[CERT-daily] Tageszusammenfassung - 11.10.2017

Daily end-of-shift report team at cert.at
Wed Oct 11 18:11:16 CEST 2017


=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 10-10-2017 18:00 − Mittwoch 11-10-2017 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Antivirus: Symantec will keine Code-Reviews durch Regierungen mehr ∗∗∗
---------------------------------------------
Aus Angst vor Spionage will die Sicherheitsfirma Symantec nach Angaben ihres CEO keine Regierungen mehr in den eigenen Code schauen lassen. Anlass war offenbar eine Anfrage der russischen Regierung.
---------------------------------------------
https://www.golem.de/news/antivirus-symantec-will-keine-code-reviews-durch-regierungen-mehr-1710-130549.html


∗∗∗ Internal Accenture Data, Customer Information Exposed in Public Amazon S3 Bucket ∗∗∗
---------------------------------------------
Global consulting firm Accenture is the latest giant organization leaving sensitive internal and customer data exposed in a publicly available Amazon Web Services S3 storage bucket.
---------------------------------------------
http://threatpost.com/internal-accenture-data-customer-information-exposed-in-public-amazon-s3-bucket/128364/


∗∗∗ October 2017 security update release ∗∗∗
---------------------------------------------
Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend ..
---------------------------------------------
https://blogs.technet.microsoft.com/msrc/2017/10/10/october-2017-security-update-release/


∗∗∗ Credit Card Stealer Investigation Uncovers Malware Ring ∗∗∗
---------------------------------------------
During a recent investigation, I found a new piece of malicious code being used to steal credit card information from compromised Magento sites.  What I didn’t know was how many domains would be uncovered as part of the malware campaign. Each of the malicious domain names was specifically chosen to appear as legitimate as possible to the website ..
---------------------------------------------
https://blog.sucuri.net/2017/10/credit-card-stealer-investigation-uncovers-malware-ring.html


∗∗∗ iOS: So einfach lassen sich Passwörter von Apple-Nutzern stehlen ∗∗∗
---------------------------------------------
Softwareentwickler zeigt, wie leicht täuschend echt aussehende Passwort-Anfragen erstellt werden können
---------------------------------------------
http://derstandard.at/2000065785641


∗∗∗ BSI warnt nicht vor Kaspersky-Produkten ∗∗∗
---------------------------------------------
Russische Hacker sollen Virenscanner der russischen Firma genutzt haben
---------------------------------------------
http://derstandard.at/2000065833977


∗∗∗ October 2017 Office Update Release ∗∗∗
---------------------------------------------
The October 2017 Public Update releases for Office are now available! This month, there are 26 security updates and 27 non-security updates. All of the security and non-security updates are listed in ..
---------------------------------------------
https://blogs.technet.microsoft.com/office_sustained_engineering/2017/10/10/october-2017-office-update-release/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ LAVA Computer MFG Inc. Ether-Serial Link ∗∗∗
---------------------------------------------
This advisory contains mitigation details for an authentication bypass by spoofing vulnerability in the LAVA Ether-Serial Links firmware.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-283-01


∗∗∗ JanTek JTC-200 ∗∗∗
---------------------------------------------
This advisory contains mitigation details for cross-site request forgery and improper authentication vulnerabilities in JanTeks JTC-200 TCP/IP converter.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-283-02

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list