[CERT-daily] Tageszusammenfassung - 06.08.2018

Mon Aug 6 18:13:43 CEST 2018

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 03-08-2018 18:00 − Montag 06-08-2018 18:00
Handler:     Robert Waldner
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ New Method Simplifies Cracking WPA/WPA2 Passwords on 802.11 Networks ∗∗∗
---------------------------------------------
It should be noted that this method does not make it easier to crack the password for a wireless network. It instead makes the process of acquiring a hash that can can be attacked to get the wireless password much easier.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-method-simplifies-cracking-wpa-wpa2-passwords-on-80211-networks/


∗∗∗ DDoS-Angriffe: Die Bedrohung stabilisiert sich ∗∗∗
---------------------------------------------
Durch den Schlag gegen Webstresser.org haben DDoS-Angriffe im deutschsprachigen Raum klar nachgelassen. Grund zur Entwarnung ist das aber nicht.
---------------------------------------------
http://heise.de/-4128961


∗∗∗ Abmahnung der Anwalt AG wegen Urheberrechtsverletzung ∗∗∗
---------------------------------------------
Die ANWALT AG, vertreten durch Dr. Rene De La Porte, versendet eine Abmahnung wegen Urheberrechtsverletzung. Empfänger/innen sollen 426,55 Euro wegen eines Rechtsverstoßes auf kinox.to bezahlen. Das Schreiben ist betrügerisch. Konsument/innen müssen den Geldbetrag nicht bezahlen.
---------------------------------------------
https://www.watchlist-internet.at/news/abmahnung-der-anwalt-ag-wegen-urheberrechtsverletzung/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Enigmail 2.0.8 released ∗∗∗
---------------------------------------------
A security issue has been fixed that allows an attacker to prepare a plain, unauthenticated HTML message in a way that it looks like its signed and/or encrypted.
---------------------------------------------
https://www.enigmail.net/index.php/en/download/changelog


∗∗∗ EMC Data Protection Advisor XML External Entity Processing Flaw Lets Remote Authenticated Users Obtain Potentially Sensitive Information ∗∗∗
---------------------------------------------
A remote authenticated user can supply specially crafted XML External Entity (XXE) data to the target REST API to read files on the target system with the privileges of the target service or cause denial of service conditions on the target system.
---------------------------------------------
http://www.securitytracker.com/id/1041417


∗∗∗ CA API Developer Portal Input Validation Flaw Lets Remote Users Conduct Cross-Site Scripting Attacks ∗∗∗
---------------------------------------------
The developer portal does not properly filter HTML code from user-supplied input before displaying the input. A remote user can cause arbitrary scripting code to be executed by the target user's browser.
---------------------------------------------
http://www.securitytracker.com/id/1041416


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (cgit, python-django, and python2-django), Debian (ant, cgit, libmspack, python-django, symfony, vim-syntastic, and xml-security-c), Fedora (kernel-headers, libao, libvorbis, mingw-gdal, mingw-xerces-c, and python-XStatic-jquery-ui), openSUSE (bouncycastle, java-10-openjdk, libgcrypt, libsndfile, mutt, nautilus, ovmf, python-dulwich, rpm, util-linux, wireshark, and xen), Oracle (kernel), Red Hat (kernel, openslp, rhvm-setup-plugins, and xmlrpc),
---------------------------------------------
https://lwn.net/Articles/761923/


∗∗∗ IBM Security Bulletin: Vulnerability in IBM Rhapsody Model Manager with potential for Cross-Site Scripting attack ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=ibm10718345

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily