[CERT-daily] Tageszusammenfassung - 02.04.2019

Tue Apr 2 18:14:45 CEST 2019

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 01-04-2019 18:00 − Dienstag 02-04-2019 18:00
Handler:     Dimitri Robl
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ MXSS: Cross-Site-Scripting in der Google-Suche ∗∗∗
---------------------------------------------
Aufgrund subtiler Unterschiede beim Parsen von HTML-Code gelang es einem Sicherheitsforscher, gängige Filtermechanismen zu umgehen. Betroffen waren zwei Javascript-Bibliotheken und die Google-Suche.
---------------------------------------------
https://www.golem.de/news/mxss-cross-site-scripting-in-der-google-suche-1904-140406-rss.html


∗∗∗ Splitting atoms in XNU ∗∗∗
---------------------------------------------
TL;DR A locking bug in the XNU virtual memory subsystem allowed violation of the preconditions required for the correctness of an optimized virtual memory operation. This was abused to create shared memory where it wasnt expected, allowing the creation of a time-of-check-time-of-use bug where one wouldnt usually exist. This was exploited to cause a heap overflow in XPC, which was used to trigger the execution of a jump-oriented payload which chained [...]
---------------------------------------------
https://googleprojectzero.blogspot.com/2019/04/splitting-atoms-in-xnu.html


∗∗∗ Information on open source vulnerabilities is as distributed as the community ∗∗∗
---------------------------------------------
[...] a sizable number of the open source vulnerabilities that we see out there are actually being posted and discussed on a wide range of different security advisories and issue trackers. This means that even for relatively popular projects, these red flags may fly beneath the radar.
---------------------------------------------
https://www.alienvault.com/blogs/security-essentials/information-on-open-source-vulnerabilities-is-as-distributed-as-the-community


∗∗∗ Studie: Angreifer lieben PowerShell ∗∗∗
---------------------------------------------
Microsofts Skript-Sprache ist die am meisten genutzte Angriffstechnik, warnt die Sicherheitsfirma Red Canary. Bei vielen Firmen besteht da noch Nachholbedarf.
---------------------------------------------
http://heise.de/-4357396


∗∗∗ Malware Actors Using New File Hosting Service to Launch Attacks ∗∗∗
---------------------------------------------
Bad actors are leveraging a new file hosting service in order to launch attack campaigns involving FormBook and other malware. Near the end of March, researchers at Deep Instinct observed a new FormBook attack. The infection chain for this campaign began with a phishing email that contains a malicious attachment.
---------------------------------------------
https://www.tripwire.com/state-of-security/security-data-protection/cyber-security/malware-new-file-hosting-service/


∗∗∗ Gefälschte card complete Nachricht zu Kreditkartensperre ∗∗∗
---------------------------------------------
Kriminelle versenden eine erfundene Nachricht im card complete Design. Darin informieren Sie die Empfänger/innen über eine angebliche Sperre des Kreditkartenkontos, die durch Aktualisierung der Daten über einen Link in der E-Mail aufgehoben werden kann. Die Anweisungen dürfen nicht befolgt werden! Andernfalls wird Schadsoftware auf dem Smartphone installiert und die Kreditkartendaten landen bei Verbrecher/innen.
---------------------------------------------
https://www.watchlist-internet.at/news/gefaelschte-card-complete-nachricht-zu-kreditkartensperre/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Sicherheitslücke: Nutzer des Apache-Webservers können Root-Rechte erlangen ∗∗∗
---------------------------------------------
Eine Sicherheitslücke im Apache-Webserver erlaubt es Nutzern, mit Hilfe von CGI- oder PHP-Skripten Root-Rechte zu erlangen. Ein Update steht bereit.
---------------------------------------------
https://www.golem.de/news/sicherheitsluecke-nutzer-des-apache-webservers-koennen-root-rechte-erlangen-1904-140395-rss.html


∗∗∗ Security Patch: Google beseitigt im April Qualcomm-Sicherheitslücken ∗∗∗
---------------------------------------------
In einer Vorankündigung verweist Google auf ein neues Security Patch Level. Das April-Update schließt viele Lücken und sollte für einige, aber nicht alle aktuellen Android-Geräte erscheinen. Es gibt auch viele Sicherheitslücken, die Qualcomm-basierte Smartphones betreffen.
---------------------------------------------
https://www.golem.de/news/security-patch-google-beseitigt-im-april-qualcomm-sicherheitsluecken-1904-140394-rss.html


∗∗∗ Zero-Day-Lücken in Edge und Internet Explorer – Patches stehen noch aus ∗∗∗
---------------------------------------------
Ein Forscher hat Angriffspunkte für Universal-Cross-Site-Scripting-Attacken in Microsofts Browsern gefunden. Der Konzern scheint desinteressiert.
---------------------------------------------
http://heise.de/-4357840


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (firefox, libssh2, and thunderbird), Debian (firmware-nonfree, kernel, and libssh2), Fedora (drupal7, flatpak, and mod_auth_mellon), Gentoo (burp, cairo, glusterfs, libical, poppler, subversion, thunderbird, and unbound), openSUSE (yast2-rmt), Red Hat (freerdp), and SUSE (bash, ed, libarchive, ntp, and sqlite3).
---------------------------------------------
https://lwn.net/Articles/784665/


∗∗∗ IBM Security Bulletin: Multiple security vulnerabilities in Node.js affect IBM Voice Gateway ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vulnerabilities-in-node-js-affect-ibm-voice-gateway-2/


∗∗∗ IBM Security Bulletin: IBM® Db2® is vulnerable to a buffer overflow which could allow a local malicious user to execute arbitrary code (CVE-2019-4014). ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-db2-is-vulnerable-to-a-buffer-overflow-which-could-allow-a-local-malicious-user-to-execute-arbitrary-code-cve-2019-4014/


∗∗∗ IBM Security Bulletin: API Connect is impacted by multiple nodeJS vulnerabilities (CVE-2018-12122 CVE-2018-12121 CVE-2018-12123 CVE-2018-12116) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-api-connect-is-impacted-by-multiple-nodejs-vulnerabilities-cve-2018-12122-cve-2018-12121-cve-2018-12123-cve-2018-12116/


∗∗∗ IBM Security Bulletin: IBM API Connect is impacted by multiple open source software vulnerabilities. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-is-impacted-by-multiple-open-source-software-vulnerabilities/


∗∗∗ IBM Security Bulletin: IBM® Db2® is vulnerable to a buffer overflow which could allow a local malicious user to execute arbitrary code (CVE-2018-1936). ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-db2-is-vulnerable-to-a-buffer-overflow-which-could-allow-a-local-malicious-user-to-execute-arbitrary-code-cve-2018-1936/


∗∗∗ IBM Security Bulletin: IBM InfoSphere Master Data Management Standard and Advanced Editions are affected by vulnerabilities in OpenSSL (CVE-2018-0735, CVE-2018-0734, CVE-2018-5407) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-infosphere-master-data-management-standard-and-advanced-editions-are-affected-by-vulnerabilities-in-openssl-cve-2018-0735-cve-2018-0734-cve-2018-5407/


∗∗∗ IBM Security Bulletin: Vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect Snapshot for VMware (CVE-2018-3139, CVE-2018-3180) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-ibm-java-runtime-affect-ibm-spectrum-protect-snapshot-for-vmware-cve-2018-3139-cve-2018-3180/


∗∗∗ IBM Security Bulletin: Vulnerabilities in Rational DOORS Next Generation with potential for cross-site scripting attack ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-rational-doors-next-generation-with-potential-for-cross-site-scripting-attack-2/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily