Tageszusammenfassung - Freitag 31-03-2017

End-of-Shift report

Timeframe: Donnerstag 30-03-2017 18:00 − Freitag 31-03-2017 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl

IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security SiteProtector System

http://www-01.ibm.com/support/docview.wss?uid=swg22000768

---

IBM Security Bulletin: IBM Cognos Analytics is affected by multiple vulnerabilities

http://www.ibm.com/support/docview.wss?uid=swg21998887

---

Spotting a Hidden SEO Hack: “Play One”

SEO hacks continue to plague websites as attackers abuse SERP rankings for their own gain. The time and effort spent by the website owner creating content, optimizing pages and building ..

https://blog.sucuri.net/2017/03/spotting-a-hidden-seo-hack-play-one.html

---

Schneider Electric Modicon PLCs

This advisory contains mitigation details predictable value range from previous values, use of insufficiently random values, and insufficiently protected credentials vulnerabilities in Schneider Electrics Modicon PLCs.

https://ics-cert.us-cert.gov/advisories/ICSA-17-089-02

---

Researchers steal data from shared cache of two cloud VMs

All of a sudden dedicated instances are looking a lot better than multi-tenancy A group of researchers, one .. www.theregister.co.uk/2017/03/31/researchers_steal_data_from_shared_cache_of_two_cloud_vms/

Novell: Sentinel 8.0 SP1 (Sentinel 8.0.1.0) Build 3512

https://download.novell.com/Download?buildid=M7_yJE9WOXE~

---

Celebrate World Backup Day the Smarter Way

In an effort to help the community be more cyber aware, WorldBackupDay.com celebrates on March 31st ..

https://www.webroot.com/blog/2017/03/31/celebrate-world-backup-day-smarter-way/

---

Samsung Galaxy S8s Facial Unlocking Feature Can Be Fooled With A Photo

All users need to do is simply hold their Galaxy S8 or S8 Plus in front of their eyes or their entire ..

http://thehackernews.com/2017/03/samsung-galaxy-s8-facial-unlocking.html

---

Studie: TK-Infrastruktur hoffnungslos unsicher – Verschlüsselung Fehlanzeige

Der amerikanische Pendant zur Bundesnetzagentur hat die Sicherheit des für die Telekommunikations-Infrastruktur unverzichtbaren SS7-Protokolls untersucht. Die Bilanz ist haarsträubend; die Arbeitsgruppe empfiehlt Ende-zu-Ende-Verschlüsselung.

https://heise.de/-3671794

---

l+f: Flash für eine Handvoll Dollar

FedEx Office macht seinen Kunden ein unmoralisches Angebot.

https://heise.de/-3672139

---

Pornhub und Youporn stellen auf https um

Die beiden Pornoseiten wollen ihren Nutzern mehr Datenschutz ermöglichen

http://derstandard.at/2000055192256