[CERT-daily] Tageszusammenfassung - 14.03.2019

Thu Mar 14 18:17:37 CET 2019

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 13-03-2019 18:00 − Donnerstag 14-03-2019 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Sicherheitslücke: Schadcode per Wordpress-Kommentar ∗∗∗
---------------------------------------------
Gleich mehrere Sicherheitslücken kombinierte ein Sicherheitsforscher, um Schadcode in Wordpress ausführen zu können. Die Wordpress-Standardeinstellungen und ein angemeldeter Administrator reichten als Voraussetzung.
---------------------------------------------
https://www.golem.de/news/sicherheitsluecke-schadcode-per-wordpress-kommentar-1903-140018-rss.html


∗∗∗ GlitchPOS Malware Appears to Steal Credit-Card Numbers ∗∗∗
---------------------------------------------
A new malware targeting point of sale systems, GlitchPOS, has been spotted on a crimeware forum.
---------------------------------------------
https://threatpost.com/glitchpos-malware-credit-card/142804/


∗∗∗ Further attack surface of Wordpress PHAR injection ∗∗∗
---------------------------------------------
In August 2018, Sam Thomas presented a new vulnerability of Wordpress at Black Hat USA 2018. The PHP object injection vulnerability is not new, but the way attacker can trigger this error is worth mentioning. In this article, I will go over the detail of this exploit and inspect further impact of this vulnerability to the Wordpress community. A list of more than 300 Wordpress plugins that could be used to exploit this bug is also included.
---------------------------------------------
https://blog.cystack.net/wordpress-phar/


∗∗∗ Jetzt updaten: Cisco patcht gegen eine von zwei Remote-Attacken ∗∗∗
---------------------------------------------
Zwei Cisco-Produkte sind aus der Ferne angreifbar. Updates gibt es aber wohl nur für Common Services Platform Collector – das IP-Telefon SPA514G ist zu alt.
---------------------------------------------
http://heise.de/-4335459


∗∗∗ Viele Intel-Rechner brauchen wieder BIOS-Updates ∗∗∗
---------------------------------------------
Gleich 17 neue Firmware-Sicherheitslücken meldet Intel, die sich allerdings auf mehrere Systeme verteilen und nur lokal am Rechner nutzbar sind.
---------------------------------------------
http://heise.de/-4335118


∗∗∗ Multiple Security Flaws Discovered in Visitor Management Systems ∗∗∗
---------------------------------------------
Vulnerabilities discovered by IBM security researchers in five different visitor management systems could be abused for data exfiltration or for access to the underlying machines.
---------------------------------------------
https://www.securityweek.com/multiple-security-flaws-discovered-visitor-management-systems


∗∗∗ Netflix-Phishing-Mail im Umlauf ∗∗∗
---------------------------------------------
Netflix Nutzer/innen aufgepasst: Momentan sind wieder Phishing-Mails im Umlauf. Betrüger/innen fordern Sie im Namen von Netflix auf, Ihre Kontoinformationen zu überprüfen. Klicken Sie auf den Button in der E-Mail, werden Sie auf eine betrügerische Seite weitergeleitet. Folgen Sie den Anweisungen, erspähen Kriminelle Ihre Zugangs- und Kreditkartendaten.
---------------------------------------------
https://www.watchlist-internet.at/news/netflix-phishing-mail-im-umlauf/


∗∗∗ Magecart Isn't Just a Security Problem; It's Also a Business Problem ∗∗∗
---------------------------------------------
Magecart is more than just a security problem—it's also a business problem. When threat actors breached British Airways in September resulting in the compromise of thousands of customers’ credit cards, the world got a look at what the fallout of a modern security breach looks like. Immediately afterward, a law firm launched a £500 million[...]
---------------------------------------------
https://www.riskiq.com/blog/external-threat-management/magecart-business-problem/


∗∗∗ New BitLocker attack puts laptops storing sensitive data at risk ∗∗∗
---------------------------------------------
New Zealand security researcher details never-before-seen attack for recovering BitLocker keys.
---------------------------------------------
https://www.zdnet.com/article/new-bitlocker-attack-puts-laptops-storing-sensitive-data-at-risk/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Gemalto Sentinel UltraPro ∗∗∗
---------------------------------------------
This advisory includes mitigations for an uncontrolled search path element in Gemaltos Sentinel UltraPro encryption keys.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-19-073-02


∗∗∗ PEPPERL+FUCHS WirelessHART-Gateways ∗∗∗
---------------------------------------------
This advisory includes mitigations for a path traversal vulnerability in PEPPERL+FUCHS WirelessHART-Gateways network products.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-19-073-03


∗∗∗ Video - Critical - Remote Code Execution - SA-CONTRIB-2019-037 ∗∗∗
---------------------------------------------
Project: Video
Date: 2019-March-13
Security risk: Critical 19∕25 AC:None/A:Admin/CI:All/II:All/E:Theoretical/TD:All
Vulnerability: Remote Code Execution
Description: This module provides a field where editors can add videos to their content and this module offers functionality to transcode these videos to different sizes and formats.The module doesnt sufficiently sanitize some user input on administrative forms.
---------------------------------------------
https://www.drupal.org/sa-contrib-2019-037


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (chromium), Debian (libsdl1.2 and libsdl2), Fedora (firefox), Gentoo (bind, glibc, openssl, oracle-jdk-bin, webkit-gtk, and xrootd), Mageia (kernel), openSUSE (freerdp, mariadb, and obs-service-tar_scm), Oracle (openssl), Red Hat (kernel, kernel-rt, openstack-ceilometer, openstack-octavia, and tomcat), Scientific Linux (cockpit, openssl, and tomcat), and SUSE (java-1_7_1-ibm and mariadb).
---------------------------------------------
https://lwn.net/Articles/783046/


∗∗∗ BlackBerry powered by Android Security Bulletin - March 2019 ∗∗∗
---------------------------------------------
http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000055788


∗∗∗ Ruby on Rails: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-0221


∗∗∗ IBM Security Bulletin: IBM® Db2® is vulnerable to privilege escalation via loading libraries from an untrusted path (CVE-2019-4094). ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-db2-is-vulnerable-to-privilege-escalation-via-loading-libraries-from-an-untrusted-path-cve-2019-4094/


∗∗∗ IBM Security Bulletin: Security vulnerability in the IBM HTTP Server (CVE-2018-17199) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerability-in-the-ibm-http-server-cve-2018-17199/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Cloud Transformation Advisor ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-node-js-affect-ibm-cloud-transformation-advisor/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Tivoli Netcool Configuration Manager (CVE-2018-3180, CVE-2018-3139) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-ibm-tivoli-netcool-configuration-manager-cve-2018-3180-cve-2018-3139/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily