[CERT-daily] Tageszusammenfassung - 19.10.2018

Daily end-of-shift report team at cert.at
Fri Oct 19 18:08:58 CEST 2018


=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 18-10-2018 18:00 − Freitag 19-10-2018 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a

=====================
=       News        =
=====================


∗∗∗ SSH Key Management Overview & 6 Best Practices ∗∗∗
---------------------------------------------
Secure Socket Shell (SSH), also called Secure Shell, is a special network protocol leveraging ..
---------------------------------------------
https://www.beyondtrust.com/blog/ssh-key-management-overview-6-best-practices/


∗∗∗ How we discovered a Ukranian cybercrime hotspot ∗∗∗
---------------------------------------------
Our researchers wanted to take a closer look at the GandCrab ransomware. Then they found an entire cybercrime network, operating from Ukraine.
---------------------------------------------
https://www.gdatasoftware.com/blog/2018/10/31187-ukranian-cybercrime-hotspot-ransomware


∗∗∗ The Underground Job Market ∗∗∗
---------------------------------------------
"Leave your ego at the door every morning, and just do some truly great work. Few things will make you feel better than a job brilliantly done." Robin S. Sharma The last time we visited the ..
---------------------------------------------
https://trustwave.com/Resources/SpiderLabs-Blog/The-Underground-Job-Market/


∗∗∗ Hack.lu 2018 Wrap-Up Day #3 ∗∗∗
---------------------------------------------
Here we go with the last wrap-up of the 2018 edition! The first presentation was about worms: “Worms that turn: nematodes and neotodes” by Matt Wixey. The first slide contained the mention: “for educational purposes only”. What could we ..
---------------------------------------------
https://blog.rootshell.be/2018/10/18/hack-lu-2018-wrap-up-day-3/


∗∗∗ Jetzt patchen! Kritische Lücken in Drupal gefährden ganze Websites ∗∗∗
---------------------------------------------
Aufgrund von mehreren Schwachstellen sollten Web-Admins zügig ihre Drupal-Installation auf den aktuellen Stand bringen.
---------------------------------------------
http://heise.de/-4196243


∗∗∗ Sicherheitslücke in jQuery-File-Upload Plug-in macht unzählige Server verwundbar ∗∗∗
---------------------------------------------
Es ist ein wichtiges Sicherheitsupdate für das jQuery-File-Upload-Plug-in erschienen. Eine globale Installation ist jedoch utopisch.
---------------------------------------------
http://heise.de/-4196771


∗∗∗ Encrypted SNI Comes to Firefox Nightly ∗∗∗
---------------------------------------------
TL;DR: Firefox Nightly now supports encrypting the TLS Server Name Indication (SNI) extension, which helps prevent attackers on your network from learning your browsing history. You can enable encrypted SNI today and ..
---------------------------------------------
https://blog.mozilla.org/security/2018/10/18/encrypted-sni-comes-to-firefox-nightly/


=====================
=  Vulnerabilities  =
=====================


∗∗∗ DSA-4323 drupal7 - security update ∗∗∗
---------------------------------------------
https://www.debian.org/security/2018/dsa-4323

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list