[CERT-daily] Tageszusammenfassung - 16.01.2018
Daily end-of-shift report
team at cert.at
Tue Jan 16 18:11:45 CET 2018
=====================
= End-of-Day report =
=====================
Timeframe: Montag 15-01-2018 18:00 − Dienstag 16-01-2018 18:00
Handler: Nina Bieringer
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ Skygofree: Kaspersky findet mutmaßlichen Staatstrojaner ∗∗∗
---------------------------------------------
Ein Unternehmen aus Italien soll hinter einer Android-Malware stecken, die seit Jahren verteilt wird. Interessant ist dabei die Vielzahl an Kontrollmöglichkeiten der Angreifer - von HTTP über XMPP und die Firebase-Dienste.
---------------------------------------------
https://www.golem.de/news/skygofree-kaspersky-findet-mutmasslichen-staatstrojaner-1801-132197-rss.html
∗∗∗ WhatsApp und Signal: Forscher beschreiben Schwächen verschlüsselter Gruppenchats ∗∗∗
---------------------------------------------
Zwar ist die Ende-zu-Ende-Verschlüsselung bei WhatsApp und Signal sicher, das Drumherum lässt aber eventuell zu wünschen übrig. So wird ein von Spionen gekaperter Kontrollserver mitunter zur Schwachstelle.
---------------------------------------------
https://heise.de/-3942046
=====================
= Vulnerabilities =
=====================
∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (ca-certificates, gdk-pixbuf, and graphicsmagick), Fedora (qtpass), openSUSE (python-openpyxl and syncthing), Slackware (kernel), and Ubuntu (gdk-pixbuf).
---------------------------------------------
https://lwn.net/Articles/744503/rss
∗∗∗ BlackBerry powered by Android Security Bulletin – January 2018 ∗∗∗
---------------------------------------------
http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000047401
∗∗∗ Vuln: Atlassian JIRA CVE-2017-16862 Cross Site Request Forgery Vulnerability ∗∗∗
---------------------------------------------
http://www.securityfocus.com/bid/102506
∗∗∗ Vuln: Atlassian JIRA CVE-2017-16864 Cross Site Scripting Vulnerabiliy ∗∗∗
---------------------------------------------
http://www.securityfocus.com/bid/102505
∗∗∗ IBM Fix available for Insecure Direct Object Reference in IBM Cúram Social Program Management (CVE-2018-1362) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22012528
∗∗∗ IBM Security Bulletin: Rational Developer for System z – Add support for TLS v1.2 with MS-CAPI in HCE ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22011808
∗∗∗ IBM Security Bulletin: IBM Developer for z Systems – Add support for TLS v1.2 with MS-CAPI in HCE ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22011816
∗∗∗ IBM Security Bulletin: IBM i2 COPLINK BeanShell Vulnerability (CVE-2016-2510) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg21982952
∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in Oracle Outside In Technology affect IBM Rational DOORS Next Generation (CVE-2017-10141, CVE-2017-10196) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22012619
∗∗∗ IBM Security Bulletin: IBM FileNet Content Manager, IBM Content Foundation, and IBM Case Foundation are affected by the ability to execute remote attacker’s arbitrary code on a target machine vulnerability ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22010868
∗∗∗ IBM Security Bulletin: Security vulnerabilities in IBM Java Runtime affect IBM RLKS Administration and Reporting Tool Admin ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22012476
∗∗∗ IBM Security Bulletin: Vulnerability in Open Source cURL Libcurl affects IBM PureApplication. (CVE-2017-1000257) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22011203
∗∗∗ IBM Security Bulletin: IBM Kenexa LCMS Premier on Cloud is affected by Open Source Commons FileUpload Apache Vulnerabilities ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22011720
∗∗∗ IBM Security Bulletin: Vulnerabilities in libxml2 affect Intel® Manycore Platform Software Stack (Intel® MPSS) for Linux and Windows ∗∗∗
---------------------------------------------
https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099753
∗∗∗ [R1] SecurityCenter 5.6.1 Fixes Multiple Third-party Vulnerabilities ∗∗∗
---------------------------------------------
http://www.tenable.com/security/tns-2017-16
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list