[CERT-daily] Tageszusammenfassung - 06.10.2017
Daily end-of-shift report
team at cert.at
Fri Oct 6 18:15:30 CEST 2017
=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 05-10-2017 18:00 − Freitag 06-10-2017 18:00
Handler: Stephan Richter
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Hackers Hijack Ongoing Email Conversations to Insert Malicious Documents ∗∗∗
---------------------------------------------
A group of hackers is using a sophisticated technique of hijacking ongoing email conversations to insert malicious documents that appear to be coming from a legitimate source and infect other targets participating in the same conversational thread. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/hackers-hijack-ongoing-email-conversations-to-insert-malicious-documents/
∗∗∗ IT-Sicherheit: Für das FBI Botnetze ausschalten ∗∗∗
---------------------------------------------
Der deutsche IT-Sicherheitsforscher Tillmann Werner hat der US-Behörde FBI geholfen, einen gefährlichen Hacker zu jagen.
---------------------------------------------
https://www.golem.de/news/it-sicherheit-fuer-das-fbi-botnetze-ausschalten-1710-130455-rss.html
∗∗∗ Geheimdienste: Wenn Hacker Hacker hacken, scheitert die Attribution ∗∗∗
---------------------------------------------
Einen Hack bis zu seinem Ursprung zurückzuverfolgen, gilt im IT-Sicherheitsbereich als schwieriges Geschäft. Neue Forschungen von Kaspersky zeigen, dass die Situation noch verfahrener ist, als bislang angenommen.
---------------------------------------------
https://www.golem.de/news/geheimdienste-wenn-hacker-hacker-hacken-scheitert-die-attribution-1710-130465-rss.html
∗∗∗ Whats in a cable? The dangers of unauthorized cables, (Fri, Oct 6th) ∗∗∗
---------------------------------------------
As data speeds have increased over the last few years, and interface ports have become more and more multi-functioning and integrated, cables have started to pose a very particular and real danger. So far, they often have been ignored and considered "dumb wires". But far from that, many cables these days hold logic chips of their own and in some cases even upgradable (replaceable) firmware.
---------------------------------------------
https://isc.sans.edu/diary/rss/22904
∗∗∗ Dumb bug of the week: Apples macOS reveals your encrypted drives password in the hint box ∗∗∗
---------------------------------------------
High Sierra update derided by devs as half-baked | Apple on Thursday released a security patch for macOS High Sierra 10.13 to address vulnerabilities in Apple File System (APFS) volumes and its Keychain software.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2017/10/05/apple_patches_password_hint_bug_that_revealed_password/
∗∗∗ Wenn Facebook-Freund/innen nach Geld fragen ∗∗∗
---------------------------------------------
Nachdem Facebook-Konten erfolgreich gehackt wurden, versuchen Betrüger daraus Kapital zu schlagen. Aus diesem Grund schreiben sie Kontakte an und erfinden Geschichten, um an schnelles Geld zu kommen. Um kein Opfer dieser Masche zu werden, sollte den Inhalten nicht leichtfertig geglaubt werden.
---------------------------------------------
https://www.watchlist-internet.at/facebook-betrug/wenn-facebook-freundinnen-nach-geld-fragen/
∗∗∗ Cyber-Sicherheit am Arbeitsplatz: Persönliche Daten im Internet schützen ∗∗∗
---------------------------------------------
https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2017/ECSM_BSI_06102017.html
=====================
= Vulnerabilities =
=====================
∗∗∗ GE CIMPLICITY ∗∗∗
---------------------------------------------
This advisory contains mitigation details for a stack-based buffer overflow vulnerability in GEs CIMPLICITY.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-278-01
∗∗∗ ZDI-17-838: (0Day) Microsoft Windows WAV File Uninitialized Pointer Denial of Service Vulnerability ∗∗∗
---------------------------------------------
This vulnerability allows remote attackers to cause a denial-of-service condition on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-17-838/
∗∗∗ DFN-CERT-2017-1757: Ruby: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1757/
∗∗∗ HPESBHF03786 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution ∗∗∗
---------------------------------------------
https://h20565.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03786en_us
∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in the IBM SDK Java Technology Edition affect IBM Notes ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22009253
∗∗∗ IBM Security Bulletin: Multiple DB2 vulnerabilities affect IBM Spectrum Protect (formerly Tivoli Storage Manger) Server (CVE-2017-1105, CVE-2017-1297) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22009194
∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in Open Source zlib affect IBM Netezza SQL Extensions ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22001212
∗∗∗ Linux kernel vulnerability CVE-2017-14106 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K62178133
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list