[CERT-daily] Tageszusammenfassung - 25.09.2018

Tue Sep 25 18:19:02 CEST 2018

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 24-09-2018 18:00 − Dienstag 25-09-2018 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a

=====================
=       News        =
=====================


∗∗∗ Android Trojan reads Whatsapp-Messages ∗∗∗
---------------------------------------------
A spyware still in development can read users Whatsapp-Messages and other sensitive data. G DATA researchers analysed the Malware to protect our customers.
---------------------------------------------
https://www.gdatasoftware.com/blog/2018/09/31122-android-trojan-reads-whatsapp-messages


∗∗∗ OpenPGP/GnuPG: Signaturen fälschen mit HTML und Bildern ∗∗∗
---------------------------------------------
PGP-Signaturen sollen gewährleisten, dass eine E-Mail tatsächlich vom korrekten Absender kommt. Mit einem simplen Trick kann man bei vielen Mailclients scheinbar signierte Nachrichten erstellen - indem man die entsprechende Anzeige mittels HTML fälscht. (OpenPGP, E-Mail)
---------------------------------------------
https://www.golem.de/news/openpgp-gnupg-signaturen-faelschen-mit-html-und-bildern-1809-136738.html


∗∗∗ Analyzing Encoded Shellcode with scdbg, (Mon, Sep 24th) ∗∗∗
---------------------------------------------
Reader Jason analyzed a malicious RTF file: using OfficeMalScanner and xorsearch he was able to extract and find the entry point of the shellcode, but scdbg was not able to emulate the shellcode.
---------------------------------------------
https://isc.sans.edu/diary/rss/24134


=====================
=  Vulnerabilities  =
=====================


∗∗∗ Multiple Vulnerabilities in Cisco Identity Services Engine ∗∗∗
---------------------------------------------
Cisco Identity Services Engine (ISE) contains the following vulnerabilities: Cisco ISE Authenticated Arbitrary Command Execution Vulnerability Cisco ISE Support Information Download Authentication Bypass Vulnerability These ..
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-ise


∗∗∗ DSA-4305 strongswan - security update ∗∗∗
---------------------------------------------
https://www.debian.org/security/2018/dsa-4305


∗∗∗ ZDI-18-1083: Apple Safari Array Concat Uninitialized Buffer Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-18-1083/


∗∗∗ ZDI-18-1082: Apple Safari Subframe Same-Origin Policy Bypass Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-18-1082/


∗∗∗ ZDI-18-1081: Apple Safari performProxyCall Internal Object Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-18-1081/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily