[CERT-daily] Tageszusammenfassung - 03.06.2019

Daily end-of-shift report team at cert.at
Mon Jun 3 18:15:56 CEST 2019


=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 31-05-2019 18:00 − Montag 03-06-2019 18:00
Handler:     Dimitri Robl
Co-Handler:  Robert Waldner

=====================
=       News        =
=====================

∗∗∗ Vorsicht: Offizielle Windows-10-Apps zeigen schädliche Werbung an ∗∗∗
---------------------------------------------
Der Konzern warnt Windows-Nutzer: Microsoft-Anwendungen leiten ihre Nutzer auf betrügerische Websites um.
---------------------------------------------
https://futurezone.at/digital-life/vorsicht-offizielle-windows-10-apps-zeigen-schaedliche-werbung-an/400512964


∗∗∗ Legacy app whitelist can be abused to bypass latest macOS security features, expert warns ∗∗∗
---------------------------------------------
Three words to ruin an Apple engineers day: Patrick Wardle disclosure Malware can bypass protections in macOS Mojave, and potentially access user data as well as the webcam and mic – by exploiting a hole in Apples legacy app support.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2019/06/03/macos_security_blocks_useless/


∗∗∗ GandCrab ransomware operation says its shutting down ∗∗∗
---------------------------------------------
GandCrab crew says it made enough money and plans to retire within a month.
---------------------------------------------
https://www.zdnet.com/article/gandcrab-ransomware-operation-says-its-shutting-down/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ VU#877837: Multiple vulnerabilities in Quest (Dell) Kace K1000 Appliance ∗∗∗
---------------------------------------------
CVE-2018-5404:The Dell Kace K1000 Appliance allows an authenticated,remote attacker with least privileges(User Console Only role)to potentially exploit multiple Blind SQL Injection vulnerabilities to retrieve sensitive information from the database or copy the entire database. (CWE-89) CVE-2018-5405:The Dell Kace K1000 Appliance allows an authenticated least privileged user with‘User Console Only’rights to potentially inject arbitrary JavaScript code on the tickets page.
---------------------------------------------
https://kb.cert.org/vuls/id/877837


∗∗∗ Cisco IOS XR Software BGP MPLS-Based EVPN Denial of Service Vulnerability ∗∗∗
---------------------------------------------
A vulnerability in the Border Gateway Protocol (BGP) Multiprotocol Label Switching (MPLS)-based Ethernet VPN (EVPN) implementation of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device.
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-iosxr-evpn-dos


∗∗∗ Sicherheitsupdate: Nvidia Geforce Experience angreifbar ∗∗∗
---------------------------------------------
Ein lokaler Angreifer könnte über Schwachstellen in Nvidia Geforce Experience Schadcode auf Computer schieben.
---------------------------------------------
https://heise.de/-4437588


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (curl, lib32-curl, lib32-libcurl-compat, lib32-libcurl-gnutls, libcurl-compat, libcurl-gnutls, and live-media), Debian (doxygen and php5), Fedora (cryptopp, drupal7-context, drupal7-ds, drupal7-module_filter, drupal7-path_breadcrumbs, drupal7-uuid, drupal7-views, drupal7-xmlsitemap, and sleuthkit), openSUSE (axis, chromium, containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork, curl, doxygen, GraphicsMagick, [...]
---------------------------------------------
https://lwn.net/Articles/790174/


∗∗∗ Vuln: Apache Hadoop CVE-2018-8029 Remote Privilege Escalation Vulnerability ∗∗∗
---------------------------------------------
http://www.securityfocus.com/bid/108518


∗∗∗ IBM Security Bulletin: Apache Tomcat as used in IBM QRadar SIEM is vulnerable to denial of service (CVE-2019-0199) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-apache-tomcat-as-used-in-ibm-qradar-siem-is-vulnerable-to-denial-of-service-cve-2019-0199/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-content-collector-for-email/


∗∗∗ IBM Security Bulletin: OpenSSL as used in IBM QRadar SIEM is vulnerable to a information disclosure (CVE-2018-5407) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-openssl-as-used-in-ibm-qradar-siem-is-vulnerable-to-a-information-disclosure-cve-2018-5407/


∗∗∗ ASP.NET x-up-devcap-post-charset header security exposure ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K54150332


∗∗∗ HPESBMU03923 rev.1 - HPE Smart Update Manager (SUM), Local Unauthorized Elevation of Privilege ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03923en_us


∗∗∗ HPESBMU03922 rev.1 - HPE Smart Update Manager (SUM), Remote Unauthorized Access ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03922en_us

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list