[CERT-daily] Tageszusammenfassung - 30.04.2019

Tue Apr 30 18:08:42 CEST 2019

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 29-04-2019 18:00 − Dienstag 30-04-2019 18:00
Handler:     Dimitri Robl
Co-Handler:  Robert Waldner

=====================
=       News        =
=====================

∗∗∗ APT trends report Q1 2019 ∗∗∗
---------------------------------------------
This is our latest summary of APT activity, based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports. It aims to highlight the significant events and findings that we feel people should be aware of.
---------------------------------------------
https://securelist.com/apt-trends-report-q1-2019/90643/


∗∗∗ Vorsicht vor Bestellungen auf cragoo.at und cragoo.de ∗∗∗
---------------------------------------------
Bei cragoo.de bzw. cragoo.at handelt es sich um einen Online-Shop der Firma TA Retail UG mit sehr breitem Sortiment. Es werden unter anderem Haushaltsgeräte, Technik, Autozubehör, Bauutensilien, Fahrräder, Möbel und Spielzeug angeboten. Doch Vorsicht: Uns erreichen laufend Meldungen verärgerter Konsument/innen, die einen Einkauf per Vorkasse bezahlt, aber keine Lieferung erhalten haben.
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-vor-bestellungen-auf-cragooat-und-cragoode/


∗∗∗ Oracle Weblogic 0day ∗∗∗
---------------------------------------------
Several days ago, information about new Oracle Weblogic Server 0day vulnerability was published [... CVE-2019-2725].
...
One of the SISSDEN goals is to track such a vulnerabilities and answer following questions:
    How big was the volume of scanning/exploitation?
    Who is responsible for scanning/exploitation?
    How was the exploitation executed?
---------------------------------------------
https://sissden.eu/blog/oracle-weblogic-0day


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Vuln: ImageMagick Multiple Heap Buffer Overflow Vulnerabilities ∗∗∗
---------------------------------------------
ImageMagick is prone to multiple heap-based buffer-overflow vulnerabilities.
An attacker can exploit this issue to cause denial-of-service condition and obtain sensitive information.
---------------------------------------------
http://www.securityfocus.com/bid/108102


∗∗∗ Insufficient Privilege Validation in WooCommerce Checkout Manager ∗∗∗
---------------------------------------------
Due to the poor handling of a vulnerability disclosure, a new attack vector has appeared for the WooCommerce Checkout Manager WordPress plugin and is affecting over 60,000 sites. If you are using this plugin, we recommend that you update it to version 4.3 immediately.
---------------------------------------------
https://blog.sucuri.net/2019/04/insufficient-privilege-validation-in-woocommerce-checkout-manager.html


∗∗∗ Schwachstelle in Revive Adserver kann Schadcode-Auslieferung ermöglichen ∗∗∗
---------------------------------------------
Der Werbeanzeigen-Server Revive Adserver ist über zwei Schwachstellen angreifbar; eine davon gilt als kritisch. Version 4.2.0 ist abgesichert.
---------------------------------------------
https://heise.de/-4410423


∗∗∗ Forscher finden Schwachstellen in E-Mail-Signaturprüfung ∗∗∗
---------------------------------------------
Sicherheitsforscher der Fachhochschule Münster und der Ruhr-Universität Bochum haben Schwachstellen in den Implementierungen der weitverbreiteten E-Mail-Verschlüsselungsstandards S/MIME und OpenPGP gefunden
---------------------------------------------
https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2019/Signaturfaelschungen-300419.html


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (kernel, openwsman, and ovmf), Debian (gst-plugins-base1.0 and libvirt), Fedora (libX11, poppler, python-urllib3, samba, and wpewebkit), openSUSE (GraphicsMagick), SUSE (atftp, glibc, libssh2_org, and wpa_supplicant), and Ubuntu (wavpack).
---------------------------------------------
https://lwn.net/Articles/787158/


∗∗∗ Foxit Phantom PDF Suite: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen im Foxit Reader und der Foxit Phantom PDF Suite ausnutzen, um beliebigen Programmcode mit Benutzerrechten auszuführen, einen Denial of Service Angriff durchzuführen oder vertrauliche Daten einzusehen.
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-0359


∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities Affect IBM WebSphere Application Server for IBM Cloud Private VM Quickstarter ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vulnerabilities-affect-ibm-websphere-application-server-for-ibm-cloud-private-vm-quickstarter/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Performance Tester ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-rational-performance-tester-3/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for SAP Applications ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-content-collector-for-sap-applications-5/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect ITCAM for SOA ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-itcam-for-soa-4/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Service Tester ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-rational-service-tester-3/


∗∗∗ IBM Security Bulletin: IBM Cloud Transformation Advisor is affected by a vulnerability in WebSphere Application Server Liberty (CVE-2018-1902) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-transformation-advisor-is-affected-by-a-vulnerability-in-websphere-application-server-liberty-cve-2018-1902/


∗∗∗ IBM Security Bulletin: A vulnerability affects the IBM FlashSystem 840 and 900 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-affects-the-ibm-flashsystem-840-and-900/


∗∗∗ IBM Security Bulletin: Security vulnerability affects Rational Engineering Lifecycle Manager ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerability-affects-rational-engineering-lifecycle-manager-2/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities affect IBM Planning Analytics (CVE-2018-3180, CVE-2013-1624, CVE-2018-1933, CVE-2015-1832, CVE-2018-15494) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-affect-ibm-planning-analytics-cve-2018-3180-cve-2013-1624-cve-2018-1933-cve-2015-1832-cve-2018-15494/


∗∗∗ HPESBHF03929 rev.1 - HPE Superdome Flex Server, Local Denial of Service, Disclosure of Information, and Escalation of Privilege ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03929en_us

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily