Tageszusammenfassung - 27.10.2017

End-of-Day report

Timeframe: Mittwoch 25-10-2017 18:00 − Freitag 27-10-2017 18:00 Handler: Nina Bieringer Co-Handler: Stephan Richter


∗∗∗ Reaper IoT botnet aint so scary, contains fewer than 20,000 drones ∗∗∗ But numbers arent everything, are they, Dyn? The Reaper IoT botnet is nowhere near as threatening as previously suggested, according to new research.…

http://go.theregister.com/feed/www.theregister.co.uk/2017/10/27/reaper_iot_botnet_follow_up/ ∗∗∗ A Bug in a Popular Maritime Platform Left Ships Exposed ∗∗∗ The AmosConnect 8 web platform has vulnerabilities that could allow data to be exposed—underscoring deeper problems with maritime security.

https://www.wired.com/story/bug-in-popular-maritime-platform-isnt-getting-fixed ∗∗∗ SANS Reading Room ∗∗∗ The SANS Reading Room features over 2,730 original computer security white papers in 105 different categories.

https://www.sans.org/reading-room/ ∗∗∗ Sicherheitslücken in FortiOS mit hohem Angriffsrisiko ∗∗∗ Im Betriebssystem FortiOS klaffen zwei Schwachstellen. Sicherheitsupdates reparieren das System.

https://heise.de/-3873331 ∗∗∗ The race to quantum supremacy and its cybersecurity impact ∗∗∗ Quantum computing uses the power of atoms to perform memory and processing tasks and remains a theoretical concept. However, it is widely believed that its creation is possible. Most experts now agree that the creation of a quantum computer is simply a matter of engineering, and that the theoretical application will happen. Optimistic estimates for commercialization by the private sector vary between 5 and 15 years, while more conservative estimates by academics put it at [...]

https://www.helpnetsecurity.com/2017/10/26/quantum-supremacy/ ∗∗∗ Please don’t buy this: smart locks ∗∗∗ The announcement of Amazon Key, a smart lock paired with a security camera that lets couriers into your home, spawned our new series called "Please dont buy this."

https://blog.malwarebytes.com/security-world/2017/10/please-dont-buy-this-smart-locks/ ∗∗∗ How to secure your router to prevent IoT threats? ∗∗∗ The router is the first device that you must consider, since it not only controls the perimeter of your network, but all your traffic and information pass through it.



∗∗∗ Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II ∗∗∗ On October 16th, 2017, a research paper with the title of "Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2" was made publicly available. This paper discusses seven vulnerabilities affecting session key negotiation in both the Wi-Fi Protected Access (WPA) and the Wi-Fi Protected Access II (WPA2) protocols. These vulnerabilities may allow the reinstallation of a pairwise transient key, a group key, or an integrity key on either a wireless client or a wireless access point.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa ∗∗∗ BlackBerry powered by Android Security Bulletin – October 2017 ∗∗∗

http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000046027 ∗∗∗ BlackBerry response to the impact of the vulnerabilities known as KRACK on BlackBerry products ∗∗∗

http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000046425 ∗∗∗ Korenix JetNet ∗∗∗

https://ics-cert.us-cert.gov/advisories/ICSA-17-299-01 ∗∗∗ Rockwell Automation Stratix 5100 ∗∗∗

https://ics-cert.us-cert.gov/advisories/ICSA-17-299-02 ∗∗∗ Bugtraq: October 2017 - Bamboo - Critical Security Advisory ∗∗∗

http://www.securityfocus.com/archive/1/541424 ∗∗∗ DFN-CERT-2017-1898/">F-Secure KEY: Mehrere Schwachstellen ermöglichen das Ausspähen von Anmeldeinformationen ∗∗∗

https://portal.cert.dfn.de/adv/DFN-CERT-2017-1898/ ∗∗∗ DFN-CERT-2017-1904/">GNU Wget: Zwei Schwachstellen ermöglichen die Ausführung beliebigen Programmcodes und Denial-of-Service-Angriffe ∗∗∗

https://portal.cert.dfn.de/adv/DFN-CERT-2017-1904/ ∗∗∗ DFN-CERT-2017-1905/">Node.js: Eine Schwachstelle ermöglicht einen Denial-of-Service-Angriff ∗∗∗

https://portal.cert.dfn.de/adv/DFN-CERT-2017-1905/ ∗∗∗ DFN-CERT-2017-1890/">PHP: Mehrere Schwachstellen ermöglichen u.a. einen Denial-of-Service-Angriff ∗∗∗

https://portal.cert.dfn.de/adv/DFN-CERT-2017-1890/ ∗∗∗ F5 Security Advisories ∗∗∗

https://support.f5.com/csp/new-updated-articles ∗∗∗ IBM Security Bulletins ∗∗∗

https://www.ibm.com/blogs/psirt/ ∗∗∗ Security Notice - Statement on Multiple Security Vulnerabilities in WPA/WPA2 ∗∗∗

http://www.huawei.com/en/psirt/security-notices/2017/huawei-sn-20171017-01-wpa-en ∗∗∗ Security Advisory - Permission Control Vulnerability in Smart Phones ∗∗∗
