[CERT-daily] Tageszusammenfassung - 03.11.2017

Daily end-of-shift report team at cert.at
Fri Nov 3 18:12:22 CET 2017


=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 02-11-2017 18:00 − Freitag 03-11-2017 18:00
Handler:     Nina Bieringer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ E-Government: Estland blockiert 760.000 eID-Zertifikate ∗∗∗
---------------------------------------------
Die von einer Sicherheitslücke betroffenen Zertifikate der estnischen eID-Karte werden nun doch zurückgezogen, nachdem der RSA-Bug von Infineon öffentlich ist. Estland will die Zertifikate updaten und künftig auf elliptische Kurven setzen.
---------------------------------------------
https://www.golem.de/news/e-government-estland-blockiert-760-000-eid-zertifikate-1711-130966-rss.html


∗∗∗ Savitech: USB-Audiotreiber installiert Root-Zertifikat ∗∗∗
---------------------------------------------
Ein Treiber von Savitech installiert Root-Zertifikate in Windows, mit denen theoretisch HTTPS-Verbindungen angegriffen werden können. Genutzt wird der USB-Audiotreiber in Geräten von Asus, Dell oder auch Audio-Technica. Die Zertifikate waren für Windows XP gedacht und wurden vergessen.
---------------------------------------------
https://www.golem.de/news/savitech-usb-audiotreiber-installiert-root-zertifikat-1711-130964-rss.html


∗∗∗ Attacking SSH Over the Wire - Go Red Team!, (Thu, Nov 2nd) ∗∗∗
---------------------------------------------
So, now that we've talked about securing SSH and auditing SSH over the last few days, how about attacking SSH?
---------------------------------------------
https://isc.sans.edu/diary/rss/23000


∗∗∗ QtBot downloader discovered in geo-based Locky-Trickbot campaign ∗∗∗
---------------------------------------------
Researchers from Palo Alto Networks have uncovered QtBot, an intermediate-stage downloader that helps to deliver the final payload in geography-based Locky-Trickbot malspam campaigns.
---------------------------------------------
https://www.scmagazine.com/qtbot-downloader-discovered-in-geo-based-locky-trickbot-campaign/article/705032/


∗∗∗ Call for Speakers - 30th Annual FIRST Conference ∗∗∗
---------------------------------------------
The 30th Annual FIRST Conference is coming back to Asia next June 24-29, 2018 and we are looking for engaging speakers to present on relevant incident response and information security topics. FIRST brings together a wide variety of security and incident response professionals from public, private and academic sectors around the world in an information exchange and co-operation of trust on issues of mutual interest.
---------------------------------------------
https://www.first.org/conference/2018/cfp


∗∗∗ Sicherheitsupdates: Cisco schützt unter anderem Firewalls vor feindlicher Übernahme ∗∗∗
---------------------------------------------
Der Netzwerkausrüster Cisco schließt mehrere Sicherheitslücken in zum Beispiel der Aironet-Serie, Firepower-Reihe und im WebEx Meetings Server.
---------------------------------------------
https://heise.de/-3878040


∗∗∗ Mobile Pwn2Own: Hacker knacken Samsung S8 mittels beachtlicher Sicherheitslücken-Combo ∗∗∗
---------------------------------------------
Auf dem Mobile-Pwn2Own-Wettbewerb haben Hacker zwei Tage lang mobile Geräte von Apple, Huawei und Samsung erfolgreich attackiert. Der Veranstalter schüttete dafür in der Summe 515.000 US-Dollar aus.
---------------------------------------------
https://heise.de/-3878099


∗∗∗ BEC scammers are robbing art galleries and collectors ∗∗∗
---------------------------------------------
BEC scammers are targeting art galleries, collectors and artists, swindling them out of money and, on occasion, ruining their businesses. According to The Art Newspaper, nine art galleries in the UK and the US have been hit, some of them successfully. Insurance broker Adam Prideaux told the publication, the actual number of targets is likely considerably higher. The scammers’ MO The scammers start by finding a way to compromise an art dealer’s email account, and [...]
---------------------------------------------
https://www.helpnetsecurity.com/2017/11/03/bec-scammers-robbing-art-galleries-collectors/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Cisco IOS XE Software Ethernet Virtual Private Network Border Gateway Protocol Denial of Service Vulnerability ∗∗∗
---------------------------------------------
A vulnerability in the Border Gateway Protocol (BGP) over an Ethernet Virtual Private Network (EVPN) for Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload, resulting in a denial of service (DoS) condition, or potentially corrupt the BGP routing table, which could result in network instability.
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171103-bgp


∗∗∗ DSA-4015 openjdk-8 - security update ∗∗∗
---------------------------------------------
https://www.debian.org/security/2017/dsa-4015


∗∗∗ DFN-CERT-2017-1954: Red Hat JBoss Enterprise Web Server: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1954/


∗∗∗ DFN-CERT-2017-1955: Red Hat JBoss Fuse, Red Hat JBoss A-MQ: Mehrere Schwachstellen ermöglichen u.a. die Manipulation von Daten ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1955/


∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/


∗∗∗ Security Advisory - Seven vulnerabilities in Google Dnsmasq ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171103-01-dnsmasq-en

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list