[CERT-daily] Tageszusammenfassung - Donnerstag 2-02-2017

Daily end-of-shift report team at cert.at
Thu Feb 2 18:08:14 CET 2017


=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 01-02-2017 18:00 − Donnerstag 02-02-2017 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** DSA-3780 ntfs-3g - security update ***
---------------------------------------------
Jann Horn of Google Project Zero discovered that NTFS-3G, a read-writeNTFS driver for FUSE, does not scrub the environment before executingmodprobe with elevated privileges. A local user ..
---------------------------------------------
https://www.debian.org/security/2017/dsa-3780




*** Netherlands reverts to hand-counted votes to quell security fears ***
---------------------------------------------
Windows XP? SHA-1? USB sneakernet? What were they thinking? Or smoking? The Netherlands has decided its vote-counting software isnt ready for prime time, and will revert to ..
---------------------------------------------
www.theregister.co.uk/2017/02/02/netherlands_reverting_to_handcounted_votes_to_quell_security_fears/




*** Extrem kritische Lücke in Ciscos Prime Home könnte unzählige Router gefährden ***
---------------------------------------------
Internet- und Service-Anbieter sollten zügig ein Sicherheitsupdate für Cisco Prime Home installieren. Angreifer könnten Geräte mit wenig Aufwand missbrauchen und von da aus Router von Kunden übernehmen.
---------------------------------------------
https://heise.de/-3615465




*** Gmail Drops Support for Windows XP and Vista Users on Chrome ***
---------------------------------------------
Google says that starting with February 8, Chrome users will have to use version 54 or 55 (current) if they want to access their Gmail accounts.
---------------------------------------------
https://www.bleepingcomputer.com/news/software/gmail-drops-support-for-windows-xp-and-vista-users-on-chrome/




*** DDoS attacks in Q4 2016 ***
---------------------------------------------
2016 was the year of Distributed Denial of Service (DDoS) with major disruptions in terms of technology, ..
---------------------------------------------
http://securelist.com/analysis/quarterly-malware-reports/77412/ddos-attacks-in-q4-2016/




*** Jugendliche gehen schludrig mit Passwörtern um ***
---------------------------------------------
Der Sicherheitsbewusstsein von österreichischen Jugendlichen und Unter-30-Jährigen ist schlecht ausgeprägt. Jeder Zweite hat sein Passwort schon einmal weitergegeben.
---------------------------------------------
https://futurezone.at/digital-life/jugendliche-gehen-schludrig-mit-passwoertern-um/244.433.550




*** Security: Der Secret Service gibt Tipps für Rechenzentrumsbetreiber ***
---------------------------------------------
Ein Rechenzentrum behandeln wie das Weiße Haus? Diesen Tipp gab ein ehemaliger Mitarbeiter des Secret ..
---------------------------------------------
http://www.golem.de/news/security-der-secret-service-gibt-tipps-fuer-rechenzentrumsbetreiber-1702-125968.html




*** KopiLuwak: A New JavaScript Payload from Turla ***
---------------------------------------------
A new, unique JavaScript payload is now being used by Turla in targeted attacks. This new payload, dubbed KopiLuwak, is being delivered using embedded macros within Office documents.
---------------------------------------------
http://securelist.com/blog/research/77429/kopiluwak-a-new-javascript-payload-from-turla/




*** Hackerangriff auf Tschechiens Außenamt offenbar größer als gedacht ***
---------------------------------------------
http://derstandard.at/2000052006680




*** Panne bei Handysignatur: Dokumentenname einsehbar ***
---------------------------------------------
Laut "Die Presse" waren 14 Stunden lang der Name aller unterzeichneten Dokumente abrufbar
---------------------------------------------
http://derstandard.at/2000052007651




*** Microsoft Windows SMB Tree Connect Response memory corruption vulnerability ***
---------------------------------------------
Microsoft Windows contains a memory corruption bug in the handling of SMB traffic, which may allow a remote, unauthenticated attacker to cause a denial of service or potentially execute arbitrary code on a vulnerable system.
---------------------------------------------
http://www.kb.cert.org/vuls/id/867968


More information about the Daily mailing list