[CERT-daily] Tageszusammenfassung - 27.10.2017

Fri Oct 27 18:30:17 CEST 2017

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 25-10-2017 18:00 − Freitag 27-10-2017 18:00
Handler:     Nina Bieringer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Reaper IoT botnet aint so scary, contains fewer than 20,000 drones ∗∗∗
---------------------------------------------
But numbers arent everything, are they, Dyn? The Reaper IoT botnet is nowhere near as threatening as previously suggested, according to new research.…
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2017/10/27/reaper_iot_botnet_follow_up/


∗∗∗ A Bug in a Popular Maritime Platform Left Ships Exposed ∗∗∗
---------------------------------------------
The AmosConnect 8 web platform has vulnerabilities that could allow data to be exposed—underscoring deeper problems with maritime security.
---------------------------------------------
https://www.wired.com/story/bug-in-popular-maritime-platform-isnt-getting-fixed


∗∗∗ SANS Reading Room ∗∗∗
---------------------------------------------
The SANS Reading Room features over 2,730 original computer security white papers in 105 different categories.
---------------------------------------------
https://www.sans.org/reading-room/


∗∗∗ Sicherheitslücken in FortiOS mit hohem Angriffsrisiko ∗∗∗
---------------------------------------------
Im Betriebssystem FortiOS klaffen zwei Schwachstellen. Sicherheitsupdates reparieren das System.
---------------------------------------------
https://heise.de/-3873331


∗∗∗ The race to quantum supremacy and its cybersecurity impact ∗∗∗
---------------------------------------------
Quantum computing uses the power of atoms to perform memory and processing tasks and remains a theoretical concept. However, it is widely believed that its creation is possible. Most experts now agree that the creation of a quantum computer is simply a matter of engineering, and that the theoretical application will happen. Optimistic estimates for commercialization by the private sector vary between 5 and 15 years, while more conservative estimates by academics put it at [...]
---------------------------------------------
https://www.helpnetsecurity.com/2017/10/26/quantum-supremacy/


∗∗∗ Please don’t buy this: smart locks ∗∗∗
---------------------------------------------
The announcement of Amazon Key, a smart lock paired with a security camera that lets couriers into your home, spawned our new series called "Please dont buy this."
---------------------------------------------
https://blog.malwarebytes.com/security-world/2017/10/please-dont-buy-this-smart-locks/


∗∗∗ How to secure your router to prevent IoT threats? ∗∗∗
---------------------------------------------
The router is the first device that you must consider, since it not only controls the perimeter of your network, but all your traffic and information pass through it.
---------------------------------------------
https://www.welivesecurity.com/2017/10/26/secure-your-router-prevent-iot-threats/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II ∗∗∗
---------------------------------------------
On October 16th, 2017, a research paper with the title of "Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2" was made publicly available. This paper discusses seven vulnerabilities affecting session key negotiation in both the Wi-Fi Protected Access (WPA) and the Wi-Fi Protected Access II (WPA2) protocols. These vulnerabilities may allow the reinstallation of a pairwise transient key, a group key, or an integrity key on either a wireless client or a wireless access point.
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa


∗∗∗ BlackBerry powered by Android Security Bulletin – October 2017 ∗∗∗
---------------------------------------------
http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000046027


∗∗∗ BlackBerry response to the impact of the vulnerabilities known as KRACK on BlackBerry products ∗∗∗
---------------------------------------------
http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000046425


∗∗∗ Korenix JetNet ∗∗∗
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-299-01


∗∗∗ Rockwell Automation Stratix 5100 ∗∗∗
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-299-02


∗∗∗ Bugtraq: October 2017 - Bamboo - Critical Security Advisory ∗∗∗
---------------------------------------------
http://www.securityfocus.com/archive/1/541424


∗∗∗ DFN-CERT-2017-1898/">F-Secure KEY: Mehrere Schwachstellen ermöglichen das Ausspähen von Anmeldeinformationen ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1898/


∗∗∗ DFN-CERT-2017-1904/">GNU Wget: Zwei Schwachstellen ermöglichen die Ausführung beliebigen Programmcodes und Denial-of-Service-Angriffe ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1904/


∗∗∗ DFN-CERT-2017-1905/">Node.js: Eine Schwachstelle ermöglicht einen Denial-of-Service-Angriff ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1905/


∗∗∗ DFN-CERT-2017-1890/">PHP: Mehrere Schwachstellen ermöglichen u.a. einen Denial-of-Service-Angriff ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1890/


∗∗∗ F5 Security Advisories ∗∗∗
---------------------------------------------
https://support.f5.com/csp/new-updated-articles


∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/


∗∗∗ Security Notice - Statement on Multiple Security Vulnerabilities in WPA/WPA2 ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-notices/2017/huawei-sn-20171017-01-wpa-en


∗∗∗ Security Advisory - Permission Control Vulnerability in Smart Phones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171027-01-smartphone-en

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily