[CERT-daily] Tageszusammenfassung - 30.05.2018
Daily end-of-shift report
team at cert.at
Wed May 30 18:03:27 CEST 2018
=====================
= End-of-Day report =
=====================
Timeframe: Dienstag 29-05-2018 18:00 − Mittwoch 30-05-2018 18:00
Handler: Alexander Riepl
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Ultraschallangriffe bringen Festplatten zum Absturz ∗∗∗
---------------------------------------------
Sicherheitsforscher haben mit Schall- und Ultraschallattacken Videoüberwachungssyteme, aber auch PCs und Laptops außer Gefecht gesetzt.
---------------------------------------------
https://futurezone.at/science/ultraschallangriffe-bringen-festplatten-zum-absturz/400043203
∗∗∗ Yahoo-Hack: Kanadier zu fünf Jahren Gefängnis verurteilt ∗∗∗
---------------------------------------------
Für den russischen Geheimdienst beschaffte ein Hacker den Zugang zu 80 Webmail-Konten durch Eindringen in das Yahoo-System. Jetzt muss er ins Gefängnis.
---------------------------------------------
http://heise.de/-4060708
∗∗∗ Roboter Pepper kämpft mit massiven Sicherheitsproblemen ∗∗∗
---------------------------------------------
Die "feindliche" Übernahme von einem Roboter ist ein Horrorszenario. Beim Service-Roboter Pepper ist das möglich, wie Wissenschaftler herausgefunden haben.
---------------------------------------------
http://heise.de/-4060743
∗∗∗ Will the Real Joker’s Stash Come Forward? ∗∗∗
---------------------------------------------
For as long as scam artists have been around so too have opportunistic thieves who specialize in ripping off other scam artists. This is the story about a group of Pakistani Web site designers who apparently have made an impressive living impersonating some of the most popular and well known "carding" markets, or online stores that sell stolen credit cards.
---------------------------------------------
https://krebsonsecurity.com/2018/05/will-the-real-jokers-stash-come-forward/
∗∗∗ 0patching Foxit Reader Buffer... Oops... Integer Overflow (CVE-2017-17557) ∗∗∗
---------------------------------------------
In April, Steven Seeley of Source Incite published a report of a vulnerability in Foxit Reader and PhantomPDF versions up to 9.0.1 that could allow for remote code execution on a target system. Public release of this report was coordinated with an official vendor fix included in the Aprils Foxit Reader and PhantomPDF 9.1. release.According to our analysis the PoC attached to the report triggers a heap-based buffer overflow in a Bitmap image data copy operation ..
---------------------------------------------
http://blog.0patch.com/2018/05/0patching-foxit-reader-buffer-oops.html
∗∗∗ Cookie consent script used to distribute malware ∗∗∗
---------------------------------------------
Since the new website cookie usage regulations in the EU have come into place, many websites have added a warning on their website about how they use cookies on it and as well, ask for your consent. ]]>
---------------------------------------------
http://labs.sucuri.net/?note=2018-05-29
=====================
= Vulnerabilities =
=====================
∗∗∗ DSA-4212 git - security update ∗∗∗
---------------------------------------------
https://www.debian.org/security/2018/dsa-4212
∗∗∗ DSA-4213 qemu - security update ∗∗∗
---------------------------------------------
https://www.debian.org/security/2018/dsa-4213
∗∗∗ Potential XSS in "CSRF validation failure" page due to lack of referer sanitization ∗∗∗
---------------------------------------------
https://fortiguard.com/psirt/FG-IR-18-059
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list