstag 12-12-2017 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Security update available for Adobe Flash Player (APSB17-42) ∗∗∗
---------------------------------------------
A Security Bulletin (APSB17-42) has been published regarding a security update for Adobe Flash Player. This update addresses a regression that could lead to the unintended reset of the global settings preference file. Adobe ..
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1514


∗∗∗ Detonating a bad rabbit: Windows Defender Antivirus and layered machine learning defenses ∗∗∗
---------------------------------------------
Windows Defender Antivirus uses a layered approach to protection: tiers of advanced automation and machine learning models evaluate files in order to reach a verdict on suspected malware. While Windows Defender AV detects a vast majority of  ..
---------------------------------------------
https://blogs.technet.microsoft.com/mmpc/2017/12/11/detonating-a-bad-rabbit-windows-defender-antivirus-and-layered-machine-learning-defenses/


∗∗∗ December 2017 security update release ∗∗∗
---------------------------------------------
Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they ..
---------------------------------------------
https://blogs.technet.microsoft.com/msrc/2017/12/12/december-2017-security-update-release/


∗∗∗ New Ruski hacker clan exposed: Theyre called MoneyTaker, and theyre gonna take your money ∗∗∗
---------------------------------------------
Subtly named group has gone largely unnoticed until now Security researchers have lifted the lid on a gang of Russian-speaking cybercrooks, dubbed MoneyTaker.
---------------------------------------------
www.theregister.co.uk/2017/12/11/russian_bank_hackers_moneytaker/


∗∗∗ Googles Project Zero reveals Apple jailbreak exploit ∗∗∗
---------------------------------------------
Holy Moley! iOS and MacOS were wholly holey Ian Beer of Googles Project Zero has followed up on a “coming soon” Twitter teaser with a jailbreakable iOS and Mac OS vulnerability.
---------------------------------------------
www.theregister.co.uk/2017/12/12/apple_jailbreak_exploit/


∗∗∗ Hintergrund: Malware-Analyse - Do-It-Yourself ∗∗∗
---------------------------------------------
Bauen Sie Ihre eigene Schadsoftware-Analyse-Sandbox, um schnell das Verhalten von unbekannten Dateien zu überprüfen. Dieser Artikel zeigt, wie das mit der kostenlosen Open-Source-Sandbox Cuckoo funktioniert.
---------------------------------------------
https://heise.de/-3910855


∗∗∗ An analysis of 120 mobile app stores uncovers plethora of malicious apps ∗∗∗
---------------------------------------------
RiskIQ analyzed 120 mobile app stores and more than 2 billion daily scanned resources. In listing and analyzing the app stores hosting the most malicious mobile apps and the most prolific developers of malicious apps, their Q3 mobile threat landscape report documents an increase in blacklisted apps over Q2, as well as the continued ..
---------------------------------------------
https://www.helpnetsecurity.com/2017/12/12/mobile-app-stores-malicious-apps/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ DSA-4063 pdns-recursor - security update ∗∗∗
---------------------------------------------
Toshifumi Sakaguchi discovered that PowerDNS Recursor, a high-performance resolving name server was susceptible to denial of service via a crafted CNAME answer.
---------------------------------------------
https://www.debian.org/security/2017/dsa-4063


∗∗∗ Cisco Email Security Appliance Header Bypass Vulnerability ∗∗∗
---------------------------------------------
A vulnerability in the Simple Mail Transfer Protocol (SMTP) header filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device. The vulnerability is due to improper handling of a malformed SMTP header in ..
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-esa


∗∗∗ DSA-4064 chromium-browser - security update ∗∗∗
---------------------------------------------
https://www.debian.org/security/2017/dsa-4064


∗∗∗ Qt for Android vulnerable to OS command injection ∗∗∗
---------------------------------------------
http://jvn.jp/en/jp/JVN67389262/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily