[CERT-daily] Tageszusammenfassung - 12.09.2017

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 11-09-2017 18:00 − Dienstag 12-09-2017 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a

=====================
=        News       =
=====================

∗∗∗ Miners on the Rise ∗∗∗
---------------------------------------------
Over the last month alone, we have detected several large botnets designed to profit from concealed crypto mining. We have also observed growing numbers of attempts to install miners on servers owned by organizations. When these attempts are successful, the companies’ business processes suffer because data processing speeds fall substantially.
---------------------------------------------
http://securelist.com/miners-on-the-rise/81706/


∗∗∗ Google to kill Symantec certs in Chrome 66, due in early 2018 ∗∗∗
---------------------------------------------
This is how trust ends, not with a bang but with a whimper Google has detailed its plan to deprecate Symantec-issued certificates in Chrome.…
---------------------------------------------
www.theregister.co.uk/2017/09/12/chrome_66_to_reject_symantec_certs/


∗∗∗ D-Link DIR-850L: Router können gekapert werden, Patches nicht verfügbar ∗∗∗
---------------------------------------------
In D-Links Heimrouter 850L klaffen schwerwiegende Sicherheitslücken, über die Angreifer die Geräte in ihre Kontrolle bringen können. Updates, welche die Lücken schließen, sind vorerst nicht zu erwarten.
---------------------------------------------
https://heise.de/-3828382


∗∗∗ SAP Security Patch Day – September 2017 ∗∗∗
---------------------------------------------
This post by SAP Product Security Response Team shares information on Patch Day Security Notes* that are released on second Tuesday of every month and fix vulnerabilities discovered in SAP products. SAP strongly ..
---------------------------------------------
https://blogs.sap.com/2017/09/12/sap-security-patch-day-september-2017/



=====================
=    Advisories     =
=====================

∗∗∗ Security Bulletins Posted ∗∗∗
---------------------------------------------
Adobe has published security bulletins for Adobe RoboHelp (APSB17-25), Adobe Flash Player (APSB17-28) and ColdFusion (APSB17-30). Adobe recommends users update their product ..
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1491


∗∗∗ DSA-3968 icedove - security update ∗∗∗
---------------------------------------------
Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service.
---------------------------------------------
https://www.debian.org/security/2017/dsa-3968


∗∗∗ Email verification bypass in SAP E-Recruiting ∗∗∗
---------------------------------------------
https://www.sec-consult.com/en/blog/advisories/email-verification-bypass-in-sap-e-recruiting/index.html

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily