Tageszusammenfassung - 10.08.2017

End-of-Day report

Timeframe: Mittwoch 09-08-2017 18:00 − Donnerstag 10-08-2017 18:00 Handler: Alexander Riepl Co-Handler:

News

∗∗∗ IT-Branche: "Sicherheitspaket" gefährdet Cybersicherheit ∗∗∗ In einem offenen Brief warnen Vertreter der österreichischen IT-Branche vor Gefahren für die Cybersicherheit durch das von der ÖVP geplante „Sicherheitspaket“.

https://futurezone.at/netzpolitik/it-branche-sicherheitspaket-gefaehrdet-cybersicherheit/279.799.371 ∗∗∗ Mystery Company Offers $250,000 Bounty for VM Escape Vulnerabilities ∗∗∗ An unnamed firm is paying up to $250,000 for vulnerabilities related to its virtualization platform.

http://threatpost.com/mystery-company-offers-250000-bounty-for-vm-escape-vulnerabilities/127343/ ∗∗∗ SAP Patch Tuesday Update Resolves 19 Flaws, Three High Severity ∗∗∗ SAP released 19 patches on Tuesday, including a trio of vulnerabilities marked high severity in its business management software.

http://threatpost.com/sap-patch-tuesday-update-resolves-19-flaws-three-high-severity/127357/ ∗∗∗ Salesforce sacks two top security engineers for their DEF CON talk ∗∗∗ Revealing penetration-testing tool sealed staffers fate Salesforce fired two of its senior security engineers after they revealed details of an internal tool for testing IT defenses at DEF CON last month.… www.theregister.co.uk/2017/08/10/salesforce_fires_its_senior_security_engineers_after_defcon_talk/ ∗∗∗ Bundeskriminalamt (BK) warnt österreichische Unternehmen vor CEO-Betrug ∗∗∗

http://www.bmi.gv.at/cms/bk/_news/start.aspx?id=534C4362372B557557664D3D&page=0&view=1 ∗∗∗ The Shadow Brokers Have Made Almost $90,000 Selling Hacking Tools by Subscription, Researcher Says ∗∗∗ An anonymous researcher has been able to identify the email address of people who have subscribed to the monthly dump service by the mysterious hacking group.

https://motherboard.vice.com/en_us/article/neejqw/the-shadow-brokers-have-made-almost-dollar90000-selling-hacking-tools-by-subscription-researcher-says ∗∗∗ Alleged vDOS Operators Arrested, Charged ∗∗∗ Two young Israeli men alleged by this author to have co-founded vDOS -- until recently the largest and most profitable cyber attack-for-hire service online -- were arrested and formally indicted this week in Israel on conspiracy and hacking charges.

https://krebsonsecurity.com/2017/08/alleged-vdos-operators-arrested-charged/

Advisories

∗∗∗ Session Cache API - Critical - Multiple vulnerabilities - DRUPAL-SA-CONTRIB-2017-065 ∗∗∗

https://www.drupal.org/node/2900951 ∗∗∗ Facebook Like Button - Moderately Critical - XSS - DRUPAL-SA-CONTRIB-2017-066 ∗∗∗

https://www.drupal.org/node/2900966