[CERT-daily] Tageszusammenfassung - 21.11.2018

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 20-11-2018 18:00 − Mittwoch 21-11-2018 18:00
Handler:     Dimitri Robl
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Governikus: Personalausweis-Webanwendungen lassen sich austricksen ∗∗∗
---------------------------------------------
Mit einem relativ simplen Trick lässt sich die Authentifizierung von Webanwendungen mit dem elektronischen Personalausweis austricksen. Der Hersteller Governikus behauptet, dass dies in realen Anwendungen nicht funktioniert, kann aber nicht erklären, warum. (E-Personalausweis, Java)
---------------------------------------------
https://www.golem.de/news/governikus-personalausweis-webanwendungen-lassen-sich-austricksen-1811-137831-rss.html


∗∗∗ Werbe-Malware für macOS ∗∗∗
---------------------------------------------
Ein unter "SearchAwesome" und "SearchPageInjector" bekannter Datenschädling macht jetzt auf Macs die Runde. Er manipuliert Reklame und kann CPU-Zeit klauen.
---------------------------------------------
http://heise.de/-4227303


∗∗∗ Dell und VMware teilen sich Sicherheitslücken und servieren Patches ∗∗∗
---------------------------------------------
In Dell EMC Avamar Virtual Edition und VMware vSphere Data Protection klafft eine kritische Sicherheitslücke.
---------------------------------------------
http://heise.de/-4228698


∗∗∗ XSS Injection Campaign Exploits WordPress AMP Plugin ∗∗∗
---------------------------------------------
News broke last week disclosing a number of vulnerabilities in the AMP For WP plugin, installed on over 100,000 WordPress sites. WordPress contributor Sybre Waaijer identified the security issue and confidentially disclosed it to the WordPress plugins team. To exploit the flaw, an attacker needs to have a minimum of subscriber-level access on a vulnerable site.
---------------------------------------------
https://www.wordfence.com/blog/2018/11/xss-injection-campaign-exploits-wordpress-amp-plugin/


∗∗∗ Warnung vor gefälschter PayLife-Sicherheits-App ∗∗∗
---------------------------------------------
Kriminelle versenden eine gefälschte PayLife-Nachricht. Darin fordern sie Kund/innen dazu auf, dass sie sich eine vermeintliche Sicherheits-App auf ihrem Smartphone installieren. Sie ist angeblich für die weitere Nutzung von PayLife-Kreditkarten notwendig. In Wahrheit ist die gefälschte PayLife-Sicherheits-App Schadsoftware, die wichtige Daten von Kund/innen stiehlt. Dadurch können Kriminelle Geld ihrer Opfer stehlen.
---------------------------------------------
https://www.watchlist-internet.at/news/warnung-vor-gefaelschter-paylife-sicherheits-app/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Teledyne DALSA Sherlock ∗∗∗
---------------------------------------------
This advisory includes mitigations for a stack-based buffer overflow vulnerability in Teledyne DALSAs Sherlock machine vision software interface.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-324-01


∗∗∗ Schneider Electric Modicon M221 ∗∗∗
---------------------------------------------
This advisory includes mitigations for an insufficient verification of data authenticity vulnerability in the Schneider Electric Modicon M221 product.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-324-02


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (libtiff), CentOS (java-1.7.0-openjdk, spice-server, and thunderbird), Debian (jasper, liblivemedia, ruby-i18n, and ruby-rack), Fedora (curl, elfutils, firefox, kde-connect, kio-extras, libarchive, poppler, and webkit2gtk3), openSUSE (chromium, GraphicsMagick, kernel, libmatroska, mkvtoolnix, SDL2_image, and squid), Oracle (qemu), and Red Hat (flash-plugin and kernel).
---------------------------------------------
https://lwn.net/Articles/772718/


∗∗∗ Security Advisory - Information Leak Vulnerability in Some Huawei Smartphones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20181121-01-phone-en


∗∗∗ IBM Security Bulletin: The Community Edition of IBM ILOG CPLEX Optimization Studio is affected by a vulnerability in libcurl (CVE-2018-16840) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-the-community-edition-of-ibm-ilog-cplex-optimization-studio-is-affected-by-a-vulnerability-in-libcurl-cve-2018-16840/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime IBM affect IBM Decision Optimization Center and IBM ILOG ODM Enterprise ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-ibm-affect-ibm-decision-optimization-center-and-ibm-ilog-odm-enterprise-7/


∗∗∗ IBM Security Bulletin: Potential XML External Entity (XXE) Injection Vulnerability in WebSphere Application Server (CVE-2018-1905) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-xml-external-entity-xxe-injection-vulnerability-in-websphere-application-server-cve-2018-1905/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium Data Redaction ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-security-guardium-data-redaction-4/


∗∗∗ IBM Security Bulletin: Vulnerabilities in Python affect IBM Tivoli Application Dependency Discovery Manager (TADDM) (CVE-2018-1061, CVE-2018-1060) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-python-affect-ibm-tivoli-application-dependency-discovery-manager-taddm-cve-2018-1061-cve-2018-1060/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Integration Bus & IBM App Connect Enterprise V11 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-node-js-affect-ibm-integration-bus-ibm-app-connect-enterprise-v11/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect WebSphere Message Broker , IBM Integration Bus and IBM App Connect ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-openssl-affect-websphere-message-broker-ibm-integration-bus-and-ibm-app-connect/


∗∗∗ IBM Security Bulletin: IBM Integration Bus affected by a JDBC XA switch load files Vulnerability(CVE-2017-1418) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-integration-bus-affected-by-a-jdbc-xa-switch-load-files-vulnerabilitycve-2017-1418/


∗∗∗ IBM Security Bulletin: Security vulnerabilities affect multiple IBM Rational products based on IBM Jazz technology ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilities-affect-multiple-ibm-rational-products-based-on-ibm-jazz-technology-2/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily