Tageszusammenfassung - 27.07.2018

End-of-Day report

Timeframe: Donnerstag 26-07-2018 18:00 - Freitag 27-07-2018 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl

News

Häftlinge erhacken sich Guthaben im Wert von 225.000 Dollar

Durch Austricksen eines Tablet-Systems haben sich US-Häftlinge Guthaben für Digitalkonsum verschafft.

https://futurezone.at/digital-life/haeftlinge-erhacken-sich-guthaben-im-wert-von-225000-dollar/400073708

---

NetSpectre liest RAM via Netzwerk aus

NetSpectre greift ohne ausführbaren Schadcode an - zwar fließen nur wenige Bytes pro Stunde, aber ungeschützte Server und Storage-Systeme sind angreifbar.

http://heise.de/-4121831

---

State Govts. Warned of Malware-Laden CD Sent Via Snail Mail from China

Heres a timely reminder that email isnt the only vector for phishing attacks: Several U.S. state and local government agencies have reported receiving strange letters via snail mail that include malware-laden compact discs (CDs) apparently sent from China, KrebsOnSecurity has learned. This particular ruse, while crude and simplistic, preys on the curiosity ..

https://krebsonsecurity.com/2018/07/state-govts-warned-of-malware-laden-cd-sent-via-snail-mail-from-china/

Vulnerabilities

Bugtraq: [CORE-2018-0009] - SoftNAS Cloud OS Command Injection

http://www.securityfocus.com/archive/1/542187

---

Vuln: Apache Kafka CVE-2017-12610 User Impersonation Vulnerability

http://www.securityfocus.com/bid/104899