[CERT-daily] Tageszusammenfassung - 05.02.2019

Daily end-of-shift report team at cert.at
Tue Feb 5 18:17:37 CET 2019 

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 04-02-2019 18:00 − Dienstag 05-02-2019 18:00
Handler:     Dimitri Robl
Co-Handler:  Robert Waldner

=====================
=       News        =
=====================

∗∗∗ Reverse RDP Attack: Code Execution on RDP Clients ∗∗∗
---------------------------------------------
Check Point Research recently discovered multiple critical vulnerabilities in the commonly used Remote Desktop Protocol (RDP) that would allow a malicious actor to reverse the usual direction of communication and infect the IT professional or security research’s computer.
---------------------------------------------
https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/


∗∗∗ Crooks Continue to Exploit GoDaddy Hole ∗∗∗
---------------------------------------------
Godaddy.com, the worlds largest domain name registrar, recently addressed an authentication weakness that cybercriminals were using to blast out spam through legitimate, dormant domains. But several more recent malware spam campaigns suggest GoDaddys fix hasnt gone far enough, and that scammers likely still have a sizable arsenal of hijacked GoDaddy domains at their disposal.
---------------------------------------------
https://krebsonsecurity.com/2019/02/crooks-continue-to-exploit-godaddy-hole/


∗∗∗ Vorsicht bei (zu) günstiger Markenware im Internet! ∗∗∗
---------------------------------------------
Auf der Suche nach dem großen Schnäppchen stoßen Konsument/innen häufig auf betrügerische Online-Shops, die Markenware zu schier unglaublichen Preisen anbieten. Hinter den Websites stecken oftmals Kriminelle, die gefälschte Produkte liefern oder es nur auf die Daten ihrer Opfer abgesehen haben. Hier erhalten Internetuser/innen nützliche Tipps, zum Einkauf im Internet, um Ärgernisse zu vermeiden!
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-bei-zu-guenstiger-markenware-im-internet/


∗∗∗ Warnung vor Nutresin - Herbapure Ear ∗∗∗
---------------------------------------------
Im Internet bewirbt der Molekularbiologe Prof. Karl Auer seine „makro-molekulare Formel" Nutresin - Herbapure Ear als Wundermittel gegen Hörverlust. Konsument/innen können Nutresin auf der Website yourmarket24.com bestellen. Die medizinische Wirkung der Ohrentropfen ist unklar. Aus diesem Grund ist von einer Bestellung des Mittels Nutresin dringend abzuraten.
---------------------------------------------
https://www.watchlist-internet.at/news/warnung-vor-nutresin-herbapure-ear/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Kryptographische Schwachstellen in deutscher eGovernment Softwarekomponente ∗∗∗
---------------------------------------------
Die OSCI-Transport Bibliothek ist eine Softwarekomponente, welche von vielen deutschen Behörden eingesetzt wird, um Daten gemäß dem OSCI-Transport Protokoll sicher zu übertragen. Diese Java-Bibliothek war gegen zwei potentielle Angriffe anfällig, welche es einem Angreifer ermöglichten, einige Sicherheitsmaßnahmen zu umgehen.
---------------------------------------------
https://www.sec-consult.com/blog/2019/02/kryptographische-schwachstellen-in-deutscher-egovernment-softwarekomponente/


∗∗∗ Qkr! with MasterPass iOS Application - MITM SSL Certificate Vulnerability (CVE-2019-6702) ∗∗∗
---------------------------------------------
The Qkr! with MasterPass iOS application (version 5.0.6 and below), does not validate the SSL certificate it receives when connecting to the application login server.
---------------------------------------------
https://www.info-sec.ca/advisories/Qkr-MasterCard.html


∗∗∗ Android Security Bulletin - February 2019 ∗∗∗
---------------------------------------------
[...] The most severe of these issues is a critical security vulnerability in Framework that could allow a remote attacker using a specially crafted PNG file to execute arbitrary code within the context of a privileged process.
---------------------------------------------
https://source.android.com/security/bulletin/2019-02-01.html


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (libgd2), Fedora (java-11-openjdk, kernel, and kernel-headers), openSUSE (firefox, mysql-community-server, and pdns-recursor), Oracle (thunderbird), Red Hat (rh-haproxy18-haproxy, systemd, and thunderbird), SUSE (haproxy, spice, and uriparser), and Ubuntu (dovecot, kernel, linux, linux-aws, linux-gcp, linux-kvm, linux-raspi2, linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon, linux-aws, linux-gcp, linux-kvm, linux-oem, linux-raspi2, [...]
---------------------------------------------
https://lwn.net/Articles/778507/


∗∗∗ IBM Security Bulletin: IBM Spectrum Scale for IBM Elastic Storage Server is affected by the use of Local Read Only Cache (LROC) which may result in directory corruption and undetected data corruption in regular files. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-spectrum-scale-for-ibm-elastic-storage-server-is-affected-by-the-use-of-local-read-only-cache-lroc-which-may-result-in-directory-corruption-and-undetected-data-corruption/


∗∗∗ IBM Security Bulletin: IBM WebSphere Cast Iron Solution is affected by Apache Tomcat vulnerabilities (CVE-2018-11784, CVE-2018-8034) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-websphere-cast-iron-solution-is-affected-by-apache-tomcat-vulnerabilities-cve-2018-11784-cve-2018-8034/


∗∗∗ IBM Security Bulletin: IBM OpenPages GRC Platform is affected by CKEditor (Preview Plugin) vulnerability (CVE-2014-5191) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-openpages-grc-platform-is-affected-by-ckeditor-preview-plugin-vulnerability-cve-2014-5191/


∗∗∗ IBM Security Bulletin: IBM OpenPages GRC Platform is affected by Apache POI vulnerability (CVE-2017-12626) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-openpages-grc-platform-is-affected-by-apache-poi-vulnerability-cve-2017-12626/


∗∗∗ HPESBHF03904 rev.1 - HPE Service Pack for ProLiant (SPP) Bundled Software, Local Access Restriction Bypass ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03904en_us


∗∗∗ HPESBHF03907 rev.1 - HPE Integrated Lights-Out 5 (iLO 5) for Gen10 ProLiant Servers, Remote Cross-Site Scripting in HPE iLO 5 Web User Interface ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03907en_us

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

More information about the Daily mailing list