[CERT-daily] Tageszusammenfassung - 23.03.2018
Daily end-of-shift report
team at cert.at
Fri Mar 23 18:11:42 CET 2018
=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 22-03-2018 18:00 − Freitag 23-03-2018 18:00
Handler: Robert Waldner
Co-Handler: Alexander Riepl
=====================
= News =
=====================
∗∗∗ Wichtige Updates sichern GitLab ab ∗∗∗
---------------------------------------------
Wer Software-Projekte über GitLab verwaltet, sollte zügig die aktuellen Sicherheitspatches installieren. Sonst könnten Angreifer eventuell Schadcode ausführen.
---------------------------------------------
https://www.heise.de/meldung/Wichtige-Updates-sichern-GitLab-ab-4002151.html
∗∗∗ Atlanta: Kryptotrojaner trifft Stadtverwaltung ∗∗∗
---------------------------------------------
Die US-Metropole Atlanta wurde von einem Kryptotrojaner getroffen, der Teile des Computernetzes der Stadtregierung lahmgelegt hat. Derzeit versuchen das FBI und das Heimatschutzministerium, das Problem zu beheben.
---------------------------------------------
https://www.heise.de/meldung/Atlanta-Kryptotrojaner-trifft-Stadtverwaltung-4002523.html
=====================
= Vulnerabilities =
=====================
∗∗∗ Siemens SIMATIC WinCC OA UI Mobile App ∗∗∗
---------------------------------------------
This advisory includes mitigations for an improper access control vulnerability in the Siemens WinCC OA UI mobile app for Android and IOS.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-081-01
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Financial Transaction Manager for Corporate Payment Services for Multiplatforms ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22014820
∗∗∗ IBM Security Bulletin: There are potential Cross Site Scripting (XSS) vulnerabilities in the Duplicate Detect component in Financial Transaction Manager (FTM) for Check Services (CVE-2018-1390) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22014795
∗∗∗ IBM Security Bulletin: IBM API Connect has released 5.0.8.2 iFix in response to the vulnerabilities known as Spectre and Meltdown. ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22014530
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list