[CERT-daily] Tageszusammenfassung - 16.07.2018
Daily end-of-shift report
team at cert.at
Mon Jul 16 18:09:52 CEST 2018
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 13-07-2018 18:00 − Montag 16-07-2018 18:00
Handler: Alexander Riepl
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ TLS: Mozilla, Cloudflare und Apple wollen verschlüsselte SNI ∗∗∗
---------------------------------------------
Mit der TLS-Erweiterung SNI können beliebig viele Webseiten samt eigenen Zertifikaten auf einer IP gehostet werden. Dabei könnte jedoch der Name der Domain von Dritten belauscht werden. Ein ..
---------------------------------------------
https://www.golem.de/news/tls-mozilla-cloudflare-und-apple-wollen-verschluesselte-sni-1807-135491.html
∗∗∗ Analysis of the DHCP Client Script Code Execution Vulnerability (CVE-2018-1111) ∗∗∗
---------------------------------------------
Unit 42 shares their analysis of the DHCP Client Script Code Execution ..
---------------------------------------------
https://researchcenter.paloaltonetworks.com/2018/07/unit42-analysis-dhcp-client-script-code-execution-vulnerability-cve-2018-1111
∗∗∗ Red Alert v2.0: Misadventures in Reversing Android Bot Malware ∗∗∗
---------------------------------------------
It all started with a spam message, which curiously had an Android App attachment. The spam email vaguely claims that the attachment was a dating app for finding ..
---------------------------------------------
https://trustwave.com/Resources/SpiderLabs-Blog/Red-Alert-v2-0--Misadventures-in-Reversing-Android-Bot-Malware/
∗∗∗ GitHub to Pythonistas: Let us save you from vulnerable code ∗∗∗
---------------------------------------------
Third language added to security scanner GitHubs added Python to the list of programming languages it can auto-scan for known vulnerabilities.
---------------------------------------------
www.theregister.co.uk/2018/07/16/github_to_pythonistas_let_us_save_you_from_vulnerable_code/
∗∗∗ Does malware based on Spectre exist? ∗∗∗
---------------------------------------------
The Spectre attack has received massive coverage since the beginning of 2018, and by now, it is likely that everyone in computer science has at least heard about ..
---------------------------------------------
https://www.virusbulletin.com/virusbulletin/2018/07/does-malware-based-spectre-exist/
∗∗∗ Fernwartungs-Tool hatte Trojaner im Gepäck ∗∗∗
---------------------------------------------
Die Remote-Admin-Software Ammyy Admin wurde offenbar erneut über die Herstellerseite mit einem Trojaner verteilt.
---------------------------------------------
http://heise.de/-4111069
=====================
= Vulnerabilities =
=====================
∗∗∗ DSA-4246 mailman - security update ∗∗∗
---------------------------------------------
https://www.debian.org/security/2018/dsa-4246
∗∗∗ DSA-4245 imagemagick - security update ∗∗∗
---------------------------------------------
https://www.debian.org/security/2018/dsa-4245
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list