[CERT-daily] Tageszusammenfassung - 26.09.2017

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 25-09-2017 18:00 − Dienstag 26-09-2017 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Sicherheitslücke in Google für Datendiebstahl genutzt ∗∗∗
---------------------------------------------
Eine spezielle Technik um Webseiten auf mobilen Geräten schneller zu laden, wird von Cyberkriminellen missbraucht, um investigative Journalisten auszuspionieren.
---------------------------------------------
https://futurezone.at/digital-life/sicherheitsluecke-in-google-fuer-datendiebstahl-genutzt/288.468.609


∗∗∗ MacOS High Sierra: MacOS-Keychain kann per App ausgelesen werden ∗∗∗
---------------------------------------------
Der Sicherheitsforscher Patrick Wardle hat demonstriert, dass Apples Keychain unter MacOS mit einer App komplett ausgelesen werden kann. Diese muss aber zunächst an Apples Gatekeeper vorbei.
---------------------------------------------
https://www.golem.de/news/macos-high-sierra-macos-keychain-kann-per-app-ausgelesen-werden-1709-130254-rss.html


∗∗∗ "Preparing for Cyber Security Incidents" ∗∗∗
---------------------------------------------
Talk with any incident responder and youll learn that there are a few less glamorous parts of the job. Writing the final report and preparation in advance to an incident are probably top contenders. In this article I want to focus on preparation and explain to [...]
---------------------------------------------
http://ics.sans.org/blog/2017/09/26/preparing-for-cyber-security-incidents


∗∗∗ An Elaborate ATM Threat Crops Up: Network-based ATM Malware Attacks ∗∗∗
---------------------------------------------
Infecting automated teller machines (ATMs) with malware is nothing new. It’s concerning, yes. But new? Not really. We’ve been seeing physical attacks against ATMs since 2009. By physical, we mean opening the target machine’s casing, accessing the motherboard and connecting USB drives or CD-ROMs in order to infect the operating system. Once infected, the ATM is at the attackers’ mercy, which normally means that they are able to empty the money cassettes and walk away with [...]
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/GLIB-nW2ilE/


∗∗∗ Achtung vor neuer Betrugsmasche: Betrüger ergaunern telefonisch Bitcoin Ladebons ∗∗∗
---------------------------------------------
Das Bundeskriminalamt (BK) warnt vor einem bekannten, aber neu adaptierten Betrugsphänomen, bei dem Inhaber und Angestellte von Trafiken, Tankstellen und Postpartnerstellen via Telefon von Betrügern aufgefordert werden, die Codes der Bitcoin Ladebons bekannt zu geben. Die Polizei informiert.
---------------------------------------------
http://www.bmi.gv.at/cms/bk/_news/start.aspx?id=47476E2B724F38597A506B3D&page=0&view=1



∗∗∗ Source: Deloitte Breach Affected All Company Email, Admin Accounts ∗∗∗
---------------------------------------------
Deloitte, one of the worlds "big four" accounting firms, has acknowledged a breach of its internal email systems, British news outlet The Guardian revealed today. Deloitte has sought to downplay the incident, saying it impacted "very few" clients. But according to a source close to the investigation, the breach dates back to at least the fall of 2016, and involves the compromise of all administrator accounts at the company as well as Deloittes entire internal email system.
---------------------------------------------
https://krebsonsecurity.com/2017/09/source-deloitte-breach-affected-all-company-email-admin-accounts/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Apple Security Updates ∗∗∗
---------------------------------------------
macOS Server 5.4: https://support.apple.com/kb/HT208102 
iTunes 12.7 for Windows: https://support.apple.com/kb/HT208141 
iTunes 12.7: https://support.apple.com/kb/HT208140 
macOS High Sierra 10.13: https://support.apple.com/kb/HT208144 
iCloud for Windows 7.0: https://support.apple.com/kb/HT208142
---------------------------------------------


∗∗∗ Solarwinds LEM Insecure Update Process ∗∗∗
---------------------------------------------
https://cxsecurity.com/issue/WLB-2017090206


∗∗∗ FLIR Systems FLIR Thermal Camera - Multiple Vulnerabilities ∗∗∗
---------------------------------------------
https://www.zeroscience.mk/en/vulnerabilities/


∗∗∗ IBM Security Bulletin: Vulnerability in system log on IBM DataPower Gateways WebGUI console (CVE-2017-1591) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22008815


∗∗∗ IBM Security Bulletin: Path Traversal Vulnerability in IBM WebSphere Portal (CVE-2017-1577) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22008586


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Web Experience Factory ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22007912


∗∗∗ IBM Security Bulletin: Vulnerability in Node.js affects IBM DataPower Gateways (CVE-2017-11499) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22008629


∗∗∗ IBM Security Bulletin: RMI Dispatcher port used by Security Identity Adapters is not authenticated by default ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22007375


∗∗∗ IBM Security Bulletin: Security Identity Adapter attribute input is not protected against command injection ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22007377


∗∗∗ IBM Security Bulletin: Vulnerability in XDR affects IBM DataPower Gateways (CVE-2017-8804) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22008628

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily