[CERT-daily] Tageszusammenfassung - 13.10.2017

Daily end-of-shift report team at cert.at
Fri Oct 13 18:07:29 CEST 2017


=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 12-10-2017 18:00 − Freitag 13-10-2017 18:00
Handler:     Olaf Schwarz
Co-Handler:  Alexander Riepl

=====================
=       News        =
=====================

∗∗∗ Android DoubleLocker Ransomware Activates Every Time You Hit Home Button ∗∗∗
---------------------------------------------
A new ransomware targeting Android devices has been spotted in the wild. Codenamed DoubleLocker, the ransomware abuses Androids Accessibility service and reactivates itself every time the user presses the phones Home button.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/android-doublelocker-ransomware-activates-every-time-you-hit-home-button/


∗∗∗ Fehler in WSUS-Update: Windows-Clients booten nicht mehr ∗∗∗
---------------------------------------------
Fehlerhafte Update-Pakete für Windows 10 und Windows Server 2016, die Microsoft am letzten Patchday veröffentlicht hat, legten in den vergangenen Tagen Rechner in Unternehmensnetzwerken lahm. Betroffen waren nur Umgebungen mit WSUS und SCCM.
---------------------------------------------
https://www.heise.de/newsticker/meldung/Fehler-in-WSUS-Update-Windows-Clients-booten-nicht-mehr-3861039.html


∗∗∗ Bug auf T-Mobile-Website ermöglichte den Abruf vertraulicher Kundendaten ∗∗∗
---------------------------------------------
In der Website t-mobile.com klaffte ein Sicherheitsleck, das die Abfrage von Kundendatensätzen durch potenzielle Angreifer erlaubte.
---------------------------------------------
https://heise.de/-3860676


∗∗∗ Malvertising on Equifax, TransUnion tied to third party script ∗∗∗
---------------------------------------------
Equifaxs website is once again infected, this time with malvertising that redirects to a fake Flash player. Further investigation reveals TransUnion was also targeted.
---------------------------------------------
https://blog.malwarebytes.com/threat-analysis/2017/10/equifax-transunion-websites-push-fake-flash-player/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Critical Patch Update - October 2017 ∗∗∗
---------------------------------------------
Critical Patch Update - October 2017 - Pre-Release Announcement
---------------------------------------------
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html


∗∗∗ ProMinent MultiFLEX M10a Controller ∗∗∗
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-285-01


∗∗∗ WECON Technology Co., Ltd. LeviStudio HMI Editor ∗∗∗
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-285-02


∗∗∗ Envitech Ltd. EnviDAS Ultimate ∗∗∗
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-285-03


∗∗∗ NXP Semiconductors MQX RTOS ∗∗∗
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-285-04


∗∗∗ Siemens BACnet Field Panels ∗∗∗
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-285-05


∗∗∗ DFN-CERT-2017-1812/">Xen: Mehrere Schwachstelle ermöglichen u.a. das Eskalieren von Privilegien ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1812/


∗∗∗ IBM Security Bulletin: Vulnerabilities in IBM Java SDK affecting IBM Application Delivery Intelligence v1.0.1, v1.0.1.1, v1.0.2, v5.0.2 and v5.0.2.1. (CVE-2017-10115 and CVE-2017-10116) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22009234


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Installation Manager and IBM Packaging Utility ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22009543


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Rational Application Developer for WebSphere Software ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22008951


∗∗∗ IBM Security Bulletin: IBM Notes is affected by Open Source XStream Vulnerabilities ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22004066


∗∗∗ Java SE vulnerability CVE-2017-10115 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K91024405


∗∗∗ Java SE vulnerability CVE-2017-10108 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K52342540


∗∗∗ Vulnerability in windows antivirus products (IK-SA-2017-0001) ∗∗∗
---------------------------------------------
http://www.ikarussecurity.com/about-ikarus/security-blog/vulnerability-in-windows-antivirus-products-ik-sa-2017-0001/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list