[CERT-daily] Tageszusammenfassung - Montag 16-01-2017

Daily end-of-shift report team at cert.at
Mon Jan 16 18:08:07 CET 2017


=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 13-01-2017 18:00 − Montag 16-01-2017 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** Hardening Windows 10 with zero-day exploit mitigations ***
---------------------------------------------
Cyber attacks involving zero-day exploits happen from time to time, affecting different platforms and applications. Over the years, Microsoft security teams have been working extremely ..
---------------------------------------------
https://blogs.technet.microsoft.com/mmpc/2017/01/13/hardening-windows-10-with-zero-day-exploit-mitigations/




*** WordPress 4.7.1 released, patches eight vulnerabilities and 62 bugs ***
---------------------------------------------
According to the release notes the latest version of WordPress 4.7.1 addresses eight security vulnerabilities and other 62 bugs. Wednesday the latest version of WordPress 4.7.1 was released by the WordPress Team, it is classified as a security release for ..
---------------------------------------------
http://securityaffairs.co/wordpress/55308/breaking-news/wordpress-4-7-1-released.html




*** DSA-3764 pdns - security update ***
---------------------------------------------
Multiple vulnerabilities have been discovered in pdns, an authoritativeDNS server. The Common Vulnerabilities and Exposures project identifiesthe following ..
---------------------------------------------
https://www.debian.org/security/2017/dsa-3764




*** DSA-3763 pdns-recursor - security update ***
---------------------------------------------
Florian Heinz and Martin Kluge reported that pdns-recursor, a recursiveDNS server, parses all records present in a query regardless of whetherthey are ..
---------------------------------------------
https://www.debian.org/security/2017/dsa-3763




*** Backup Files Are Good but Can Be Evil ***
---------------------------------------------
Since we started to work with computers, we always heard the following advice: Make backups!. Everytime you have to change something in a file or an application, first make a backup of the existing resources (code, configuration files, data). But, ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21935




*** Compliance: Deutsche Bank verbannt Whatsapp und SMS von Diensthandys ***
---------------------------------------------
Mitarbeiter der Deutschen Bank können künftig nicht mehr untereinander per Whatsapp oder SMS kommunizieren. Die Apps sollen von den Geräten der Mitarbeiter entfernt werden - weil es die Behörden so wollen.
---------------------------------------------
http://www.golem.de/news/compliance-deutsche-bank-verbannt-whatsapp-und-sms-von-diensthandys-1701-125582.html




*** DSA-3765 icoutils - security update ***
---------------------------------------------
Several programming errors in the wrestool tool of icoutils, a suiteof tools to create and extract MS Windows icons and ..
---------------------------------------------
https://www.debian.org/security/2017/dsa-3765




*** Rätselraten um NSA-Waffenhändler "Shadow Brokers" ***
---------------------------------------------
Hacker- Gruppe kündigte Rückzug an – lauter werdende Gerüchte um Verbindungen nach Russland
---------------------------------------------
http://derstandard.at/2000050751646




*** Datendiebstahl bei den iPhone-Hackern Cellebrite ***
---------------------------------------------
Die Firma, die die Verschlüsselung des iPhones für das FBI geknackt haben soll, wurde Opfer eines Datendiebstahls. 900 GB an Daten sind gestohlen worden.
---------------------------------------------
https://futurezone.at/digital-life/datendiebstahl-bei-den-iphone-hackern-cellebrite/241.119.292




*** Cyberangriffe zu deutschem Wahlkampf befürchtet: Abwehrzentrum geplant ***
---------------------------------------------
Bundestagspräsident: "Was technisch möglich ist, findet auch statt"
---------------------------------------------
http://derstandard.at/2000050779644




*** Google reveals its servers all contain custom security silicon ***
---------------------------------------------
Even the servers it colocates (!) says new docu revealing Alphabet subs security secrets Google has published a Infrastructure Security Design Overview that explains how it secures ..
---------------------------------------------
www.theregister.co.uk/2017/01/16/google_reveals_its_servers_all_contain_custom_security_silicon/




*** Blackberry DTEK60 im (Sicherheits-)Test: Sicher, weil isso! ***
---------------------------------------------
Blackberry will die Quadratur des Kreises schaffen: ein sicheres Android-Smartphone. Leider stellt der Hersteller wenig Informationen bereit und verwirrt Nutzer teils unnötig.
---------------------------------------------
http://www.golem.de/news/blackberry-60-im-sicherheits-test-sicher-weil-isso-1701-125554.html




*** New Gmail phishing technique fools even tech-savvy users ***
---------------------------------------------
An effective new phishing attack is hitting Gmail users and tricking many into inputing their Gmail credentials into a fake login page. How the attack unfolds The phishers start by compromising a Gmail account, then they rifle through the emails ..
---------------------------------------------
https://www.helpnetsecurity.com/2017/01/16/new-gmail-phishing-attack-fools-even-tech-savvy-users/




*** 35 Jahre C64: Die Geburtsstunde der "Cracker" und Kopierer ***
---------------------------------------------
In den 1980er-Jahren war es in Österreich vergleichsweise schwer, überhaupt Software zu kaufen
---------------------------------------------
http://derstandard.at/2000049895466




*** Cartapping: Autos werden seit 15 Jahren digital verwanzt ***
---------------------------------------------
Um den Standort eines Autos zu überwachen, muss längst keine GPS-Wanze mehr angebracht werden. In den USA wird das offenbar schon lange mithilfe der intelligenten Navigations- und Bordsysteme praktiziert.
---------------------------------------------
http://www.golem.de/news/cartapping-autos-werden-seit-15-jahren-digital-verwanzt-1701-125599.html




*** We reverse engineered 16k apps, here’s what we found ***
---------------------------------------------
In Nov’16, we created an online tool to reverse engineer any android app to look for secrets. This tool was built because of an internal need — we were constantly required to reverse ..
---------------------------------------------
https://medium.com/@mkagenius/afdccb592b81




*** Mailserver Dovecot: erfolgreiches Sicherheits-Audit ***
---------------------------------------------
Als weitestgehend sicher stuft das Berliner IT-Sicherheitsunternehmen Cure53 den Mailserver Dovecot ein. In Auftrag gegeben hatte diese Untersuchung die Mozilla Foundation.
---------------------------------------------
https://heise.de/-3596977


More information about the Daily mailing list