[CERT-daily] Tageszusammenfassung - 16.01.2018

Daily end-of-shift report team at cert.at
Tue Jan 16 18:11:45 CET 2018


=====================
= End-of-Day report =
=====================

Timeframe:   Montag 15-01-2018 18:00 − Dienstag 16-01-2018 18:00
Handler:     Nina Bieringer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Skygofree: Kaspersky findet mutmaßlichen Staatstrojaner ∗∗∗
---------------------------------------------
Ein Unternehmen aus Italien soll hinter einer Android-Malware stecken, die seit Jahren verteilt wird. Interessant ist dabei die Vielzahl an Kontrollmöglichkeiten der Angreifer - von HTTP über XMPP und die Firebase-Dienste.
---------------------------------------------
https://www.golem.de/news/skygofree-kaspersky-findet-mutmasslichen-staatstrojaner-1801-132197-rss.html


∗∗∗ WhatsApp und Signal: Forscher beschreiben Schwächen verschlüsselter Gruppenchats ∗∗∗
---------------------------------------------
Zwar ist die Ende-zu-Ende-Verschlüsselung bei WhatsApp und Signal sicher, das Drumherum lässt aber eventuell zu wünschen übrig. So wird ein von Spionen gekaperter Kontrollserver mitunter zur Schwachstelle.
---------------------------------------------
https://heise.de/-3942046



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (ca-certificates, gdk-pixbuf, and graphicsmagick), Fedora (qtpass), openSUSE (python-openpyxl and syncthing), Slackware (kernel), and Ubuntu (gdk-pixbuf).
---------------------------------------------
https://lwn.net/Articles/744503/rss


∗∗∗ BlackBerry powered by Android Security Bulletin – January 2018 ∗∗∗
---------------------------------------------
http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000047401


∗∗∗ Vuln: Atlassian JIRA CVE-2017-16862 Cross Site Request Forgery Vulnerability ∗∗∗
---------------------------------------------
http://www.securityfocus.com/bid/102506


∗∗∗ Vuln: Atlassian JIRA CVE-2017-16864 Cross Site Scripting Vulnerabiliy ∗∗∗
---------------------------------------------
http://www.securityfocus.com/bid/102505


∗∗∗ IBM Fix available for Insecure Direct Object Reference in IBM Cúram Social Program Management (CVE-2018-1362) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22012528


∗∗∗ IBM Security Bulletin: Rational Developer for System z – Add support for TLS v1.2 with MS-CAPI in HCE ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22011808


∗∗∗ IBM Security Bulletin: IBM Developer for z Systems – Add support for TLS v1.2 with MS-CAPI in HCE ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22011816


∗∗∗ IBM Security Bulletin: IBM i2 COPLINK BeanShell Vulnerability (CVE-2016-2510) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg21982952


∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in Oracle Outside In Technology affect IBM Rational DOORS Next Generation (CVE-2017-10141, CVE-2017-10196) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22012619


∗∗∗ IBM Security Bulletin: IBM FileNet Content Manager, IBM Content Foundation, and IBM Case Foundation are affected by the ability to execute remote attacker’s arbitrary code on a target machine vulnerability ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22010868


∗∗∗ IBM Security Bulletin: Security vulnerabilities in IBM Java Runtime affect IBM RLKS Administration and Reporting Tool Admin ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22012476


∗∗∗ IBM Security Bulletin: Vulnerability in Open Source cURL Libcurl affects IBM PureApplication. (CVE-2017-1000257) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22011203


∗∗∗ IBM Security Bulletin: IBM Kenexa LCMS Premier on Cloud is affected by Open Source Commons FileUpload Apache Vulnerabilities ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22011720


∗∗∗ IBM Security Bulletin: Vulnerabilities in libxml2 affect Intel® Manycore Platform Software Stack (Intel® MPSS) for Linux and Windows ∗∗∗
---------------------------------------------
https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099753


∗∗∗ [R1] SecurityCenter 5.6.1 Fixes Multiple Third-party Vulnerabilities ∗∗∗
---------------------------------------------
http://www.tenable.com/security/tns-2017-16

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list