[CERT-daily] Tageszusammenfassung - 28.12.2017
Daily end-of-shift report
team at cert.at
Thu Dec 28 18:07:59 CET 2017
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 27-12-2017 18:00 − Donnerstag 28-12-2017 18:00
Handler: Stephan Richter
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Web Trackers Exploit Flaw in Browser Login Managers to Steal Usernames ∗∗∗
---------------------------------------------
Princeton privacy experts are warning that advertising and analytics firms can secretly extract site usernames from browsers using hidden login fields and tie non-authenticated users visiting a site with their profiles or emails on that domain.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/web-trackers-exploit-flaw-in-browser-login-managers-to-steal-usernames/
∗∗∗ Xiaomi: Mit einem Stück Alufolie autonome Staubsauger rooten ∗∗∗
---------------------------------------------
Obwohl Xiaomi in puncto Security viel richtig macht, lassen sich Staubsauger der Firma rooten - mit einem Stück Alufolie. Das ermöglicht dann den Zugriff auf zahlreiche Sensoren und die Nutzung eines eigenen Cloudinterfaces.
---------------------------------------------
https://www.golem.de/news/xiaomi-mit-einem-stueck-alufolie-autonome-staubsauger-rooten-1712-131883-rss.html
∗∗∗ Computer Forensics: Forensic Techniques, Part 2 ∗∗∗
---------------------------------------------
Introduction This is a continuation of our "Forensic Techniques" series, in which we discuss some of the most common yet powerful computer forensic techniques for beginners. In Part 1, we took a look at live forensics, file carving, data/password recovery, known file filtering, and email header analysis. Part 2 will feature slightly more advanced techniques, [...]
---------------------------------------------
http://resources.infosecinstitute.com/computer-forensics-forensic-techniques-part-2/
∗∗∗ The "Extended Random" Feature in the BSAFE Crypto Library ∗∗∗
---------------------------------------------
Matthew Green wrote a fascinating blog post about the NSAs efforts to increase the amount of random data exposed in the TLS protocol, and how it interacts with the NSAs backdoor into the DUAL_EC_PRNG random number generator to weaken TLS.
---------------------------------------------
https://www.schneier.com/blog/archives/2017/12/the_extended_ra.html
∗∗∗ Acoustic Attacks on HDDs Can Sabotage PCs, CCTV Systems, ATMs, More ∗∗∗
---------------------------------------------
Attackers can use sound waves to interfere with a hard drives normal mode of operation, creating a temporary or permanent denial of state (DoS) that could be used to prevent CCTV systems from recording video footage or freeze computers dealing with critical operations.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/acoustic-attacks-on-hdds-can-sabotage-pcs-cctv-systems-atms-more/
∗∗∗ 34C3: "Nomorp" hebelt Schutzschild zahlreicher Banking-Apps aus ∗∗∗
---------------------------------------------
Der Sicherheitsforscher Vincent Haupert hat das Rätsel gelüftet, wie er zusammen mit einem Kollegen schwere Lücken bei App-basierten TAN-Verfahren ausnutzen und etwa Überweisungen manipulieren konnte.
---------------------------------------------
https://heise.de/-3928363
∗∗∗ Keine Identitätsbestätigung bei Amazon erforderlich ∗∗∗
---------------------------------------------
In einem gefälschten Amazon-Schreiben ist davon die Rede, dass Kund/innen ihre Identität bei dem Händler bestätigen müssen. Tun sie das nicht, sperrt er angeblich ihr Nutzerkonto. Empfänger/innen können die Nachricht ignorieren, denn sie stammt von Kriminellen. Diese wollen mit dem erfundenen Vorwand fremde Zugangsdaten stehlen.
---------------------------------------------
https://www.watchlist-internet.at/phishing/keine-identitaetsbestaetigung-bei-amazon-erforderlich/
∗∗∗ Three Plugins Backdoored in Supply Chain Attack ∗∗∗
---------------------------------------------
In the last two weeks, the WordPress.org repository has closed three plugins because they contained content-injection backdoors. “Closing” a plugin means that it is no longer available for download from the repository, and will not show up in WordPress.org search results. Each of them had been purchased in the previous six months as part of [...]
---------------------------------------------
https://www.wordfence.com/blog/2017/12/plugin-backdoor-supply-chain/
=====================
= Vulnerabilities =
=====================
∗∗∗ DFN-CERT-2017-2323: Digium Asterisk, Digium Certified Asterisk: Eine Schwachstelle ermöglicht einen Denial-of-Service-Angriff ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-2323/
∗∗∗ Security Advisory - DoS Vulnerability in Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171201-01-pse-en
∗∗∗ Security Advisory - Out-of-Bounds Memory Access Vulnerability on Some Huawei FireWall Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171213-01-firewall-en
∗∗∗ Security Advisory - Buffer Overflow Vulnerability in Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171206-01-buffer-en
∗∗∗ Security Advisory - Weak Algorithm Vulnerability in Huawei USG product ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170802-01-usg-en
∗∗∗ Security Advisory - Insufficient Input Validation Vulnerability in Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171215-01-ike-en
∗∗∗ IBM Security Bulletin: Vulnerabilities in wget affect PowerKVM ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=isg3T1026217
∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime affect IBM SPSS Statistics Server (CVE-2017-10356, CVE-2017-10388) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22011663
∗∗∗ IBM Security Bulletin: A vulnerability in libnl3 affects PowerKVM ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=isg3T1026208
∗∗∗ IBM Security Bulletin: Vulnerabilities in wpa_supplicant affect PowerKVM (KRACK) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=isg3T1026222
∗∗∗ IBM Security Bulletin: A vulnerability in httpd affects PowerKVM ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=isg3T1025957
∗∗∗ IBM Security Bulletin: Vulnerabilities in dnsmasq affect PowerKVM ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=isg3T1025956
∗∗∗ IBM Security Bulletin: A vulnerability in emacs affects PowerKVM ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=isg3T1025961
∗∗∗ IBM Security Bulletin: A vulnerability in ausgeas affects PowerKVM ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=isg3T1025962
∗∗∗ IBM Security Bulletin: Vulnerabilities in nagios affect PowerKVM ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=isg3T1026031
∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenvSwitch affect PowerKVM ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=isg3T1026032
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list