End-of-Day report
Timeframe: Dienstag 12-12-2017 18:00 − Mittwoch 13-12-2017 18:00
Handler: Alexander Riepl
Co-Handler: n/a
News
∗∗∗ Argy-bargy Argies barge into Starbucks Wi-Fi with alt-coin discharges ∗∗∗
Venti vanilla skinny latte with sprinkles of JavaScript and a side of Monero mining, please Starbucks has joined the long growing list of organizations that have inadvertently and silently mined alt-coins on customers computers for mystery miscreants.…
www.theregister.co.uk/2017/12/12/starbucks_wifi_crypto_mining/
∗∗∗ Apple Security Flaws Give Some Researchers Concern About Deeper Issues ∗∗∗
Apples had some prominent security lapses lately. But is it just a rough patch, or something deeper?
https://www.wired.com/story/apples-security-macos-high-sierra-ios-11
∗∗∗ ROBOT-Attacke: TLS-Angriff von 1998 funktioniert immer noch ∗∗∗
Sicherheitsforscher haben eine neue Variante der Bleichenbacher-Attacke zum Entschlüsseln von Internettraffic vorgestellt. Davon sind unter anderem Facebook und PayPal betroffen.
https://heise.de/-3916994
∗∗∗ KRACK- und Broadpwn-Schwachstelle: Apple flickt AirPort-WLAN-Basisstationen erst jetzt ∗∗∗
Ein Firmware-Update soll Apples WLAN-Basisstationen vor gravierenden Schwachstellen schützen – es deckt AirPort Express, AirPort Extreme und Time Capsule ab.
https://heise.de/-3916951
Vulnerabilities
∗∗∗ Gain Windows privileges with FortiClient vpn before logon and untrusted certificate ∗∗∗
When the "VPN before logon" feature of FortiClient Windows is enabled (disabled by default), and when the server certificate is not valid, it is possible for an attacker without a user account on the targeted Windows workstation to obtain SYSTEM level privileges, via ..
http://fortiguard.com/psirt/FG-IR-17-070
∗∗∗ VPN credentials disclosure in Fortinet FortiClient ∗∗∗
https://www.sec-consult.com/en/blog/advisories/vpn-credentials-disclosure-in-fortinet-forticlient/index.html