[CERT-daily] Tageszusammenfassung - 21.08.2018

Tue Aug 21 18:01:53 CEST 2018

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 20-08-2018 18:00 − Dienstag 21-08-2018 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a

=====================
=       News        =
=====================


∗∗∗ USB-Kabel können Computer mit Trojanern infizieren ∗∗∗
---------------------------------------------
Sicherheitsforschern ist es gelungen, USB-Ladekabel so zu modifizieren, dass sie Trojaner einschleusen können.
---------------------------------------------
https://futurezone.at/produkte/usb-kabel-koennen-computer-mit-trojanern-infizieren/400095488


∗∗∗ TLS developers should ditch pseudo constant time crypto processing ∗∗∗
---------------------------------------------
Fixes for Lucky 13-type bugs could still be vulnerable More than five years after cracks started showing in the Transport Layer Security (TLS) network crypto protocol, the author of the "Lucky 13" attack has poked holes in the fixes ..
---------------------------------------------
www.theregister.co.uk/2018/08/21/tls_developers_should_ditch_pseudo_constant_time_crypto_processing/


∗∗∗ Microsoft: Russische Hacker nehmen Trump-kritische Republikaner ins Visier ∗∗∗
---------------------------------------------
Im Kampf gegen mutmaßlich russische Hacker hat Microsoft weitere Erfolge verkündet: Für Phising-Angriffe auf Republikaner nutzbare Domains wurden entschärft.
---------------------------------------------
http://heise.de/-4142219


∗∗∗ How often are users’ DNS queries intercepted? ∗∗∗
---------------------------------------------
A group of Chinese researchers wanted to find out just how widespread DNS interception is and has presented the result of their large-scale study to the audience at the Usenix Security Symposium last week. The problem Most Internet connections are preceded by a DNS address lookup request, as the Domain Name System (DNS) “translates” ..
---------------------------------------------
https://www.helpnetsecurity.com/2018/08/21/dns-interception/


∗∗∗ The enemy is us: a look at insider threats ∗∗∗
---------------------------------------------
It could be the engineer in the IT department, the janitor mopping the lobby, one of the many managers two floors up, or the contractor who’s been in and out the office for weeks now. Or, maybe it could be you. It ..
---------------------------------------------
https://blog.malwarebytes.com/101/2018/08/the-enemy-is-us-a-look-at-insider-threats/


∗∗∗ Darkhotel APT is back: Zero-day vulnerability in Microsoft VBScript is exploited ∗∗∗
---------------------------------------------
VBScript is available in the latest versions of Windows and Internet Explorer 11. However, Microsoft disabled VBScript execution in the latest version of Windows ..
---------------------------------------------
https://blog.360totalsecurity.com/en/darkhotel-apt-is-back-zero-day-vulnerability-in-microsoft-vbscript-is-exploited/


∗∗∗ Skype - Skype führt "Ende-zu-Ende-Verschlüsselung" ein ∗∗∗
---------------------------------------------
Die Verschlüsselung ist allerdings nicht automatisch aktiviert
---------------------------------------------
https://derstandard.at/2000085764456/Skype-fuehrt-Ende-zu-Ende-Verschluesselung-ein


=====================
=  Vulnerabilities  =
=====================


∗∗∗ DSA-4279 linux - security update ∗∗∗
---------------------------------------------
Multiple researchers have discovered a vulnerability in the way the Intel processor designs have implemented speculative execution of instructions in combination with handling of page-faults. This flaw ..
---------------------------------------------
https://www.debian.org/security/2018/dsa-4279

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily