End-of-Day report
Timeframe: Dienstag 29-05-2018 18:00 - Mittwoch 30-05-2018 18:00
Handler: Alexander Riepl
Co-Handler: n/a
News
Ultraschallangriffe bringen Festplatten zum Absturz
Sicherheitsforscher haben mit Schall- und Ultraschallattacken Videoüberwachungssyteme, aber auch PCs und Laptops außer Gefecht gesetzt.
https://futurezone.at/science/ultraschallangriffe-bringen-festplatten-zum-absturz/400043203
Yahoo-Hack: Kanadier zu fünf Jahren Gefängnis verurteilt
Für den russischen Geheimdienst beschaffte ein Hacker den Zugang zu 80 Webmail-Konten durch Eindringen in das Yahoo-System. Jetzt muss er ins Gefängnis.
http://heise.de/-4060708
Roboter Pepper kämpft mit massiven Sicherheitsproblemen
Die "feindliche" Übernahme von einem Roboter ist ein Horrorszenario. Beim Service-Roboter Pepper ist das möglich, wie Wissenschaftler herausgefunden haben.
http://heise.de/-4060743
Will the Real Joker-s Stash Come Forward?
For as long as scam artists have been around so too have opportunistic thieves who specialize in ripping off other scam artists. This is the story about a group of Pakistani Web site designers who apparently have made an impressive living impersonating some of the most popular and well known "carding" markets, or online stores that sell stolen credit cards.
https://krebsonsecurity.com/2018/05/will-the-real-jokers-stash-come-forward/
0patching Foxit Reader Buffer... Oops... Integer Overflow (CVE-2017-17557)
In April, Steven Seeley of Source Incite published a report of a vulnerability in Foxit Reader and PhantomPDF versions up to 9.0.1 that could allow for remote code execution on a target system. Public release of this report was coordinated with an official vendor fix included in the Aprils Foxit Reader and PhantomPDF 9.1. release.According to our analysis the PoC attached to the report triggers a heap-based buffer overflow in a Bitmap image data copy operation ..
http://blog.0patch.com/2018/05/0patching-foxit-reader-buffer-oops.html
Cookie consent script used to distribute malware
Since the new website cookie usage regulations in the EU have come into place, many websites have added a warning on their website about how they use cookies on it and as well, ask for your consent. ]]>
http://labs.sucuri.net/?note=2018-05-29
Vulnerabilities
DSA-4212 git - security update
https://www.debian.org/security/2018/dsa-4212
DSA-4213 qemu - security update
https://www.debian.org/security/2018/dsa-4213
Potential XSS in "CSRF validation failure" page due to lack of referer sanitization
https://fortiguard.com/psirt/FG-IR-18-059