[CERT-daily] Tageszusammenfassung - 10.10.2017

Daily end-of-shift report team at cert.at
Tue Oct 10 18:12:31 CEST 2017


=====================
= End-of-Day report =
=====================

Timeframe:   Montag 09-10-2017 18:00 − Dienstag 10-10-2017 18:00
Handler:     Alexander Riepl
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ ATMii Malware Makes Windows 7 and Windows Vista ATMs Spit Out Cash ∗∗∗
---------------------------------------------
Security researchers have discovered a new ATM malware strain named ATMii that targets only ATMs running on Windows 7 and Windows Vista.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/atmii-malware-makes-windows-7-and-windows-vista-atms-spit-out-cash/


∗∗∗ Changes in Password Best Practices ∗∗∗
---------------------------------------------
NIST recently published their four-volume SP800-63-3 Digital Identity Guidelines. Among other things, they make three important suggestions when it comes to passwords:Stop it with the annoying password complexity rules. They make passwords harder to remember. They increase errors because artificially complex passwords are harder to type in. And they dont help that much. Its better to allow people to use pass phrases.Stop it with password expiration. That was an old idea for an old way we used [...]
---------------------------------------------
https://www.schneier.com/blog/archives/2017/10/changes_in_pass.html


∗∗∗ The Absurdly Underestimated Dangers of CSV Injection ∗∗∗
---------------------------------------------
In some ways this is old news, but in other ways…well, I think few realize how absolutely devastating and omnipresent this vulnerability can be. It is an attack vector available in every application I’ve ever seen that takes user input and allows administrators to bulk export to CSV.
---------------------------------------------
http://georgemauer.net/2017/10/07/csv-injection.html


∗∗∗ Financial Times bekämpft Werbebetrug ∗∗∗
---------------------------------------------
Millionenverluste durch Domain-Spoofing: Werbenetzwerke verkauften Videowerbung für Leser der Financial Times, die aber tatsächlich auf anderen Websites ausgespielt wurde.
---------------------------------------------
https://www.heise.de/newsticker/meldung/Financial-Times-bekaempft-Werbebetrug-3854055.html


∗∗∗ Google-Analyse: Microsoft patcht Windows 7/8 teilweise nicht ∗∗∗
---------------------------------------------
Forscher von Google haben nachgewiesen, dass Microsoft Sicherheitslücken in Windows 10 behoben hat, die gleichen Lücken in Windows 7 und 8 jedoch offen ließ. Patches kamen erst, als die Veröffentlichung durch Project Zero drohte.
---------------------------------------------
https://heise.de/-3852695


∗∗∗ Über 37.000 Chrome-Nutzer installierten gefälschte Adblock-Plus-Extension ∗∗∗
---------------------------------------------
Die Browser-Erweiterung Adblock Plus soll vor Werbung und Schadcode schützen. Eine kürzlich aus dem Chrome Web Store entfernte Extension gleichen Namens führte das genaue Gegenteil im Schilde. Im Zweifel ist eine Neuinstallation ratsam.
---------------------------------------------
https://heise.de/-3854625


∗∗∗ Sicherheits-App der Erste Bank ist Schadsoftware ∗∗∗
---------------------------------------------
Kriminelle versenden eine gefälschte Erste Bank und Sparkasse-Nachricht. Darin behaupten sie, dass das Konto von Kund/innen eingeschränkt worden sei und sie zur weiteren Benutzung eine Sicherheits-App installieren müssen. Die angebliche Sicherheits-App ist Schadsoftware. Wer sie isntalliert, ermöglicht Kriminellen Zugriff auf das eigene Konto.
---------------------------------------------
https://www.watchlist-internet.at/schadsoftware/sicherheits-app-der-erste-bank-ist-schadsoftware/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ SAP Security Patch Day – October 2017 ∗∗∗
---------------------------------------------
This post by SAP Product Security Response Team shares information on Patch Day Security Notes* that are released on second Tuesday of every month and fix vulnerabilities discovered in SAP products. SAP strongly recommends that [...]
---------------------------------------------
https://blogs.sap.com/2017/10/10/sap-security-patch-day-october-2017/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Host On-Demand ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22009289


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect (formerly Tivoli Storage Manager) Operations Center and Client Management Services (CVE-2017-10115, CVE-2017-10116) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22009293


∗∗∗ IBM Security Bulletin: WebSphere Application Server Edge Caching Proxy may be vulnerable to HTTP response splitting (CVE-2017-1503) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22006815


∗∗∗ IBM Security Bulletin: Open Source Apache Cordova Android Vulnerabilities affect IBM Worklight and IBM MobileFirst Platform Foundation ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg2C1000350


∗∗∗ IBM Security Bulletin:IBM Integration Bus is affected by deserialization RCE vulnerability in IBM WebSphere JMS Client ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22008829

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list