[CERT-daily] Tageszusammenfassung - Freitag 26-05-2017
Daily end-of-shift report
team at cert.at
Fri May 26 18:04:57 CEST 2017
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 24-05-2017 18:00 − Freitag 26-05-2017 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** Reflections on reflection (attacks) ***
---------------------------------------------
Recently Akamai published an article about CLDAP reflection attacks. This got us thinking. We saw attacks from Conectionless LDAP servers back in November 2016 but totally ignored them because our systems were automatically dropping the attack ..
---------------------------------------------
https://blog.cloudflare.com/reflections-on-reflections/
*** Cloak & Dagger ***
---------------------------------------------
Cloak & Dagger is a new class of potential attacks affecting Android devices. These attacks allow a malicious app to completely control the UI feedback loop and take over the device — without giving the user a chance to notice the malicious activity. These attacks ..
---------------------------------------------
http://cloak-and-dagger.org/
*** Trump’s Dumps: ‘Making Dumps Great Again’ ***
---------------------------------------------
Its not uncommon for crooks who peddle stolen credit cards to seize on iconic American figures of wealth and power in the digital advertisements for these shops that run continuously on various ..
---------------------------------------------
https://krebsonsecurity.com/2017/05/trumps-dumps-making-dumps-great-again/
*** Österreichs Unternehmen sind bei IT-Sicherheit Nachzügler ***
---------------------------------------------
Investitionen in die Sicherheit als Chance verstehen
---------------------------------------------
http://derstandard.at/2000058280565
*** 83% of Security Pros Waste Time Fixing Co-Workers Non-Security Problems ***
---------------------------------------------
Security personnel in many organizations waste time every week helping co-workers with general IT problems, rather than doing their own work, which in the long run, ..
---------------------------------------------
https://www.bleepingcomputer.com/news/technology/83-percent-of-security-pros-waste-time-fixing-co-workers-non-security-problems/
*** Schwere Sicherheitslücke in Samba gefunden ***
---------------------------------------------
Exploits bereits im Netz – Updates sollten rasch eingespielt werden
---------------------------------------------
http://derstandard.at/2000058287863
*** DSA-3863 imagemagick - security update ***
---------------------------------------------
This update fixes several vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising ..
---------------------------------------------
https://www.debian.org/security/2017/dsa-3863
*** DSA-3862 puppet - security update ***
---------------------------------------------
It was discovered that unrestricted YAML deserialisation of data sent from agents to the server in the Puppet configuration management ..
---------------------------------------------
https://www.debian.org/security/2017/dsa-3862
*** Manipulierte Webseiten legen Windows lahm ***
---------------------------------------------
Problem mit Dateinamen verlangsamt System bis zum Stillstand – Windows 7, 8 und Vista betroffen
---------------------------------------------
http://derstandard.at/2000058292526
*** Tanze (aktualisierten) Samba mit mir ***
---------------------------------------------
Die Erinnerung an CVE-2017-0144, und die Auswirkungen von WannaCry, ist bei uns allen noch frisch im Gedächtnis verankert, und damit keine Langeweile aufkommt, hat Samba nun ein Advisory bezüglich einer kritischen Schwachstelle veröffentlicht: All versions of Samba ..
---------------------------------------------
http://www.cert.at/services/blog/20170526134531-2020.html
*** FileZilla FTP Client Adds Support for Master Password That Encrypts Your Logins ***
---------------------------------------------
Following years of criticism and user requests, the FileZilla FTP client is finally adding support for a master password ..
---------------------------------------------
https://www.bleepingcomputer.com/news/software/filezilla-ftp-client-adds-support-for-master-password-that-encrypts-your-logins/
More information about the Daily
mailing list