[CERT-daily] Tageszusammenfassung - Freitag 23-06-2017

Daily end-of-shift report team at cert.at
Fri Jun 23 18:07:13 CEST 2017


=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 22-06-2017 18:00 − Freitag 23-06-2017 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** Getting ready for the European Cyber Security Month 2017 ***
---------------------------------------------
100 days left for the launch of the European Cyber Security Month, the EU annual advocacy campaign which takes place in October supported by ENISA and EC DG CONNECT with the participation of many partners from all over Europe.
---------------------------------------------
https://www.enisa.europa.eu/news/enisa-news/getting-ready-for-the-european-cyber-security-month-2017




*** Microsoft Says Fireball Threat ‘Overblown’ ***
---------------------------------------------
Check Point has toned down its initial estimates on the number of Fireball malware infections from 250 million machines and 20 percent of corporate networks to 40 million computers.
---------------------------------------------
http://threatpost.com/microsoft-says-fireball-threat-overblown/126472/




*** DSA-3894 graphite2 - security update ***
---------------------------------------------
Multiple vulnerabilities have been found in the Graphite font rendering engine which might result in denial of service or the execution of arbitrary code if a malformed font file is processed.
---------------------------------------------
https://www.debian.org/security/2017/dsa-3894




*** ZDI-17-441: Apple Safari Node Use-After-Free Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-17-441/




*** DSA-3896 apache2 - security update ***
---------------------------------------------
Several vulnerabilities have been found in the Apache HTTPD server.
---------------------------------------------
https://www.debian.org/security/2017/dsa-3896




*** Smart burglars will ride the surf of inter-connected hackability ***
---------------------------------------------
Let’s invent a dustbin that throws itself away Something for the Weekend, Sir? What the world needs now is an intelligent dustbin. It would be the pinnacle of achievement for the Internet of Things sector.
---------------------------------------------
www.theregister.co.uk/2017/06/23/smart_burglars_will_ride_the_surf_of_interconnected_hackability/




*** Mutmaßlich russische Hacker stahlen Daten britischer Politiker ***
---------------------------------------------
http://derstandard.at/2000059699661




*** Deutsches Sicherheitsamt warnt vor Cyber-Attacken auf Verwaltung ***
---------------------------------------------
Ähnlich wie auf US-Demokraten und französische Partei von Präsident Macron
---------------------------------------------
http://derstandard.at/2000059699049




*** Node.js: Hälfte der NPM-Pakete durch schwache Passwörter verwundbar ***
---------------------------------------------
Der NPM-Dienst hat vor zwei Wochen Passwörter von Entwicklern zurückgezogen. Jetzt ist klar warum: Ein Hacker konnte schwache Passwörter sammeln und hätte damit wohl die Hälfte des ..
---------------------------------------------
https://www.golem.de/news/node-js-haelfte-der-npm-pakete-durch-schwache-passwoerter-verwundbar-1706-128552.html




*** Microsoft weist Vorwürfe von Antivirenhersteller zurück ***
---------------------------------------------
Microsoft betont in einem Blogpost die Bedeutung der Zusammenarbeit mit Antivirenherstellern im Rahmen der Microsoft Virus Initiative. Die Veröffentlichung kann als direkte Reaktion auf die Beschwerde von Kaspersky bei Kartellwächtern verstanden werden.
---------------------------------------------
https://heise.de/-3754148




*** Video: So kaperten Hacker ein Stromkraftwerk ***
---------------------------------------------
2015 haben Hacker den Strom für über 200.000 Personen in der Ukraine ausfallen lassen. Ein Video zeigt, wie sie die Steuer-PCs übernommen haben.
---------------------------------------------
https://futurezone.at/digital-life/video-so-kaperten-hacker-ein-stromkraftwerk/271.426.269




*** FBI: Extortion, CEO Fraud Among Top Online Fraud Complaints in 2016 ***
---------------------------------------------
Online extortion, tech support scams and phishing attacks that spoof the boss were among the most costly cyber scams reported by consumers and businesses last year, according to new figures from the FBIs Internet Crime Complaint Center (IC3). The IC3 report released ..
---------------------------------------------
https://krebsonsecurity.com/2017/06/fbi-extortion-ceo-fraud-among-top-online-fraud-complaints-in-2016/


More information about the Daily mailing list