[CERT-daily] Tageszusammenfassung - 09.03.2018

Fri Mar 9 18:05:30 CET 2018

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 08-03-2018 18:00 − Freitag 09-03-2018 18:00
Handler:     Nina Bieringer
Co-Handler:  Alexander Riepl

=====================
=       News        =
=====================


∗∗∗ LLVM 6.0: Clang bekommt Maßnahme gegen Spectre-Angriff ∗∗∗
---------------------------------------------
Die neue Version der LLVM-Compiler wie Clang bringt mit Retpolines eine wichtige Maßnahme gegen Angriffe über Spectre. Davon profitieren auch künftige Windows-Versionen von Google Chrome. Optimierungen gibt es außerdem bei der Diagnose von Quelltexten.
---------------------------------------------
https://www.golem.de/news/llvm-6-0-clang-bekommt-massnahme-gegen-spectre-angriff-1803-133241.html


∗∗∗ Avast: CCleaner-Infektion enthielt Keylogger-Funktion ∗∗∗
---------------------------------------------
Die im vergangenen Jahr mit CCleaner verteilte Malware sollte Unternehmen wohl auch per Keylogger ausspionieren. Avast hat im eigenen Netzwerk die Shadowpad-Malware gefunden, geht aber davon aus, dass diese bei Kunden nicht installiert wurde.
---------------------------------------------
https://www.golem.de/news/avast-ccleaner-infektion-enthielt-keylogger-funktion-1803-133255.html


∗∗∗ Look-Alike Domains and Visual Confusion ∗∗∗
---------------------------------------------
How good are you at telling the difference between domain names you know and trust and imposter or look-alike domains? The answer may depend on how familiar you are with the nuances of internationalized domain names (IDNs), as well ..
---------------------------------------------
https://krebsonsecurity.com/2018/03/look-alike-domains-and-visual-confusion/


∗∗∗ Researchers Demonstrate Ransomware Attack on Robots ∗∗∗
---------------------------------------------
IOActive security researchers today revealed a ransomware attack on robots, demonstrating not only that such assaults are possible, but also their potential financial impact. read more
---------------------------------------------
https://www.securityweek.com/researchers-demonstrate-ransomware-attack-robots


=====================
=  Vulnerabilities  =
=====================


∗∗∗ Siemens SIPROTEC 4, SIPROTEC Compact, DIGSI 4, and EN100 Ethernet Module ∗∗∗
---------------------------------------------
This advisory includes mitigations for missing authentication for critical function, and inadequate encryption strength vulnerabilities in Siemens SIPROTEC 4, SIPROTEC Compact, DIGSI 4, and EN100 Ethernet module.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-067-01


∗∗∗ Siemens SIPROTEC 4, SIPROTEC Compact, and Reyrolle Devices using the EN100 Ethernet Communication Module Extension ∗∗∗
---------------------------------------------
This advisory includes mitigation details for a missing authentication for critical function vulnerability in the Siemens SIPROTEC 4, SIPROTEC Compact, and Reyrolle devices using the EN100 Ethernet communication module extension.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-067-02


∗∗∗ Security Advisory - Information Disclosure Vulnerability on Honor Smart Scale Application ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180309-01-ah-en


∗∗∗ Security Advisory - Buffer Overflow Vulnerability in eNSP Software ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180309-01-ensp-en


∗∗∗ IBM Security Bulletin: IBM Notes Privilege Escalation in IBM Notes System Diagnostics service (CVE-2018-1437) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22014201


∗∗∗ IBM Security Bulletin: IBM Notes Remote Code Execution Vulnerability (CVE-2018-1435) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22014198

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily