End-of-Day report
Timeframe: Montag 07-08-2017 18:00 − Dienstag 08-08-2017 18:00
Handler: Alexander Riepl
Co-Handler:
News
∗∗∗ Hotspot Shield: VPN-Provider soll Nutzer per Javascript ausspionieren ∗∗∗
Der VPN-Provider Hotspot soll seine Nutzer durch Javascript-Elemente und Werbung ausspionieren - obwohl er genau das Gegenteil behauptet. Das wirft eine US-Bürgerrechtsorganisation dem Unternehmen vor und hat Beschwerde bei der FTC eingereicht.
https://www.golem.de/news/hotspot-shield-vpn-provider-soll-javascript-in-verbindungen-einschleusen-1708-129361.html
∗∗∗ Google Patches 10 Critical Bugs in August Android Security Bulletin ∗∗∗
Googles August Android Security Bulletin featured patches for nearly a dozen remote code execution bugs impacting Googles Pixel and Nexus handsets.
http://threatpost.com/google-patches-10-critical-bugs-in-august-android-security-bulletin/127276/
∗∗∗ Microsoft to remove WoSign and StartCom certificates in Windows 10 ∗∗∗
Microsoft has concluded that the Chinese Certificate Authorities (CAs) WoSign and StartCom have failed to maintain the standards required by our Trusted Root Program. Observed unacceptable security practices include back-dating SHA-1 certificates, ..
https://blogs.technet.microsoft.com/mmpc/2017/08/08/microsoft-to-remove-wosign-and-startcom-certificates-in-windows-10/
∗∗∗ How Chat App Discord Is Abused by Cybercriminals to Attack ROBLOX Players ∗∗∗
Cybercriminals targeting gamers are nothing new. We’ve reported many similar incidents in the past, from fake game apps to real-money laundering through online game currencies. Usually the aim is simple: to steal personal information and monetize it. And ..
http://blog.trendmicro.com/trendlabs-security-intelligence/chat-app-discord-abused-cybercriminals-attack-roblox-players/
∗∗∗ Practical Analysis of the Cybersecurity of European Smart Grids ∗∗∗
This paper summarizes the experience gained during a series of practical cybersecurity assessments of various components of Europe’s smart electrical grids.
http://digitalsubstation.com/en/2017/08/07/practical-analysis-of-nbsp-the-cybersecurity-of-nbsp-european-smart-grids/
∗∗∗ Google warnt Entwickler von Chrome-Erweiterungen vor Phishing-Mails ∗∗∗
Betrüger sind auf der Jagd nach Log-in-Daten von Entwickler-Accounts, um Chrome-Erweiterungen mit Schadcode zu verseuchen und anschließend zu verteilen, warnt Google.
https://heise.de/-3795160
∗∗∗ Hacker erpressen HBO mit weiteren "Game of Thrones"-Folgen ∗∗∗
Erpresser haben Skript zu Folge 5 von Staffel 7 veröffentlicht und fordern Geld, um weitere Publizierungen zu unterlassen
http://derstandard.at/2000062391623
∗∗∗ IWF warnt: Cyber-Angriffe gefährden weltweite Finanzstabilität ∗∗∗
Attacken von Hackern und Kriminellen immer raffinierter
http://derstandard.at/2000062403498
Advisories
∗∗∗ Security Bulletins Posted ∗∗∗
Adobe has published security bulletins for Adobe Flash Player (APSB17-23), Adobe Acrobat and Reader (APSB17-24), Adobe Experience Manager (APSB17-26) and Adobe Digital Editions (APSB17-27). Adobe recommends users update their product installations to the ..
https://blogs.adobe.com/psirt/?p=1480
∗∗∗ Vulnerability in F2FS File System Leads To Memory Corruption on Android, Linux ∗∗∗
August’s Android Security Bulletin includes three file system vulnerabilities (CVE-2017-10663, CVE-2017-10662, and CVE-2017-0750 that were discovered by Trend Micro researchers. These vulnerabilities could cause memory corruption on the affected devices, ..
http://blog.trendmicro.com/trendlabs-security-intelligence/vulnerability-f2fs-file-system-leads-memory-corruption-android-linux/