[CERT-daily] Tageszusammenfassung - 10.04.2019

Wed Apr 10 18:12:33 CEST 2019

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 09-04-2019 18:00 − Mittwoch 10-04-2019 18:00
Handler:     Robert Waldner
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Analysis of a targeted attack exploiting the WinRar CVE-2018-20250 vulnerability ∗∗∗
---------------------------------------------
A complex attack chain incorporating the CVE-2018-20250 exploit and multiple code execution techniques attempted to run a fileless PowerShell backdoor that could allow an adversary to take full control of compromised machines.
---------------------------------------------
https://www.microsoft.com/security/blog/2019/04/10/analysis-of-a-targeted-attack-exploiting-the-winrar-cve-2018-20250-vulnerability/


∗∗∗ Pentesting: Nutzen, Rechtliches und Kosten ∗∗∗
---------------------------------------------
Immer mehr Schwachstellen in Produkten des täglichen Bedarfs wie intelligenten Appliances, Routern und anderen verbundenen Geräten werden publik und Benutzer beginnen die zugrunde liegenden Verfahren (oder deren Fehlen) zu hinterfragen, um ihre privaten Informationen zu schützen. Hier finden Sie eine wichtige und effiziente Methode zur Verbesserung des Sicherheitsniveaus von Netzwerken und diversen Anwendungen.
---------------------------------------------
https://sec-consult.com/blog/2019/04/pentesting-nutzen-rechtliches-und-kosten/


∗∗∗ A Peek Into the Toolkit of the Dangerous Triton Hackers ∗∗∗
---------------------------------------------
Security firm FireEye is naming a collection of tools it says might help identify more of the digital saboteurs intrusions.
---------------------------------------------
https://www.wired.com/story/triton-hacker-toolkit-fireeye


∗∗∗ Umfrage: Unternehmen unterschätzen Gefahr durch Cyber-Sicherheitsvorfälle ∗∗∗
---------------------------------------------
https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2019/Cyber-Sicherheitsumfrage-100419.html


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Its raining patches, Hallelujah! Microsoft and Adobe put out their latest major fixes ∗∗∗
---------------------------------------------
Hefty patch Tuesday checks in at just under 100 CVEs. For Microsoft, the monthly flaw folder fixes for a total of 74 CVE-listed security bugs in Windows and Office. Of those, 33 are flaws which, if exploited, would allow the attacker to achieve remote code execution. Adobe, meanwhile, has kicked out updates for Acrobat and Reader that address 21 remote code execution flaws in the PDF app. Flash Player also got an update this month. For SAP, the month brings 11 security updates.
---------------------------------------------
https://www.theregister.co.uk/2019/04/09/patch_tuesday_april/


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (samba and spip), openSUSE (samba), Red Hat (flash-plugin), Scientific Linux (kernel and openssh), SUSE (clamav and xen), and Ubuntu (apache2).
---------------------------------------------
https://lwn.net/Articles/785466/


∗∗∗ Vuln: WordPress Wordfence Plugin Unspecified Cross Site Scripting Vulnerability ∗∗∗
---------------------------------------------
http://www.securityfocus.com/bid/107804


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affects WebSphere Application Server in IBM Cloud January 2019 CPU ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affects-websphere-application-server-in-ibm-cloud-january-2019-cpu/


∗∗∗ IBM Security Bulletin: BigFix WebUI is affected by vulnerabilities CVE-2019-4013 and CVE-2019-4012 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-bigfix-webui-is-affected-by-vulnerabilities-cve-2019-4013-and-cve-2019-4012/


∗∗∗ IBM Security Bulletin: IBM MQ Console is vulnerable to a man in the middle attack (CVE-2018-1925) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-console-is-vulnerable-to-a-man-in-the-middle-attack-cve-2018-1925/


∗∗∗ IBM Security Bulletin: BigFix Platform 9.2.x affected by multiple vulnerabilities (CVE-2017-1231, CVE-2018-5407, CVE-2012-5883, CVE-2012-6708, CVE-2015-9251) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-bigfix-platform-9-2-x-affected-by-multiple-vulnerabilities-cve-2017-1231-cve-2018-5407-cve-2012-5883-cve-2012-6708-cve-2015-9251/


∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities Affect IBM WebSphere Application Server in IBM Cloud ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vulnerabilities-affect-ibm-websphere-application-server-in-ibm-cloud-7/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring embedded WebSphere Application Server ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-affect-ibm-tivoli-monitoring-embedded-websphere-application-server-6/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in WebSphere Application Server Liberty affect IBM Spectrum Protect for Workstations Central Administration Console (CVE-2014-7810, CVE-2018-8039, CVE-2018-1901) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-websphere-application-server-liberty-affect-ibm-spectrum-protect-for-workstations-central-administration-console-cve-2014-7810-cve-2018-8039-cve-2/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily