End-of-Day report
Timeframe: Montag 20-08-2018 18:00 - Dienstag 21-08-2018 18:00
Handler: Alexander Riepl
Co-Handler: n/a
News
USB-Kabel können Computer mit Trojanern infizieren
Sicherheitsforschern ist es gelungen, USB-Ladekabel so zu modifizieren, dass sie Trojaner einschleusen können.
https://futurezone.at/produkte/usb-kabel-koennen-computer-mit-trojanern-infizieren/400095488
TLS developers should ditch pseudo constant time crypto processing
Fixes for Lucky 13-type bugs could still be vulnerable More than five years after cracks started showing in the Transport Layer Security (TLS) network crypto protocol, the author of the "Lucky 13" attack has poked holes in the fixes ..
www.theregister.co.uk/2018/08/21/tls_developers_should_ditch_pseudo_constant_time_crypto_processing/
Microsoft: Russische Hacker nehmen Trump-kritische Republikaner ins Visier
Im Kampf gegen mutmaßlich russische Hacker hat Microsoft weitere Erfolge verkündet: Für Phising-Angriffe auf Republikaner nutzbare Domains wurden entschärft.
http://heise.de/-4142219
How often are users- DNS queries intercepted?
A group of Chinese researchers wanted to find out just how widespread DNS interception is and has presented the result of their large-scale study to the audience at the Usenix Security Symposium last week. The problem Most Internet connections are preceded by a DNS address lookup request, as the Domain Name System (DNS) -translates- ..
https://www.helpnetsecurity.com/2018/08/21/dns-interception/
The enemy is us: a look at insider threats
It could be the engineer in the IT department, the janitor mopping the lobby, one of the many managers two floors up, or the contractor who-s been in and out the office for weeks now. Or, maybe it could be you. It ..
https://blog.malwarebytes.com/101/2018/08/the-enemy-is-us-a-look-at-insider-threats/
Darkhotel APT is back: Zero-day vulnerability in Microsoft VBScript is exploited
VBScript is available in the latest versions of Windows and Internet Explorer 11. However, Microsoft disabled VBScript execution in the latest version of Windows ..
https://blog.360totalsecurity.com/en/darkhotel-apt-is-back-zero-day-vulnerability-in-microsoft-vbscript-is-exploited/
Skype - Skype führt "Ende-zu-Ende-Verschlüsselung" ein
Die Verschlüsselung ist allerdings nicht automatisch aktiviert
https://derstandard.at/2000085764456/Skype-fuehrt-Ende-zu-Ende-Verschluesselung-ein
Vulnerabilities
DSA-4279 linux - security update
Multiple researchers have discovered a vulnerability in the way the Intel processor designs have implemented speculative execution of instructions in combination with handling of page-faults. This flaw ..
https://www.debian.org/security/2018/dsa-4279