[CERT-daily] Tageszusammenfassung - 06.05.2019

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 03-05-2019 18:00 − Montag 06-05-2019 18:00
Handler:     Dimitri Robl
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Cronjob Backdoors ∗∗∗
---------------------------------------------
Attackers commonly rely on backdoors to easily gain reentry and maintain control over a website. They also use PHP functions to further deepen the level of their backdoors. A good example of this is the shell_exec function which allows plain shell commands to be run directly through the web application, providing attackers with an increased level of control over the environment.
---------------------------------------------
https://blog.sucuri.net/2019/05/cronjob-backdoors.html


∗∗∗ WLAN-Presenter-Systeme mit kritischen Sicherheitslücken ∗∗∗
---------------------------------------------
WLAN-Gateways, die in vielen Meeting-Räumen das kabellose Anzeigen von Folien ermöglichen, lassen sich kapern und mit Schadcode verseuchen.
---------------------------------------------
https://heise.de/-4413258


∗∗∗ Erpressungswelle zielt auf öffentliche Git-Repositorys ∗∗∗
---------------------------------------------
Seit einigen Tagen haben Erpresser zahlreiche Repositorys bei GitHub, GitLab und BitBucket gelöscht und fordern Bitcoins für die Wiederherstellung.
---------------------------------------------
https://heise.de/-4413576


∗∗∗ Betrügerische Job-Angebote verführen zur Geldwäsche ∗∗∗
---------------------------------------------
Auf der Suche nach dem neuen Job stoßen Konsument/innen häufig auf betrügerische Angebote, bei denen die Aufgabe aus der Weiterleitung von Geldbeträgen besteht. Nicht immer ist dies bereits in der entsprechenden Jobausschreibung erkennbar. So geschehen auch auf der von Kriminellen übernommenen Website bulldozer-sprachschule.at, wo Bewerber/innen zur Geldwäsche aufgefordert wurden.
---------------------------------------------
https://www.watchlist-internet.at/news/betruegerische-job-angebote-verfuehren-zur-geldwaesche/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ High-Severity PrinterLogic Flaws Enable Remote Code Execution ∗∗∗
---------------------------------------------
The three flaws enable an unauthenticated attacker to launch remote code execution attacks on printers.
---------------------------------------------
https://threatpost.com/printerlogic-remote-code-execution/144383/


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (jquery, librecad, and phpbb3), Fedora (bubblewrap, java-11-openjdk, libvirt, openssh, and pacemaker), Mageia (virtualbox), openSUSE (chromium, ImageMagick, and java-11-openjdk), and SUSE (openssl-1_1).
---------------------------------------------
https://lwn.net/Articles/787599/


∗∗∗ HPESBHF03769 rev.2 - HPE Integrated Lights-out 4 (iLO 4), and Moonshot Multiple Remote Vulnerabilities ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03769en_us


∗∗∗ IBM Security Bulletin: IBM TRIRIGA is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data (CVE-2019-4208) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-tririga-is-vulnerable-to-an-xml-external-entity-injection-xxe-attack-when-processing-xml-data-cve-2019-4208/


∗∗∗ IBM Security Bulletin: IBM TRIRIGA Application Platform may disclose sensitive information (CVE-2019-4207) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-tririga-application-platform-may-disclose-sensitive-information-cve-2019-4207/


∗∗∗ IBM Security Bulletin: Vulnerability in Pivotal Spring Framework affects IBM TRIRIGA Application Platform (CVE-2018-15786) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-pivotal-spring-framework-affects-ibm-tririga-application-platform-cve-2018-15786/


∗∗∗ IBM Security Bulletin: IBM TRIRIGA Application Platform could disclose sensitive information (CVE-2018-2008) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-tririga-application-platform-could-disclose-sensitive-information-cve-2018-2008/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Cloud App Management V2018 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-node-js-affect-ibm-cloud-app-management-v2018/


∗∗∗ IBM Security Bulletin: IBM Cúram Social Program Management contains a cross-site request forgery vulnerability in the REST API (CVE-2018-2001) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-curam-social-program-management-contains-a-cross-site-request-forgery-vulnerability-in-the-rest-api-cve-2018-2001/


∗∗∗ IBM Security Bulletin: Java Vulnerability Affects IBM Sterling Connect:Direct Browser User Interface (CVE-2018-1890, CVE-2018-3180) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-java-vulnerability-affects-ibm-sterling-connectdirect-browser-user-interface-cve-2018-1890-cve-2018-3180/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Directory Server ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-security-directory-server-2/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM® Runtime Environment Java™ Version affect IBM Cloud Manager with OpenStack ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-runtime-environment-java-version-affect-ibm-cloud-manager-with-openstack/


∗∗∗ IBM Security Bulletin: Vulnerabilities in GNU OpenSSL (1.0.2 series) affect IBM Netezza Analytics ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-gnu-openssl-1-0-2-series-affect-ibm-netezza-analytics/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily