[CERT-daily] Tageszusammenfassung - 25.07.2019

Daily end-of-shift report team at cert.at
Thu Jul 25 18:49:04 CEST 2019


=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 24-07-2019 18:00 − Donnerstag 25-07-2019 18:00
Handler:     Robert Waldner
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ BlueKeep, mal wieder ∗∗∗
---------------------------------------------
Das "Schöne" an der IT ist, dass uns manche Themen längerfristig begleiten. So auch die Schwachstelle mit der CVE-Nummer 2019-0708, besser bekannt unter dem Namen "BlueKeep". Wir haben davor gewarnt und darüber gebloggt - und Letzteres muss leider wieder sein.
---------------------------------------------
http://www.cert.at/services/blog/20190725104348-2524.html


∗∗∗ When Users Attack! Users (and Admins) Thwarting Security Controls, (Thu, Jul 25th) ∗∗∗
---------------------------------------------
Today, I'd like to discuss a few of the Critical Controls, and how I see real people abusing or circumventing them in real companies. (Sorry, no code in todays story, but we do have some GPOs )
---------------------------------------------
https://isc.sans.edu/diary/rss/25170


∗∗∗ Verordnung über qualifizierte Stellen – QuaSteV ∗∗∗
---------------------------------------------
Mit dieser Verordnung werden jene Erfordernisse, die qualifizierte Stellen erfüllen müssen, um Betreiber wesentlicher Dienste im Hinblick auf die von ihnen betriebenen wesentlichen Dienste gemäß § 17 Abs. 3 NISG überprüfen zu können, sowie das Verfahren zur Feststellung qualifizierter Stellen festgelegt.
---------------------------------------------
https://www.ris.bka.gv.at/Dokumente/BgblAuth/BGBLA_2019_II_226/BGBLA_2019_II_226.html


∗∗∗ Cook: security things in Linux v5.2 ∗∗∗
---------------------------------------------
Over on his blog, Kees Cook runs through the security changes that came in Linux 5.2.
---------------------------------------------
https://lwn.net/Articles/794145/


∗∗∗ Hundewelpen aus Kamerun auf Facebook? Nicht kaufen! ∗∗∗
---------------------------------------------
Immer wieder wenden sich verzweifelte Konsument/innen an uns, die im Internet Hundewelpen kaufen wollten. Egal ob auf Facebook oder auf Kleinanzeigenplattformen gilt: Soll Geld nach Kamerun oder andere weit entfernte Länder überwiesen werden, handelt es sich höchstwahrscheinlich um ein betrügerisches Angebot! Die Tiere gibt es nicht und das Geld ist verloren.
---------------------------------------------
https://www.watchlist-internet.at/news/hundewelpen-aus-kamerun-auf-facebook-nicht-kaufen/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Vuln: Ansible CVE-2019-10206 Remote Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
Successfully exploiting this issue may allow an attacker to obtain sensitive information that may aid in further attacks. 
---------------------------------------------
http://www.securityfocus.com/bid/109361


∗∗∗ FreeBSD: Bhyve out-of-bounds read in XHCI device ∗∗∗
---------------------------------------------
A misbehaving bhyve guest could crash the system or access memory that it should not be able to.
---------------------------------------------
https://www.freebsd.org/security/advisories/FreeBSD-SA-19:16.bhyve.asc


∗∗∗ Exim: security release for CVE-2019-13917 ∗∗∗
---------------------------------------------
A local or remote attacker can execute programs with root privileges - if youve an unusual configuration.
Mitigation: Do not use ${sort } in your configuration.
Fixed in: Exim 4.92.1.
---------------------------------------------
http://exim.org/static/doc/security/CVE-2019-13917.txt


∗∗∗ Micro Focus ArcSight Logger CVE-2019-3485 HTML Injection Vulnerability ∗∗∗
---------------------------------------------
Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
---------------------------------------------
https://www.securityfocus.com/bid/109363/discuss


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (java-1.7.0-openjdk, java-1.8.0-openjdk, and java-11-openjdk), Debian (exim4), Fedora (java-latest-openjdk), openSUSE (libsass, tomcat, and ucode-intel), Oracle (java-1.7.0-openjdk and thunderbird), SUSE (OpenEXR, spamassassin, and thunderbird), and Ubuntu (ansible and patch).
---------------------------------------------
https://lwn.net/Articles/794623/


∗∗∗ IBM Security Bulletin: IBM Cloud Kubernetes Service is impacted by a security vulnerability in Project Calico ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-kubernetes-service-is-impacted-by-a-security-vulnerability-in-project-calico-2/


∗∗∗ IBM Security Bulletin: IBM Network Performance Insight (CVE-2019-10241, CVE-2019-10247) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-network-performance-insight-cve-2019-10241-cve-2019-10247/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Content Classification ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-content-classification-5/


∗∗∗ IBM Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise (CVE-2018-1719) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerability-has-been-identified-in-ibm-websphere-application-server-shipped-with-ibm-cloud-orchestrator-and-ibm-cloud-orchestrator-enterprise-cve-2018-1719/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list