March 2019 - Daily

Tageszusammenfassung - 29.03.2019
by Daily end-of-shift report 29 Mar '19

29 Mar '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 28-03-2019 18:00 − Freitag 29-03-2019 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Schwere Sicherheitslücke in SSL/TLS-Bibliothek axTLS ∗∗∗ --------------------------------------------- Webserver, die die Transportverschlüsselung über axTLS realisieren, sind für Angriffe empfänglich. --------------------------------------------- http://heise.de/-4355704 ∗∗∗ World Backup Day: Is your data in safe hands? ∗∗∗ --------------------------------------------- World Backup Day is a reminder that organizations and individuals need to make data backup and protection a priority --------------------------------------------- https://www.welivesecurity.com/2019/03/29/world-backup-day-data-safe-hands/ ∗∗∗ TLS CBC Padding Oracles in 2019 ∗∗∗ --------------------------------------------- Since August, I've spent countless hours studying CBC padding oracle attacks toward the development of a new scan tool called padcheck. Using this tool, I was able to identify thousands of popular domains which could be targeted by an active network adversary (i.e. MiTM) to hijack authenticated HTTPS sessions. The underlying vulnerabilities break down into [...] --------------------------------------------- https://www.tripwire.com/state-of-security/vert/tls-cbc-padding-oracles/ ∗∗∗ Researchers discover and abuse new undocumented feature in Intel chipsets ∗∗∗ --------------------------------------------- Researchers find new Intel VISA (Visualization of Internal Signals Architecture) debugging technology. --------------------------------------------- https://www.zdnet.com/article/researchers-discover-and-abuse-new-undocument… ∗∗∗ Researchers publish list of MAC addresses targeted in ASUS hack ∗∗∗ --------------------------------------------- Most of the targeted MAC addresses are used by ASUStek, Intel, and AzureWave devices. --------------------------------------------- https://www.zdnet.com/article/researchers-publish-list-of-mac-addresses-tar… ===================== = Vulnerabilities = ===================== ∗∗∗ Rockwell Automation PowerFlex 525 AC Drives ∗∗∗ --------------------------------------------- This advisory includes mitigations for a resource exhaustion vulnerability reported in Rockwell Automations PowerFlex 525 AC drive. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-087-01 ∗∗∗ Magento 2.3.1, 2.2.8 and 2.1.17 Security Update ∗∗∗ --------------------------------------------- Magento Commerce and Open Source 2.3.1, 2.2.8 and 2.1.17 contain multiple security enhancements that help close Remote Code Execution (RCE), Cross-Site Scripting (XSS) and other vulnerabilities. --------------------------------------------- https://magento.com/security/patches/magento-2.3.1-2.2.8-and-2.1.17-securit… ∗∗∗ VMSA-2019-0004 ∗∗∗ --------------------------------------------- VMware vCloud Director for Service Providers update resolves a Remote Session Hijack vulnerability --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2019-0004.html ∗∗∗ VMSA-2019-0005 ∗∗∗ --------------------------------------------- VMware ESXi, Workstation and Fusion updates address multiple security issues. --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2019-0005.html ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (dovecot and imagemagick), Debian (dovecot, libraw, pdns, and ruby2.1), Fedora (mingw-podofo, openwsman, podofo, qemu, and svgsalamander), openSUSE (chromium, ffmpeg-4, firefox, libssh2_org, nodejs4, and qemu), Red Hat (libssh2), Scientific Linux (libssh2 and thunderbird), SUSE (kernel, liblouis, ntp, openssl-1_1, and tiff), and Ubuntu (firefox, freeimage, libapache2-mod-auth-mellon, and thunderbird). --------------------------------------------- https://lwn.net/Articles/784370/ ∗∗∗ Vuln: Apache HBase CVE-2019-0212 Authorization Bypass Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/107624 ∗∗∗ Vuln: Apache ActiveMQ CVE-2019-0222 Denial of Service Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/107622 ∗∗∗ GnuTLS: Mehrere Schwachstellen ermöglichen Denial of Service ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0253 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational DOORS Web Access ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Event Streams is affected by cURL vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-event-streams-is-… ∗∗∗ IBM Security Bulletin: IBM Event Streams is affected by vulnerabilities in the shipped Node runtime ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-event-streams-is-… ∗∗∗ IBM Security Bulletin: IBM Event Streams is affected by jackson-databind vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-event-streams-is-… ∗∗∗ IBM Security Bulletin: Rational Build Forge Security Advisory for Apache HTTP Server (CVE-2019-0190; CVE-2018-17189; CVE-2018-17199) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-rational-build-forge-… ∗∗∗ IBM Security Bulletin: IBM Event Streams is affected by Alpine vulnerability CVE-2018-1000849 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-event-streams-is-… ∗∗∗ IBM Security Bulletin: IBM Event Streams is affected by Node.js vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-event-streams-is-… ∗∗∗ IBM Security Bulletin: Security vulnerabilities identified in OpenSSL affect Rational Build Forge (CVE-2018-0734, CVE-2018-5407 and CVE-2019-1559) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Event Streams is affected by OpenSSL vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-event-streams-is-… ∗∗∗ IBM Security Bulletin: IBM Event Streams is affected by gettext vulnerability CVE-2018-18751 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-event-streams-is-… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 28.03.2019
by Daily end-of-shift report 28 Mar '19

28 Mar '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 27-03-2019 18:00 − Donnerstag 28-03-2019 18:00 Handler: Dimitri Robl Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Analysis of LockerGoga Ransomware ∗∗∗ --------------------------------------------- We recently observed a new ransomware variant (which our products detect as Trojan.TR/LockerGoga.qnfzd) circulating in the wild. In this post, we’ll provide some technical details of the new variant’s functionalities, as well as some Indicators of Compromise (IOCs). Overview Compared to other ransomware variants that use Window’s CRT library functions, this new variant relies heavily […] --------------------------------------------- https://labsblog.f-secure.com/2019/03/27/analysis-of-lockergoga-ransomware/ ∗∗∗ [SANS ISC] Running your Own Passive DNS Service ∗∗∗ --------------------------------------------- I published the following diary on isc.sans.edu: “Running your Own Passive DNS Service“: Passive DNS is not new but remains a very interesting component to have in your hunting arsenal. As defined by CIRCL, a passive DNS is “a database storing historical DNS records from various resources. --------------------------------------------- https://blog.rootshell.be/2019/03/28/sans-isc-running-your-own-passive-dns-… ∗∗∗ Unseriöse Installateur- und Elektrodienste erkennen ∗∗∗ --------------------------------------------- Bei Problemen mit verstopften Abflüssen, kaputten Heizungen oder anfälligen Wartungen wenden Sie sich besser nicht an sanitaerhilfe.at oder installateur-top1.at. Es handelt sich um unseriöse Unternehmen, die sich weder an ihre Versprechungen halten noch Schäden beheben. Obendrein wird ein überteuerter Betrag kassiert. --------------------------------------------- https://www.watchlist-internet.at/news/unserioese-installateur-und-elektrod… ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco Botches Fix for RV320, RV325 Routers, Just Blocks curl User Agent ∗∗∗ --------------------------------------------- Ciscos RV320 and RV325 router models for small offices and small businesses remain vulnerable to two high-severity flaws two months after the vendor announced the availability of patches. The fixes failed their purpose and attackers can still chain the bugs to take control of the devices. --------------------------------------------- https://www.bleepingcomputer.com/news/security/cisco-botches-fix-for-rv320-… ∗∗∗ Multiple "0day" Verwundbarkeiten in HPE Intelligent Management Center ∗∗∗ --------------------------------------------- Die Zero Day Iniative (ZDI) hat heute über mehrere ungepatchte Verwundbarkeiten in HPE Intelligent Management Center berichtet. Es wird empfohlen, Kommunikation mit HPE Intelligent Management Center entsprechend nur von vertrauenswürdigen Geräten aus zu ermöglichen. --------------------------------------------- https://www.zerodayinitiative.com/advisories/ZDI-19-294/ https://www.zerodayinitiative.com/advisories/ZDI-19-295/ https://www.zerodayinitiative.com/advisories/ZDI-19-296/ https://www.zerodayinitiative.com/advisories/ZDI-19-297/ https://www.zerodayinitiative.com/advisories/ZDI-19-298/ https://www.zerodayinitiative.com/advisories/ZDI-19-299/ https://www.zerodayinitiative.com/advisories/ZDI-19-300/ https://www.zerodayinitiative.com/advisories/ZDI-19-301/ https://www.zerodayinitiative.com/advisories/ZDI-19-302/ https://www.zerodayinitiative.com/advisories/ZDI-19-303/ ∗∗∗ Apple watchOS 5.2 ∗∗∗ --------------------------------------------- This document describes the security content of watchOS 5.2. --------------------------------------------- https://support.apple.com/kb/HT209602 ∗∗∗ Sicherheitsupdates: Kritische Lücken in Onlineshop-Software Magento ∗∗∗ --------------------------------------------- Viele Magento-Versionen weisen Schlupflöcher für Schadcode auf und gefährden so Onlineshops. Abgesicherte Ausgaben schließen die Schwachstellen. --------------------------------------------- http://heise.de/-4354925 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (kernel and wpa), Fedora (firefox and pdns), Gentoo (apache, cabextract, chromium, gd, nasm, sdl2-image, and zeromq), openSUSE (GraphicsMagick and lftp), Red Hat (thunderbird), Scientific Linux (firefox), Slackware (gnutls), and SUSE (ImageMagick). --------------------------------------------- https://lwn.net/Articles/784251/ ∗∗∗ ZDI-19-293: Advantech WebAccess Node tv_enua Improper Access Control Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-293/ ∗∗∗ ZDI-19-292: Advantech WebAccess Node spchapi Improper Access Control Remote Code Execution Vulnerability ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-292/ ∗∗∗ IBM Security Bulletin: Rational Test Control Panel component in Rational Test Virtualization Server and Rational Test Workbench affected by Spring vulnerability (CVE-2018-15756) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-rational-test-control… ∗∗∗ IBM Security Bulletin: IBM Security Proventia Network Active Bypass is affected by glibc vulnerabilities (CVE-2018-19591) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-proventi… ∗∗∗ IBM Security Bulletin: IBM Security Proventia Network Active Bypass is affected by openssl vulnerabilities (CVE-2018-0734) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-proventi… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Directory Server (Tivoli) & Rational Directory Administrator ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: A vulnerability in IBM WebSphere Application Server affects IBM Spectrum Scale packaged in IBM Elastic Storage Server (CVE-2018-8039) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ib… ∗∗∗ IBM Security Bulletin: IBM Security Proventia Network Active Bypass is affected by openssl vulnerabilities (CVE-2018-0732) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-proventi… ∗∗∗ IBM Security Bulletin: IBM Security Proventia Network Active Bypass is affected by openssl vulnerabilities (CVE-2018-0737) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-proventi… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 27.03.2019
by Daily end-of-shift report 27 Mar '19

27 Mar '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 26-03-2019 18:00 − Mittwoch 27-03-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ UC Browser for Android, Desktop Exposes 500+ Million Users to MiTM Attacks ∗∗∗ --------------------------------------------- The extremely popular UC Browser and UC Browser Mini Android applications with a total of over 600 million installs expose their users to MiTM attacks by downloading and installing extra modules from their own servers using unprotected channels and bypassing Google Plays servers altogether. --------------------------------------------- https://www.bleepingcomputer.com/news/security/uc-browser-for-android-deskt… ∗∗∗ Abuse of hidden "well-known" directory in HTTPS sites ∗∗∗ --------------------------------------------- WordPress and Joomla are among the most popular Content Management Systems (CMSs). They have also become popular for malicious actors, as cybercriminals target sites on these platforms for hacking and injecting malicious content. During the past few weeks, ThreatLabZ researchers have detected several WordPress and Joomla sites that were serving Shade/Troldesh ransomware, backdoors, redirectors, and a variety of phishing pages. --------------------------------------------- https://www.zscaler.com/blogs/research/abuse-hidden-well-known-directory-ht… ∗∗∗ Sicherheitsforscher entdecken 36 neue Sicherheitslücken im LTE-Standard ∗∗∗ --------------------------------------------- Aufgrund von Lücken sollen Angreifer in der Lage sein, Verbindungen im LTE-Netz zu stören oder sogar zu manipulieren. Das geht aber mit viel Aufwand einher. --------------------------------------------- http://heise.de/-4352711 ∗∗∗ What Is Access Control? A Key Component Of Data Security ∗∗∗ --------------------------------------------- Who should be able to access a company's data? Under what circumstances do organisations deny access to a user with access privileges? To adequately protect data, an organisation's access control [...] --------------------------------------------- https://blog.schneider-electric.com/building-management/2019/03/27/what-is-… ∗∗∗ Rechnungen betrügerischer Streaming-Websites nicht bezahlen! ∗∗∗ --------------------------------------------- Die Welle betrügerischer Streaming-Plattformen mit Namen wie nolistream.de, someflix.de, daftstream.de oder savaflix.de reißt nicht ab. Die Websites verfolgen nur ein Ziel: Internetuser/innen zu unberechtigten Zahlungen zu drängen. Durch gefälschte Rechnungen, Mahnungen und Inkassoschreiben sollen Betroffene eingeschüchtert werden. Die geforderten 358,80, 359,88 oder 479,16 Euro dürfen nicht bezahlt werden! --------------------------------------------- https://www.watchlist-internet.at/news/rechnungen-betruegerischer-streaming… ===================== = Vulnerabilities = ===================== ∗∗∗ Siemens SCALANCE X ∗∗∗ --------------------------------------------- This advisory includes mitigations for an expected behavior violation vulnerability reported in the Siemens SCALANCE X products. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-085-01 ∗∗∗ ENTTEC Lighting Controllers ∗∗∗ --------------------------------------------- This advisory includes mitigations for a missing authentication for critical function vulnerability reported in ENTTEC’s lighting controllers. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-085-03-0 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (openjdk-7), Fedora (cfitsio, firefox, librsvg2, and pdns), openSUSE (firefox), Red Hat (firefox), Scientific Linux (firefox), SUSE (gd, grub2, ImageMagick, kernel, libcaca, libmspack, ntp, ovmf, w3m, and wavpack), and Ubuntu (php7.0, php7.2, qemu, and xmltooling). --------------------------------------------- https://lwn.net/Articles/784114/ ∗∗∗ Cisco Security Advisories ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-71135 https://tools.cisco.com/security/center/psirtrss20/CiscoSecurityAdvisory.xml ∗∗∗ XML vulnerability CVE-2017-9233 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K03244804 ∗∗∗ Security Advisory - Improper Authentication Vulnerability in Some Huawei AP Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190327-… ∗∗∗ IBM Security Bulletin: Potential denial of service in WebSphere Application Server Admin Console (CVE-2019-4080) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-denial-of-s… ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in Oracle Outside In Technology affect IBM Rational DOORS Next Generation ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in xorg-x11-libX11 (CVE-2018-14598 CVE-2018-14599 CVE-2018-14600) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-flex-system-chass… ∗∗∗ IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in GNU C Library (CVE-2015-5180 CVE-2017-15670 CVE-2017-15804) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-flex-system-chass… ∗∗∗ IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in cURL (CVE-2018-14618 CVE-2018-16840 CVE-2018-16842) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-flex-system-chass… ∗∗∗ IBM Security Bulletin: Content Collector for Email is affected by 3RD PARTY IBM WebSphere Application Server Deserialization ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-content-collector-for… ∗∗∗ IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in PHP (CVE-2018-17082 CVE-2018-14883 CVE-2018-14851 CVE-2017-9118) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-flex-system-chass… ∗∗∗ IBM Security Bulletin: Content Collector for Email is affected by 3RD PARTY CSRF and OOB-XXE Vulnerabilities in WebSphere Web Application Server’s Integrated Solutions Console 9.0.0.8, 8.5.5.13, and 8.5.5.9 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-content-collector-for… ∗∗∗ IBM Security Bulletin: IBM Security Identity Manager Virtual Appliance is affected by multiple vulnerabilities (CVE-2017-6464, CVE-2017-6463, CVE-2017-6462, CVE-2015-3331, CVE-2014-2523) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-identity… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Security Identity Manager Virtual Appliance ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 26.03.2019
by Daily end-of-shift report 26 Mar '19

26 Mar '19

===================== = End-of-Day report = ===================== Timeframe: Montag 25-03-2019 18:00 − Dienstag 26-03-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Sicherheitslücken: Abus Alarmanlage kann per Funk ausgeschaltet werden ∗∗∗ --------------------------------------------- Gleich drei Sicherheitslücken erlauben verschiedene Angriffe auf die Funkalarmanlage Secvest von Abus. Ein Sicherheitsupdate gibt es nicht. --------------------------------------------- https://www.golem.de/news/sicherheitsluecken-abus-alarmanlage-kann-per-funk… ∗∗∗ Coding Error Could Enable Users to Halt LockerGoga Ransomware ∗∗∗ --------------------------------------------- Users could potentially use a coding error in some variants of LockerGoga to halt the ransomware's encryption routine in its tracks. In its analysis of LockerGoga, Alert Logic Threat Research found that the ransomware performs an initial reconnaissance scan through which it collects file lists once it's infected a machine. The malware may come in [...] --------------------------------------------- https://www.tripwire.com/state-of-security/security-data-protection/coding-… ∗∗∗ Business banking fraud. Keep your eggs in TWO baskets. Here’s why… ∗∗∗ --------------------------------------------- This post has a cautionary tale all about spreading your business banking fraud risk. So, does your business have two bank accounts, with different banks? No? Then you would be well advised to do so, or risk being left unable to trade. WHY? --------------------------------------------- https://www.pentestpartners.com/security-blog/business-banking-fraud-keep-y… ∗∗∗ Amazon Phishing-Mails mit betrügerischem Inhalt ∗∗∗ --------------------------------------------- Unzählige Internetnutzer/innen finden momentan gefälschte Amazon-Mails im Posteingang. Sie werden darin informiert, dass das Amazon-Konto vorläufig deaktiviert wurde. Um es wieder freizuschalten, sollen die Empfänger/innen ihre Daten über den angegeben Link verifizieren. Der Aufforderung darf nicht gefolgt werden! Die eingegebenen Daten gelangen in die Hände Krimineller und das Amazon-Konto wurde nie gesperrt. --------------------------------------------- https://www.watchlist-internet.at/news/amazon-phishing-mails-mit-betruegeri… ===================== = Vulnerabilities = ===================== ∗∗∗ Betriebssysteme und iTunes: Apple schließt viele Sicherheitslücken ∗∗∗ --------------------------------------------- Mit der Veröffentlichung von iOS 12.2, Mojave 10.14.4 sowie der neuen iTunes-Version für Windows schließt Apple zahlreiche Sicherheitslücken. Einige davon sind kritisch, da sie Angriffe mit Kernelprivilegien oder hohen Rechten ermöglichen. --------------------------------------------- https://www.golem.de/news/betriebssysteme-und-itunes-apple-schliesst-viele-… ∗∗∗ ASUS Releases Security Update for Live Update Software ∗∗∗ --------------------------------------------- ASUS has released Live Update version 3.6.8. This version addresses vulnerabilities that a remote attacker could exploit to take control of an affected system. These vulnerabilities were detected in exploits in the wild. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the ASUS article for more information. --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2019/03/26/ASUS-Releases-Secu… ∗∗∗ rt-sa-2019-007 ∗∗∗ --------------------------------------------- Code Execution via Insecure Shell Function getopt_simple --------------------------------------------- https://www.redteam-pentesting.de/advisories/rt-sa-2019-007.txt ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (ghostscript), Debian (libssh2 and wireshark), openSUSE (aubio, blueman, and kauth), Red Hat (kernel-rt and openwsman), Scientific Linux (openwsman), Slackware (mozilla), and SUSE (ovmf and ucode-intel). --------------------------------------------- https://lwn.net/Articles/784031/ ∗∗∗ Synology-SA-19:13 Drupal ∗∗∗ --------------------------------------------- A vulnerability allows remote authenticated users to inject arbitrary web script or HTML via a susceptible version of Drupal. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_19_13 ∗∗∗ IBM Security Bulletin: Incorrect permissions on restored files and directories using IBM Spectrum Protect Backup-Archive Client web user interface on Windows (CVE-2019-4093) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-incorrect-permissions… ∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by OpenSSL vulnerabilities (CVE-2018-0732 and CVE-2018-0739) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-a… ∗∗∗ IBM Security Bulletin: Vulnerability CVE-2018-14647 in Python affects IBM i ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-cve-201… ∗∗∗ IBM Security Bulletin: Apache Axis as used in IBM QRadar SIEM is vulnerable to a possible man in the middle attack. (CVE-2012-5784) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-apache-axis-as-used-i… ∗∗∗ Binutils vulnerabilities CVE-2018-20002 and CVE-2018-20657 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K62602089 ∗∗∗ D-LINK Router: Mehrere Schwachstellen ermöglichen Umgehen von Sicherheitsvorkehrungen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0240 ∗∗∗ Red Hat Enterprise Linux: Schwachstelle ermöglicht Offenlegung von Informationen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0244 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 25.03.2019
by Daily end-of-shift report 25 Mar '19

25 Mar '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 22-03-2019 18:00 − Montag 25-03-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Hackers Hijacked ASUS Software Updates to Install Backdoors on Thousands of Computers ∗∗∗ --------------------------------------------- The Taiwan-based tech giant ASUS is believed to have pushed the malware to hundreds of thousands of customers through its trusted automatic software update tool after attackers compromised the companys server and used it to push the malware to machines. --------------------------------------------- https://motherboard.vice.com/en_us/article/pan9wn/hackers-hijacked-asus-sof… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (firefox, libssh2, and powerdns), Debian (bash, firefox-esr, libapache2-mod-auth-mellon, ntfs-3g, openssh, passenger, rsync, and wireshark), Fedora (filezilla, libarchive, libssh2, mxml, php-twig, php-twig2, qemu, and tcpreplay), Slackware (mozilla), SUSE (ghostscript, kernel, libgxps, libjpeg-turbo, libqt5-qtimageformats, libqt5-qtsvg, openstack-cinder, openstack-horizon-plugin-designate-ui, openstack-neutron, openstack-neutron-lbaas, [...] --------------------------------------------- https://lwn.net/Articles/783953/ ∗∗∗ PHOENIX CONTACT command injection on RAD-80211-XD(/HP-BUS) ∗∗∗ --------------------------------------------- A WebHMI utility may be exploited by any logged in user allowing the execution of arbitrary OS commands on the server. This provides the opportunity for a command injection attack. --------------------------------------------- https://cert.vde.com/de-de/advisories/vde-2019-007 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Rational ClearCase (CVE-2018-0734, CVE-2018-5407) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Rational ClearQuest (CVE-2018-0734, CVE-2018-5407) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: A security vulnerability in IBM Java Runtime affects IBM Rational ClearQuest (CVE-2018-3180) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Rational ClearCase (CVE-2018-3180, CVE-2018-3139) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ GNU C Library vulnerability CVE-2009-5155 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K64119434 ∗∗∗ xpdf: Mehrere Schwachstellen ermöglichen Denial of Service ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0236 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 22.03.2019
by Daily end-of-shift report 22 Mar '19

22 Mar '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 21-03-2019 18:00 − Freitag 22-03-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Analysis of SeroMiner Trojan, combine multiple anti-analytic techniques ∗∗∗ --------------------------------------------- Foreword Recently, 360 security brain intercepted a mining Trojan 'SeroMiner'. The Trojan behavior is too concealed to be discovered its mining behavior from the security [...] --------------------------------------------- https://blog.360totalsecurity.com/en/analysis-of-serominer-trojan-combine-m… ∗∗∗ SigSpoof 4: Bypassing signature verification in Yarn package manager (CVE-2018-12556) ∗∗∗ --------------------------------------------- This attack on GnuPG signature verification is specific to yarn, thepackage manager. It can give a powerful attacker the ability toreplace the Yarn installation with arbitrary code. There areadditional protections in place, so if you are using Yarn, youprobably do not need to worry too much about it. --------------------------------------------- https://neopg.io/blog/yarn-signature-bypass/ ∗∗∗ Over 100,000 GitHub repos have leaked API or cryptographic keys ∗∗∗ --------------------------------------------- Thousands of new API or cryptographic keys leak via GitHub projects every day. --------------------------------------------- https://www.zdnet.com/article/over-100000-github-repos-have-leaked-api-or-c… ===================== = Vulnerabilities = ===================== ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (firefox), Debian (cron and ntfs-3g), Fedora (firefox, ghostscript, libzip, python2-django1.11, PyYAML, tcpflow, and xen), Mageia (ansible, firefox, and ImageMagick/GraphicsMagick), Red Hat (ghostscript), Scientific Linux (firefox and ghostscript), SUSE (libxml2, unzip, and wireshark), and Ubuntu (firefox, ghostscript, libsolv, ntfs-3g, p7zip, and snapd). --------------------------------------------- https://lwn.net/Articles/783757/ ∗∗∗ IBM Security Bulletin: Potential denial of service vulnerability in WebSphere Application Server (CVE-2019-4046) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-denial-of-s… ∗∗∗ IBM Security Bulletin: Potential denial of service in Liberty for Java for IBM Cloud (CVE-2018-10237) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-denial-of-s… ∗∗∗ ICMP PMTU messages are forwarded to the server side when the TCP proxy-mss setting is enabled in the associated profile ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K52510343 ∗∗∗ The BIG-IP SMTPS virtual server may fail to properly restrict I/O buffering, allowing attackers to insert commands into encrypted SMTP sessions ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K23284054 ∗∗∗ BIG-IP SNMPD vulnerability CVE-2019-6608 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K12139752 ∗∗∗ REST Framework vulnerability CVE-2019-6602 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K11818407 ∗∗∗ BIG-IP snmpd vulnerability CVE-2019-6606 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K35209601 ∗∗∗ TMM vulnerability CVE-2019-6603 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K14632915 ∗∗∗ When authentication is set to require, the Client SSL or Server SSL profile does not report an error when it has an associated invalid CRL ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K15732489 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 21.03.2019
by Daily end-of-shift report 21 Mar '19

21 Mar '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 20-03-2019 18:00 − Donnerstag 21-03-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Mac-Focused Malvertising Campaign Abuses Google Firebase DBs ∗∗∗ --------------------------------------------- Researchers said 1 million user sessions could have been exposed to the campaign, which downloads the Shlayer trojan. --------------------------------------------- https://threatpost.com/mac-focused-malvertising-campaign-abuses-google-fire… ∗∗∗ Kritische Lücken im Git-Client Sourcetree gefährden Computer ∗∗∗ --------------------------------------------- Es gibt wichtige Sicherheitsupdates für Sourcetree von Atlassian. MacOS- und Windows-Nutzer sollten die abgesicherten Ausgaben zügig installieren. --------------------------------------------- http://heise.de/-4341489 ∗∗∗ D-Link wappnet ältere NAS-Systeme gegen Erpressungstrojaner Cr1ptTor ∗∗∗ --------------------------------------------- D-Link hat Sicherheitsupdates für NAS-Systeme angekündigt. Bis zur Veröffentlichung sollten sie nicht online sein. Für einige Geräte gibt es schon Patches. --------------------------------------------- http://heise.de/-4341586 ∗∗∗ Ransomware or Wiper? LockerGoga Straddles the Line ∗∗∗ --------------------------------------------- Executive SummaryRansomware attacks have been in the news with increased frequency over the past few years. This type of malware can be extremely disruptive and even cause operational impacts in critical systems that may be infected. LockerGoga is yet another example of this sort of malware. It is a ransomware variant that, while lacking in sophistication, can still cause extensive damage when leveraged against organizations or individuals. --------------------------------------------- https://blog.talosintelligence.com/2019/03/lockergoga.html ∗∗∗ Many Vulnerabilities Found in Oracles Java Card Technology ∗∗∗ --------------------------------------------- Poland-based cybersecurity research firm Security Explorations claims to have identified nearly 20 vulnerabilities in Oracle’s Java Card, including flaws that could be exploited to compromise the security of chips using this technology. --------------------------------------------- https://www.securityweek.com/many-vulnerabilities-found-oracles-java-card-t… ∗∗∗ Remote command injection through an endpoint security product ∗∗∗ --------------------------------------------- TL;DR? We discovered command injection in a popular endpoint security product, Heimdal Thor. By using the product, customers PCs were exposed to compromise. Irony++ Heimdal fixed the issue quickly and responded well, but it appears that the vulnerability had been present in ~650,000 PCs for around one year! Heimdal blogged about it today, but er... [...] --------------------------------------------- https://www.pentestpartners.com/security-blog/remote-command-injection-thro… ∗∗∗ Gefälschte Apple-Rechnungen im Umlauf ∗∗∗ --------------------------------------------- Internetnutzer/innen finden vermehrt gefälschte Apple-Rechnungen in ihrem E-Mail-Postfach. Angeblich wurde etwas im App-Store per Kreditkartenzahlung gekauft. Für weitere Details werden Empfänger/innen aufgefordert, einem Link zu folgen oder eine Datei herunterzuladen. Folgen Sie nicht dem Link oder laden Anhänge herunter, denn es handelt sich um einen Phishing-Versuch! --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-apple-rechnungen-im-umla… ∗∗∗ Zero-day in WordPress SMTP plugin abused by two hacker groups ∗∗∗ --------------------------------------------- Hacker groups are creating backdoor admin accounts on vulnerable sites and redirecting users to tech support scams. --------------------------------------------- https://www.zdnet.com/article/zero-day-in-wordpress-smtp-plugin-abused-by-t… ===================== = Vulnerabilities = ===================== ∗∗∗ Medtronic Conexus Radio Frequency Telemetry Protocol ∗∗∗ --------------------------------------------- This medical advisory includes mitigations for improper access control and cleartext transmission of sensitive information vulnerabilities reported in Medtronics proprietary Conexus telemetry system. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-19-080-01 ∗∗∗ Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2019-004 ∗∗∗ --------------------------------------------- Project: Drupal coreDate: 2019-March-20Security risk: Moderately critical 13∕25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Cross Site ScriptingDescription: Under certain circumstances the File module/subsystem allows a malicious user to upload a file that can trigger a cross-site scripting (XSS) vulnerability.Solution: If you are using Drupal 8.6, update to Drupal 8.6.13.If you are using Drupal 8.5 or earlier, update to Drupal 8.5.14.If you are using Drupal 7, [...] --------------------------------------------- https://www.drupal.org/sa-core-2019-004 ∗∗∗ RESTful - Critical - Remote code execution - SA-CONTRIB-2019-041 ∗∗∗ --------------------------------------------- Project: RESTfulVersion: 7.x-2.x-dev7.x-1.x-devDate: 2019-March-20Security risk: Critical 18∕25 AC:Complex/A:User/CI:All/II:All/E:Exploit/TD:UncommonVulnerability: Remote code executionDescription: This resolves issues described in SA-CORE-2019-003 for this module.Solution: If you use the RESTful module for Drupal 7.x, upgrade to RESTful 7.x-1.10 or RESTful 7.x-2.17 [...] --------------------------------------------- https://www.drupal.org/sa-contrib-2019-041 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (drupal7, firefox-esr, and openjdk-8), Fedora (ghostscript, python2-django1.11, and SDL), Red Hat (firefox), Scientific Linux (firefox), SUSE (nodejs4 and openssl-1_1), and Ubuntu (gdk-pixbuf). --------------------------------------------- https://lwn.net/Articles/783652/ ∗∗∗ IBM Security Bulletin: Vulnerability in Python affects IBM OS Images for Red Hat Linux Systems ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-pyth… ∗∗∗ IBM Security Bulletin: API Connect V2018 is impacted by information leak (CVE-2019-4052) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-api-connect-v2018-is-… ∗∗∗ IBM Security Bulletin: IBM Content Navigator is affected by a spoofing vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-content-navigator… ∗∗∗ IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in OpenSSH (CVE-2018-15473 CVE-2018-15919) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-flex-system-chass… ∗∗∗ IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerability in NTP (CVE-2018-12327) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-flex-system-chass… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 20.03.2019
by Daily end-of-shift report 20 Mar '19

20 Mar '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 19-03-2019 18:00 − Mittwoch 20-03-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Videos für mehr Cyber-Sicherheit: BSI startet YouTube-Kanal ∗∗∗ --------------------------------------------- Ab sofort ist das BSI auch bei der Videoplattform YouTube zu finden. Unter dem Namen "Bundesamt für Sicherheit in der Informationstechnik" finden Interessierte zunächst Tipps und Hinweise für Privatanwender sowie spannende Karriereinformationen oder Neuigkeiten über das BSI. --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Kurzmeldungen/Meldungen/Youtube-200319.ht… https://www.youtube.com/channel/UC_VgLyJQsChxKfDJcdI-Tcg ∗∗∗ SilkETW: Because Free Telemetry is...Free! ∗∗∗ --------------------------------------------- In the following example, we will collect process event data from the Kernel provider and use image loads to identify Mimikatz execution. We can collect the required data with this command: SilkETW.exe -t kernel -kk ImageLoad -ot file -p C:\Users\b33f\Desktop\mimikatz.json With data in hand it is easy to sort, grep and filter for the properties we are interested in (Figure 2). --------------------------------------------- http://www.fireeye.com/blog/threat-research/2019/03/silketw-because-free-te… ∗∗∗ Fake-Shop btckraken.de stielt Daten und liefert nicht! ∗∗∗ --------------------------------------------- Die Suche nach günstiger Technik führt manche Konsument/innen zu btckraken.de. Aus angeblichen Sicherheitsgründen werden bei einer Bestellung Ausweisdokumente verlangt. Eine Zahlung erfolgt vorab. Hier darf nicht bestellt werden: Es handelt sich um schweren Identitätsdiebstahl für weitere Verbrechen unter fremden Namen und die Waren werden nie geliefert! --------------------------------------------- https://www.watchlist-internet.at/news/fake-shop-btckrakende-stielt-daten-u… ∗∗∗ Ransomware is not dead - a light analysis of LockerGoga ∗∗∗ --------------------------------------------- Despite many reports saying that the number of Ransomware samples is on the decrease, we see again and again big multinational companies suffering from these attacks.Just two days ago, Norway based Norsk Hydro - one of the Worlds largest Aluminium producers - was hit by a severe Ransomware attack: [...] --------------------------------------------- http://blog.joesecurity.org/2019/03/ransomware-is-not-dead-light-analysis.h… ∗∗∗ Severe security bug found in popular PHP library for creating PDF files ∗∗∗ --------------------------------------------- Vulnerability patched last year, but many websites and web apps will most likely remain vulnerable for years. --------------------------------------------- https://www.zdnet.com/article/severe-security-bug-found-in-popular-php-libr… ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco IP Phone 7800 Series and 8800 Series Vulnerabilities ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (libelf and wordpress), CentOS (cloud-init, cockpit, openssl, and tomcat), Gentoo (openssh), openSUSE (ovmf), Scientific Linux (cloud-init), and SUSE (go1.11, ldb, lftp, libssh2_org, and openwsman). --------------------------------------------- https://lwn.net/Articles/783566/ ∗∗∗ Security Advisory - Digital Signature Verification Bypass Vulnerability in Some Huawei Routers ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190320-… ∗∗∗ Security Advisory - Signature Verification Bypass Vulnerability in Some Huawei Mobile Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190320-… ∗∗∗ OpenSSL vulnerability CVE-2019-1559 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K18549143 ∗∗∗ HPESBST03915 rev.1 - HPE CVAE products, and Hitachi Infrastructure Analytics Advisor(HIAA) using JDK, Multiple Vulnerabilities ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ IBM Security Bulletin: Cloudant Local Apache CouchDB CVE-2018-17188: Remote Privilege Escalations ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-cloudant-local-apache… ∗∗∗ IBM Security Bulletin: This Power System update is being released to address CVE 2018-1992 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-this-power-system-upd… ∗∗∗ IBM Security Bulletin: Vulnerabilities in IBM SDK, Java Technology Edition Quarterly CPU – Oct 2018 – Includes Oracle Oct 2018 CPU ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-ib… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Security Directory Integrator (CVE-2018-2800, CVE-2018-2783) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Vulnerabilities in deserialization of openid connect cookie ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-de… ∗∗∗ IBM Security Bulletin: Vulnerability in Apache CXF ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-apac… ∗∗∗ IBM Security Bulletin: Vulnerabilities in WAS traditional and liberty ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-wa… ∗∗∗ IBM Security Bulletin: Vulnerability in IBM SDK, Java Technology Edition Quarterly CPU ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-ibm-… ∗∗∗ IBM Security Bulletin: Vulnerabilities in 3RD PARTY XSS in IBM WebSphere CacheMonitor ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-3r… ∗∗∗ IBM Security Bulletin: Publicly Disclosed Vulnerability Found By vFinder (CVE-2017-7656, CVE-2017-7657, CVE-2017-7658, CVE-2018-12536) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-publicly-disclosed-vu… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 19.03.2019
by Daily end-of-shift report 19 Mar '19

19 Mar '19

===================== = End-of-Day report = ===================== Timeframe: Montag 18-03-2019 18:00 − Dienstag 19-03-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Assessing Internal Network with JavaScript, Despite Same-Origin Policy ∗∗∗ --------------------------------------------- Researchers are warning about a hacking technique that enables attacks on the local network using JavaScript on a public website. Using the victims browser as a proxy, the code can reach internal hosts and do reconnaissance activity or even compromise vulnerable services. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/assessing-internal-network-w… ∗∗∗ Business Email Compromise (BEC) Attacks Moving to Mobile ∗∗∗ --------------------------------------------- As text messaging has become a common form of communication within a business, Business Email Compromise (BEC) scammers have started to go mobile by utilizing SMS messaging to direct their targets. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/business-email-compromise-be… ∗∗∗ Monsters in the Middleboxes: Introducing Two New Tools for Detecting HTTPS Interception ∗∗∗ --------------------------------------------- The practice of HTTPS interception continues to be commonplace on the Internet. This blog post discusses types of monster-in-the-middle devices and software, and how to detect them. --------------------------------------------- https://blog.cloudflare.com/monsters-in-the-middleboxes/ ∗∗∗ What Is a Credential Stuffing Attack and How to Protect Yourself from One ∗∗∗ --------------------------------------------- You probably heard of at least one credential stuffing attack lately, as major companies become targets of this new hacking technique. Credential stuffing is not actually new as part of hackers’ repertoire, but lately, the method started being employed more often. I’ll explain the reasons for this surge in popularity down below. Did you notice […]The post What Is a Credential Stuffing Attack and How to Protect Yourself from One appeared first on Heimdal Security Blog. --------------------------------------------- https://heimdalsecurity.com/blog/credential-stuffing-attack-protection/ ∗∗∗ Protecting Against Social Engineering Attacks ∗∗∗ --------------------------------------------- Most people think of hacking as using malware and coding to bypass security defenses and steal data or money. Social engineers take a different approach, targeting the human instead of the software to achieve their goals. How Social Engineering Works Social engineers take advantage of knowledge of human behavior to perform their attacks. A person’s […]The post Protecting Against Social Engineering Attacks appeared first on InfoSec Resources.Protecting Against Social Engineering --------------------------------------------- https://resources.infosecinstitute.com/protecting-against-social-engineerin… ∗∗∗ Vulnerability hunting with Semmle QL, part 2 ∗∗∗ --------------------------------------------- The first part of this series introduced Semmle QL, and how the Microsoft Security Response Center (MSRC) are using it to investigate variants of vulnerabilities reported to us. This post discusses an example of how we’ve been using it proactively, covering a security audit of an Azure firmware component. This was part of a wider... --------------------------------------------- https://blogs.technet.microsoft.com/srd/2019/03/19/vulnerability-hunting-wi… ∗∗∗ Arbitrary Directory Deletion in WP-Fastest-Cache ∗∗∗ --------------------------------------------- The WP-Fastest-Cache plugin authors released a new update, version 0.8.9.1, fixing a vulnerability (CVE-2019-6726) present during its install alongside the WP-PostRatings plugin. According to seclists.org: “A successful attack allows an unauthenticated attacker to specify a path to a directory from which files and directories will be deleted recursively. The vulnerable code path extracts the path portion of the referrer header and then uses string concatenation to build an absolute path. --------------------------------------------- http://feedproxy.google.com/~r/sucuri/blog/~3/dJRlgHKTUzY/arbitrary-directo… ∗∗∗ Discovering a zero day and getting code execution on Mozillas AWS Network ∗∗∗ --------------------------------------------- [...] Although basic authentication can be enabled by modifying the settings.ini file, and is recommended to prevent any anonymous access. Most deployments of WebPageTest that Assetnote CS identifies are unauthenticated, and the array of testing tools provided by WebPageTest can be used offensively to gain access to internal resources by server-side request forgery (commonly known as SSRF, but for WebPageTest, it is a feature). --------------------------------------------- https://blog.assetnote.io/bug-bounty/2019/03/19/rce-on-mozilla-zero-day-web… ∗∗∗ BGP Hijacking is a RIPE Policy Violation ∗∗∗ --------------------------------------------- This proposal aims to clarify that BGP hijacking is not accepted as normal practice within the RIPE NCC service region, primarily because it negates the core purpose of running a (Regional Internet) Registry. The proposal is not concerned with simple operational mistakes - it is intended to address deliberate BGP hijacking events. --------------------------------------------- https://www.ripe.net/participate/policies/proposals/2019-03 ∗∗∗ Thunderclap ∗∗∗ --------------------------------------------- Vor kurzer Zeit produzierte das O.MG Kabel Schlagzeilen. In dieses harmlos wirkende USB-Kabel ist eine versteckte Hardware eingebaut, die sich beim Anschließen gegenüber dem Betriebssystem als Eingabegerät ausgibt und einem Angreifer die Fernsteuerung eines Rechners über WLAN ermöglicht. Jetzt haben Sicherheitsforscher nach einer zwei Jahre dauernden Zusammenarbeit des Department of Computer Science and Technology at the University of Cambridge, der Rice University und [...] --------------------------------------------- https://www.dfn-cert.de/aktuell/Thunderclap.html ===================== = Vulnerabilities = ===================== ∗∗∗ AVEVA InduSoft Web Studio and InTouch Edge HMI ∗∗∗ --------------------------------------------- This advisory includes mitigations for an uncontrolled search path element vulnerability in AVEVAs InduSoft Web Studio and InTouch Edge human machine interface software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-078-01 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (kernel), Debian (libjpeg-turbo, liblivemedia, neutron, and otrs2), Fedora (SDL), Gentoo (ntp), openSUSE (java-1_8_0-openjdk), Red Hat (cloud-init), Slackware (libssh2), SUSE (libssh2_org, nodejs10, and nodejs8), and Ubuntu (tiff). --------------------------------------------- https://lwn.net/Articles/783473/ ∗∗∗ Synology-SA-19:12 Calendar ∗∗∗ --------------------------------------------- A vulnerability allows remote attackers to execute arbitrary commands via a susceptible version of Calendar. --------------------------------------------- https://www.synology.com/en-global/support/security/Synology_SA_19_12 ∗∗∗ IBM Security Bulletin: This Power System update is being released to address CVE-2018-5391 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-this-power-system-upd… ∗∗∗ IBM Security Bulletin: This Power System update is being released to address CVE-2018-12384 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-this-power-system-upd… ∗∗∗ ENDRESS+HAUSER WIFI enabled products utilising WPA2 ∗∗∗ --------------------------------------------- https://cert.vde.com/de-de/advisories/vde-2019-005 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 18.03.2019
by Daily end-of-shift report 18 Mar '19

18 Mar '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 15-03-2019 18:00 − Montag 18-03-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ RFC8482 - Saying goodbye to ANY ∗∗∗ --------------------------------------------- Ladies and gentlemen, I would like you to welcome the new shiny RFC8482, which effectively deprecates DNS ANY query type. DNS ANY was a "meta-query" - think about it as a similar thing to the common A, AAAA, MX or SRV query types, but unlike these it wasnt a real query type - it was special. --------------------------------------------- https://blog.cloudflare.com/rfc8482-saying-goodbye-to-any/ ∗∗∗ Secure Coding — Top 15 Code Analysis Tools ∗∗∗ --------------------------------------------- Keeping code secure is a top objective for any software company. And to ensure secure coding, you need to perform code analysis during the development life cycle. While manual review of code was once the only option, now there are plenty of tools that can take care of this in an automated fashion. --------------------------------------------- https://resources.infosecinstitute.com/secure-coding-top-15-code-analysis-t… ∗∗∗ Lenovo Patches Intel Firmware Flaws in Multiple Product Lines ∗∗∗ --------------------------------------------- Lenovo has issued patches for several serious vulnerabilities in its products stemming from Intel technology fixes. --------------------------------------------- https://threatpost.com/lenovo-patches-high-severity-arbitrary-code-executio… ∗∗∗ Cryptojacking of businesses' cloud resources still going strong ∗∗∗ --------------------------------------------- In the past year or so, many cybercriminals have turned to cryptojacking as an easier and more low-key approach for "earning" money. While the value of cryptocurrencies like Bitcoin and Monero has been declining for a while now and Coinhive, the most popular in-browser mining service, has stopped working, cryptojacking is still a considerable threat. After all, attackers need to expand very little effort and are using someone else's resources for free. --------------------------------------------- https://www.helpnetsecurity.com/2019/03/18/cryptojacking-cloud-resources/ ∗∗∗ IPv6 unmasking via UPnP ∗∗∗ --------------------------------------------- With tools such as ZMap and Masscan and general higher bandwidth availability, exhaustive internet-wide scans of full IPv4 address space have become the norm after it was once impractical. Projects like Shodan and Scans.io aggregate and publish frequently updated datasets of scan results for public analysis, giving researchers greater insight into the current state of the internet. While IPv4 is the norm, the use of IPv6 [...] --------------------------------------------- https://blog.talosintelligence.com/2019/03/ipv6-unmasking-via-upnp.html ∗∗∗ Gefälschte CIA-Mails fordern Bitcoins wegen Kinderpornografie ∗∗∗ --------------------------------------------- Internetnutzer/innen erhalten gefälschte Nachrichten der CIA mit dem Betreff „Central Intelligence Agency – Case #12345678“. In der Nachricht wird behauptet, dass die Empfänger/innen im Rahmen von Ermittlungen gegen Kinderpornografie als Verdächtige aufscheinen. Um eine Verhaftung zu verhindern, sollen 10,000 Dollar in Bitcoins an die Absender/innen überwiesen werden. Der Inhalt der Nachrichten ist frei erfunden und die Zahlungen dürfen nicht [...] --------------------------------------------- https://www.watchlist-internet.at/news/gefaelschte-cia-mails-fordern-bitcoi… ∗∗∗ New Mirai Variant Targets Enterprise Wireless Presentation & Display Systems ∗∗∗ --------------------------------------------- Unit 42 has discovered a new Mirai variant that targets business video display systems. It uses additional exploits, boosts the number of credentials for brute-force attacks and hosts payload on the compromised website of a Colombian security firm. --------------------------------------------- https://unit42.paloaltonetworks.com/new-mirai-variant-targets-enterprise-wi… ∗∗∗ Microsoft releases Application Guard extension for Chrome and Firefox ∗∗∗ --------------------------------------------- Extensions only available for Windows Insiders for now. To work for everyone once Windows 10 19H1 is live. --------------------------------------------- https://www.zdnet.com/article/microsoft-releases-application-guard-extensio… ===================== = Vulnerabilities = ===================== ∗∗∗ Sicherheitslücke: Funktastatur nimmt Befehle von Angreifern entgegen ∗∗∗ --------------------------------------------- Die Verschlüsselung der kabellosen Fujitsu-Tastatur LX901 lässt sich von Angreifern auf gleich zwei Arten umgehen - und für Angriffe aus der Distanz nutzen. --------------------------------------------- https://www.golem.de/news/sicherheitsluecke-funktastatur-nimmt-befehle-von-… ∗∗∗ SSH-Software: Kritische Sicherheitslücken in Putty ∗∗∗ --------------------------------------------- In der SSH-Software Putty sind im Rahmen eines von der EU finanzierten Bug-Bounty-Programms mehrere schwerwiegende Sicherheitslücken entdeckt worden. Der verwundbare Code wird auch von anderen Projekten wie Filezilla und WinSCP verwendet. --------------------------------------------- https://www.golem.de/news/ssh-software-kritische-sicherheitsluecken-in-putt… ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (ikiwiki, liblivemedia, linux-4.9, rdflib, and sqlalchemy), Fedora (advancecomp, kubernetes, mingw-poppler, and php), Mageia (ikiwiki), openSUSE (chromium, file, and sssd), Red Hat (ansible, openstack-ceilometer, and openstack-octavia), Scientific Linux (kernel), SUSE (galera-3, mariadb, mariadb-connector-c, java-1_8_0-ibm, kernel, nodejs10, openwsman, wireshark, and yast2-rmt), and Ubuntu (file, linux, linux-aws, linux-kvm, linux-raspi2, [...] --------------------------------------------- https://lwn.net/Articles/783370/ ∗∗∗ [webapps] Intel Modular Server System 10.18 - Cross-Site Request Forgery (Change Admin Password) ∗∗∗ --------------------------------------------- https://www.exploit-db.com/exploits/46541 ∗∗∗ Security Advisory - Double Free Vulnerability on Bastet Module of Some Huawei Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190220-… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities affect Watson Explorer and IBM Watson Content Analytics (CVE-2018-2579, CVE-2018-2588, CVE-2018-2602, CVE-2018-2603, CVE-2018-2633) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 15.03.2019
by Daily end-of-shift report 15 Mar '19

15 Mar '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 14-03-2019 18:00 − Freitag 15-03-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Threatlist: IMAP-Based Attacks Compromising Accounts at ‘Unprecedented Scale’ ∗∗∗ --------------------------------------------- Attackers are increasingly targeting insecure legacy protocols, like IMAP, to avoid running into multi-factor authentication in password-spraying campaigns. --------------------------------------------- https://threatpost.com/imap-attacks-compromise-accounts/142824/ ∗∗∗ DNS Tunneling: how DNS can be (ab)used by malicious actors ∗∗∗ --------------------------------------------- DNS is a critical foundation of the Internet that makes it possible to get to websites without entering numerical IP addresses. The power that makes DNS beneficial for everyone also creates potential for abuse. Unit 42 researchers explain how attackers can abuse DNS to hide their tracks and steal data using a technique known as "DNS Tunneling". This research can help organizations understand DNS-based threats and the risks they pose to their environment. --------------------------------------------- https://unit42.paloaltonetworks.com/dns-tunneling-how-dns-can-be-abused-by-… ===================== = Vulnerabilities = ===================== ∗∗∗ CVE-2019-0804 | Azure Linux Agent Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- An information disclosure vulnerability exists in the way Azure WaLinuxAgent creates swap files on resource disks. An authenticated attacker who successfully exploited this vulnerability could view data in swap that is normally hidden. --------------------------------------------- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019… ∗∗∗ VMSA-2019-0003 ∗∗∗ --------------------------------------------- VMware Horizon update addresses Connection Server information disclosure vulnerability. --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2019-0003.html ∗∗∗ VMSA-2019-0002 ∗∗∗ --------------------------------------------- VMware Workstation update addresses elevation of privilege issues. --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2019-0002.html ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (mingw-poppler and php), Mageia (apache, gnome-keyring, gnupg2, hiawatha, and rsyslog), openSUSE (libcomps and obs-service-tar_scm), and Ubuntu (libvirt and linux-lts-trusty). --------------------------------------------- https://lwn.net/Articles/783140/ ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Decision Optimization Center (CVE-2018-1890, CVE-2018-12547) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM ILOG CPLEX Optimization Studio and IBM CPLEX Enterprise Server (CVE-2018-1890, CVE-2018-12547, CVE-2019-2426) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM® Db2®. ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM MQ Console has inadequate input validation (CVE-2018-1836) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-console-has-in… ∗∗∗ HPESBNS03910 rev.1 - HPE NonStop SafeGuard, Local Disclosure of Sensitive Information ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… ∗∗∗ HPESBST03911 rev.1 - HPE Command View AE (CVAE) Products, multiple vulnerabilities ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 14.03.2019
by Daily end-of-shift report 14 Mar '19

14 Mar '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 13-03-2019 18:00 − Donnerstag 14-03-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Sicherheitslücke: Schadcode per Wordpress-Kommentar ∗∗∗ --------------------------------------------- Gleich mehrere Sicherheitslücken kombinierte ein Sicherheitsforscher, um Schadcode in Wordpress ausführen zu können. Die Wordpress-Standardeinstellungen und ein angemeldeter Administrator reichten als Voraussetzung. --------------------------------------------- https://www.golem.de/news/sicherheitsluecke-schadcode-per-wordpress-komment… ∗∗∗ GlitchPOS Malware Appears to Steal Credit-Card Numbers ∗∗∗ --------------------------------------------- A new malware targeting point of sale systems, GlitchPOS, has been spotted on a crimeware forum. --------------------------------------------- https://threatpost.com/glitchpos-malware-credit-card/142804/ ∗∗∗ Further attack surface of Wordpress PHAR injection ∗∗∗ --------------------------------------------- In August 2018, Sam Thomas presented a new vulnerability of Wordpress at Black Hat USA 2018. The PHP object injection vulnerability is not new, but the way attacker can trigger this error is worth mentioning. In this article, I will go over the detail of this exploit and inspect further impact of this vulnerability to the Wordpress community. A list of more than 300 Wordpress plugins that could be used to exploit this bug is also included. --------------------------------------------- https://blog.cystack.net/wordpress-phar/ ∗∗∗ Jetzt updaten: Cisco patcht gegen eine von zwei Remote-Attacken ∗∗∗ --------------------------------------------- Zwei Cisco-Produkte sind aus der Ferne angreifbar. Updates gibt es aber wohl nur für Common Services Platform Collector – das IP-Telefon SPA514G ist zu alt. --------------------------------------------- http://heise.de/-4335459 ∗∗∗ Viele Intel-Rechner brauchen wieder BIOS-Updates ∗∗∗ --------------------------------------------- Gleich 17 neue Firmware-Sicherheitslücken meldet Intel, die sich allerdings auf mehrere Systeme verteilen und nur lokal am Rechner nutzbar sind. --------------------------------------------- http://heise.de/-4335118 ∗∗∗ Multiple Security Flaws Discovered in Visitor Management Systems ∗∗∗ --------------------------------------------- Vulnerabilities discovered by IBM security researchers in five different visitor management systems could be abused for data exfiltration or for access to the underlying machines. --------------------------------------------- https://www.securityweek.com/multiple-security-flaws-discovered-visitor-man… ∗∗∗ Netflix-Phishing-Mail im Umlauf ∗∗∗ --------------------------------------------- Netflix Nutzer/innen aufgepasst: Momentan sind wieder Phishing-Mails im Umlauf. Betrüger/innen fordern Sie im Namen von Netflix auf, Ihre Kontoinformationen zu überprüfen. Klicken Sie auf den Button in der E-Mail, werden Sie auf eine betrügerische Seite weitergeleitet. Folgen Sie den Anweisungen, erspähen Kriminelle Ihre Zugangs- und Kreditkartendaten. --------------------------------------------- https://www.watchlist-internet.at/news/netflix-phishing-mail-im-umlauf/ ∗∗∗ Magecart Isn't Just a Security Problem; It's Also a Business Problem ∗∗∗ --------------------------------------------- Magecart is more than just a security problem—it's also a business problem. When threat actors breached British Airways in September resulting in the compromise of thousands of customers’ credit cards, the world got a look at what the fallout of a modern security breach looks like. Immediately afterward, a law firm launched a £500 million[...] --------------------------------------------- https://www.riskiq.com/blog/external-threat-management/magecart-business-pr… ∗∗∗ New BitLocker attack puts laptops storing sensitive data at risk ∗∗∗ --------------------------------------------- New Zealand security researcher details never-before-seen attack for recovering BitLocker keys. --------------------------------------------- https://www.zdnet.com/article/new-bitlocker-attack-puts-laptops-storing-sen… ===================== = Vulnerabilities = ===================== ∗∗∗ Gemalto Sentinel UltraPro ∗∗∗ --------------------------------------------- This advisory includes mitigations for an uncontrolled search path element in Gemaltos Sentinel UltraPro encryption keys. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-073-02 ∗∗∗ PEPPERL+FUCHS WirelessHART-Gateways ∗∗∗ --------------------------------------------- This advisory includes mitigations for a path traversal vulnerability in PEPPERL+FUCHS WirelessHART-Gateways network products. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-073-03 ∗∗∗ Video - Critical - Remote Code Execution - SA-CONTRIB-2019-037 ∗∗∗ --------------------------------------------- Project: Video Date: 2019-March-13 Security risk: Critical 19∕25 AC:None/A:Admin/CI:All/II:All/E:Theoretical/TD:All Vulnerability: Remote Code Execution Description: This module provides a field where editors can add videos to their content and this module offers functionality to transcode these videos to different sizes and formats.The module doesnt sufficiently sanitize some user input on administrative forms. --------------------------------------------- https://www.drupal.org/sa-contrib-2019-037 ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (chromium), Debian (libsdl1.2 and libsdl2), Fedora (firefox), Gentoo (bind, glibc, openssl, oracle-jdk-bin, webkit-gtk, and xrootd), Mageia (kernel), openSUSE (freerdp, mariadb, and obs-service-tar_scm), Oracle (openssl), Red Hat (kernel, kernel-rt, openstack-ceilometer, openstack-octavia, and tomcat), Scientific Linux (cockpit, openssl, and tomcat), and SUSE (java-1_7_1-ibm and mariadb). --------------------------------------------- https://lwn.net/Articles/783046/ ∗∗∗ BlackBerry powered by Android Security Bulletin - March 2019 ∗∗∗ --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ Ruby on Rails: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0221 ∗∗∗ IBM Security Bulletin: IBM® Db2® is vulnerable to privilege escalation via loading libraries from an untrusted path (CVE-2019-4094). ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-db2-is-vulnerable… ∗∗∗ IBM Security Bulletin: Security vulnerability in the IBM HTTP Server (CVE-2018-17199) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Cloud Transformation Advisor ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Tivoli Netcool Configuration Manager (CVE-2018-3180, CVE-2018-3139) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 13.03.2019
by Daily end-of-shift report 13 Mar '19

13 Mar '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 12-03-2019 18:00 − Mittwoch 13-03-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Zertifizierungsstellen: Millionen TLS-Zertifikate mit fehlendem Zufallsbit ∗∗∗ --------------------------------------------- Viele TLS-Zertifikate wurden nicht nach den geltenden Regeln ausgestellt. Sie müssten eine zufällige 64-Bit-Seriennummer haben, es sind aber real nur 63 Bit. Ein Risiko ist praktisch nicht vorhanden, trotzdem müssen die Zertifikate zurückgezogen werden. --------------------------------------------- https://www.golem.de/news/zertifizierungsstellen-millionen-tls-zertifikate-… ∗∗∗ E-Learnings Digitale Sicherheit ∗∗∗ --------------------------------------------- Informationssicherheit hat für die Stadt Wien einen sehr hohen Stellenwert. Deshalb wurde ein aus sechs Modulen aufgebauter Kompakt-Kurs entwickelt, der den bewussten Umgang mit dem Thema Informationssicherheit in verschiedenen Lebenssituationen ermöglicht. [...] Am Ende kann man das erlangte Wissen bei einem kurzen Quiz überprüfen. --------------------------------------------- https://digitales.wien.gv.at/site/storyboard-e-learning/ ∗∗∗ Augen auf beim Online-Gebrauchtwagenkauf ∗∗∗ --------------------------------------------- Konsument/innen, die im Internet nach Gebrauchtwagen suchen, müssen sich vor folgender Betrugsmasche in Acht nehmen: Laut Verkaufsanzeigen befindet sich das Auto in Österreich. Später wird behauptet, dass es mittlerweile im Ausland ist und daher keine Besichtigung möglich ist. Bezahlung und Lieferung sollen versichert über erfundene Transport- und Zahlungsdienstleister erfolgen. Überwiesene Beträge sind verloren und die kommen nie an. --------------------------------------------- https://www.watchlist-internet.at/news/augen-auf-beim-online-gebrauchtwagen… ∗∗∗ Neue PGP-Keys ∗∗∗ --------------------------------------------- Nachdem unsere "alten" PGP-Keys nahe ihres Ablaufdatums sind, haben wir einen Satz neue Keys generiert. Diese sind wie üblich über den CERT.at PGP keyring verfügbar. --------------------------------------------- http://www.cert.at/services/blog/20190313150627-2400.html ===================== = Vulnerabilities = ===================== ∗∗∗ BSRT 2019 -001 Vulnerability in Management System Impacts BlackBerry AtHoc ∗∗∗ --------------------------------------------- This advisory addresses an XML External Entity Injection (XXE) vulnerability in the Management System (console) of affected versions of BlackBerry AtHoc that could potentially allow a successful attacker to read arbitrary local files from the application server or make requests on the network. BlackBerry is not aware of any exploitation of this vulnerability. --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ WordPress 5.1.1 Security and Maintenance Release ∗∗∗ --------------------------------------------- WordPress 5.1.1 is now available! This security and maintenance release introduces 10 fixes and enhancements, including changes designed to help hosts prepare users for the minimum PHP version bump coming in 5.2. --------------------------------------------- https://wordpress.org/news/2019/03/wordpress-5-1-1-security-and-maintenance… ∗∗∗ Microsoft March 2019 Patch Tuesday ∗∗∗ --------------------------------------------- This month we got patches for 64 vulnerabilities. Two of them have been exploited and four have been made public before today. Both exploited vulnerabilities (CVE-2019-0808 and CVE-2019-0797) affects win32k component on multiple Windows versions, from Windows 7 to 2019, and may lead to privilege escalation. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. --------------------------------------------- https://isc.sans.edu/forums/diary/Microsoft+March+2019+Patch+Tuesday/24742/ ∗∗∗ March 2019 Office Update Release ∗∗∗ --------------------------------------------- The March 2019 Public Update releases for Office are now available! This month, there are 6 security updates and 28 non-security updates. All of the security and non-security updates are listed in KB article 4491754. A new version of Office 2013 Click-To-Run is available: 15.0.5119.1000 A new version of Office 2010 Click-To-Run is available: 14.0.7230.5000 --------------------------------------------- https://blogs.technet.microsoft.com/office_sustained_engineering/2019/03/12… ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (libsndfile, systemd, waagent, and xmltooling), Fedora (guacamole-server, postgresql-jdbc, and xen), Oracle (cockpit and kernel), Red Hat (cockpit, docker, kernel-alt, and openssl), SUSE (ceph, java-1_7_0-ibm, java-1_7_1-ibm, openssl-1_0_0, python-azure-agent, python-numpy, and supportutils), and Ubuntu (kernel, php5, and walinuxagent). --------------------------------------------- https://lwn.net/Articles/782926/ ∗∗∗ Vuln: Wibu Systems WibuKey DRM Multiple Input Validation Vulnerabilities ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/107005 ∗∗∗ Cisco Common Services Platform Collector Static Credential Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Small Business SPA514G IP Phones SIP Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ ∗∗∗ ZDI: Hewlett Packard Enterprise Intelligent Management Center Vulnerabilities ∗∗∗ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-271/ http://www.zerodayinitiative.com/advisories/ZDI-19-270/ http://www.zerodayinitiative.com/advisories/ZDI-19-269/ http://www.zerodayinitiative.com/advisories/ZDI-19-268/ http://www.zerodayinitiative.com/advisories/ZDI-19-267/ http://www.zerodayinitiative.com/advisories/ZDI-19-266/ http://www.zerodayinitiative.com/advisories/ZDI-19-265/ http://www.zerodayinitiative.com/advisories/ZDI-19-264/ http://www.zerodayinitiative.com/advisories/ZDI-19-263/ http://www.zerodayinitiative.com/advisories/ZDI-19-262/ http://www.zerodayinitiative.com/advisories/ZDI-19-261/ http://www.zerodayinitiative.com/advisories/ZDI-19-260/ http://www.zerodayinitiative.com/advisories/ZDI-19-259/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 12.03.2019
by Daily end-of-shift report 12 Mar '19

12 Mar '19

===================== = End-of-Day report = ===================== Timeframe: Montag 11-03-2019 18:00 − Dienstag 12-03-2019 18:00 Handler: Stephan Richter Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Sicherheitslücke: Serverbetreiber könnte Schweizer Onlinewahlen manipulieren ∗∗∗ --------------------------------------------- Eine schwere Sicherheitslücke im Onlinewahl-Code der Schweizer Post ermöglicht es dem Betreiber einer Wahl, das Ergebnis zu manipulieren. Die Schweizer Post weiß angeblich schon seit 2017 von dem Problem, der Hersteller hat es jedoch versäumt, den Fehler zu beheben. --------------------------------------------- https://www.golem.de/news/sicherheitsluecke-serverbetreiber-koennte-schweiz… ∗∗∗ Unpatched Windows Bug Allows Attackers to Spoof Security Dialog Boxes ∗∗∗ --------------------------------------------- Microsoft wont be patching the bug, but a proof of concept shows the potential for successful malware implantation. --------------------------------------------- https://threatpost.com/windows-bug-spoof-dialog-boxes/142711/ ∗∗∗ Identitätsdiebstahl durch Stellenangebote auf ebay Kleinanzeigen ∗∗∗ --------------------------------------------- Wer auf ebay Kleinanzeigen oder ähnlichen Portalen nach Jobs sucht, muss sich vor betrügerischen Angeboten in Acht nehmen. Gute Bezahlung und Arbeit von zu Hause locken zahlreiche Interessent/innen an. So geschehen auch bei der angeblichen CEBIT GmbH: Jobsuchende, die sich hier bewerben und die geforderten Unterlagen versenden, werden Opfer eines Identitätsdiebstahls und eröffnen im Extremfall Bankkonten im eigenen Namen, die später missbraucht werden. --------------------------------------------- https://www.watchlist-internet.at/news/identitaetsdiebstahl-durch-stellenan… ∗∗∗ WordPress shopping sites under attack ∗∗∗ --------------------------------------------- Hackers using cross-site scripting (XSS) flaw in abandoned cart plugin to take over vulnerable sites. --------------------------------------------- https://www.zdnet.com/article/wordpress-shopping-sites-under-attack/ ===================== = Vulnerabilities = ===================== ∗∗∗ Security Bulletins Posted ∗∗∗ --------------------------------------------- Adobe has published security bulletins for Adobe Digital Editions (APSB19-16) and Adobe Photoshop CC (APSB19-15). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin. This posting is provided "AS IS" with no warranties [...] --------------------------------------------- https://blogs.adobe.com/psirt/?p=1724 ∗∗∗ Siemens Security Advisories ∗∗∗ --------------------------------------------- New: SSA-557804: Mirror Port Isolation Vulnerability in SCALANCE X switches Updated: SSA-168644: Spectre and Meltdown Vulnerabilities in Industrial Products SSA-170881: Vulnerabilities in SINUMERIK Controllers SSA-203306: Password Vulnerabilities in SIPROTEC 4 and SIPROTEC Compact Relay Families SSA-254686: Foreshadow / L1 Terminal Fault Vulnerabilities in Industrial Products SSA-346262: Denial-of-Service in Industrial Products SSA-348629: Denial-of-Service Vulnerability in SIMATIC PCS 7, SIMATIC WinCC, SIMATIC WinCC Runtime Professional and SIMATIC NET PC Software SSA-584286: Denial-of-Service Vulnerability in SIMATIC S7-1200 CPU and SIMATIC S7-1500 CPU SSA-824231: Unauthenticated Firmware Upload Vulnerability in Desigo PX Controllers SSB-439005: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP --------------------------------------------- https://new.siemens.com/global/en/products/services/cert.html ∗∗∗ SAP Security Patch Day - March 2019 ∗∗∗ --------------------------------------------- On 12th of March 2019, SAP Security Patch Day saw the release of 9 Security Notes. Additionally, there were 3 updates to previously released security notes. We would like to inform that the vulnerability fixed by security note 2764283 is expected to be presented by a researcher at a security conference in March 2019. Therefore, we recommend our Customers to apply the SAP Security Note on priority. --------------------------------------------- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=515408080 ∗∗∗ BIG-IP Configuration utility vulnerability CVE-2019-6598 ∗∗∗ --------------------------------------------- BIG-IP Configuration utility vulnerability CVE-2019-6598 Security Advisory Security Advisory Description Malformed requests to the Traffic Management User Interface (TMUI), also referred to as the [...] --------------------------------------------- https://support.f5.com/csp/article/K44603900 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (pacman), CentOS (java-1.7.0-openjdk), Debian (zabbix), Fedora (kernel-headers), openSUSE (libcomps), Oracle (kernel), Red Hat (chromium-browser), SUSE (ovmf and qemu), and Ubuntu (tiff). --------------------------------------------- https://lwn.net/Articles/782842/ ∗∗∗ [20190301] - Core - XSS in com_config JSON handler ∗∗∗ --------------------------------------------- http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/JvJtucwH0Xs/772-20190301-c… ∗∗∗ [20190304] - Core - Missing ACL check in sample data plugins ∗∗∗ --------------------------------------------- http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/yevVdAyNRRI/775-20190304-c… ∗∗∗ [20190303] - Core - XSS in media form field ∗∗∗ --------------------------------------------- http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/-7y5ceiY85g/774-20190303-c… ∗∗∗ [20190302] - Core - XSS in item_title layout ∗∗∗ --------------------------------------------- http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/uD680RYCbkk/773-20190302-c… ∗∗∗ IBM Security Bulletin: IBM Content Navigator is affected by a code execution vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-content-navigator… ∗∗∗ IBM Security Bulletin: Security Vulnerabilities affect IBM Cloud Private Storage – GlusterFS and Minio ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit… ∗∗∗ IBM Security Bulletin: A Security Vulnerability affects IBM Cloud Private Kiali Istio addon ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… ∗∗∗ IBM Security Bulletin: A Security Vulnerability affects IBM Cloud Private Certificate Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… ∗∗∗ IBM Security Bulletin: Vulnerability in Kerberos affects Power Hardware Management Console ( CVE-2018-5730 CVE-2018-5729) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-kerb… ∗∗∗ IBM Security Bulletin: Vulnerability in GnuTLS affects Power Hardware Management Console ( CVE-2018-10845 CVE-2018-10844) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-gnut… ∗∗∗ IBM Security Bulletin: Vulnerability in OpenSSL affects Power Hardware Management Console ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-open… ∗∗∗ IBM Security Bulletin: Multiple security vulnerabilities affect Rational Engineering Lifecycle Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vul… ∗∗∗ IBM Security Bulletin: Multiple Cross-site scripting vulnerabilities affect IBM® Rational® Team Concert ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-cross-site-s… ∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities affect IBM® Rational® Quality Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vul… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 11.03.2019
by Daily end-of-shift report 11 Mar '19

11 Mar '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 08-03-2019 18:00 − Montag 11-03-2019 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ E-Mail-Marketing: Datenbank mit 800 Millionen E-Mail-Adressen online ∗∗∗ --------------------------------------------- Wozu sammelt ein völlig unbekanntes Unternehmen Hunderte Millionen E-Mail-Adressen und weitere Nutzerdaten? Dahinter steckt eine Dienstleistung, die für Spammer nützlich ist. --------------------------------------------- https://www.golem.de/news/e-mail-marketing-datenbank-mit-800-millionen-e-ma… ∗∗∗ Free decrypters for BigBobRoss ransomware released ∗∗∗ --------------------------------------------- Here’s some good news for users whose files have been encrypted by the BigBobRoss ransomware: both Avast and Emsisoft have released decrypters. How do you know that you've been hit with BigBobRoss? The ransomware gets its name from the email address included in the ransom note, which comes in a file named Read Me.txt. Another indication that the user's files have been encrypted by this particular malware is the .obfuscated extension added to the encrypted [...] --------------------------------------------- https://www.helpnetsecurity.com/2019/03/11/decrypt-bigbobross-ransomware/ ∗∗∗ A quick lesson in confirmation bias ∗∗∗ --------------------------------------------- In my experience, hacking investigations are driven by ignorance and confirmation bias. We regularly see things we cannot explain. We respond by coming up with a story where our pet theory explains it. Since there is no alternative explanation, this then becomes evidence of our theory, where this otherwise inexplicable thing becomes proof.For example, take that "Trump-AlfaBank" theory. One of the oddities noted by researchers is lookups for [...] --------------------------------------------- https://blog.erratasec.com/2019/03/a-quick-lesson-in-confirmation-bias.html ∗∗∗ Vorsicht vor überteuerten Einreisegenehmigungen und E-Visa ∗∗∗ --------------------------------------------- Momentan stecken viele Konsument/innen mitten in der Planung ihrer nächsten Reise. Bei einigen Urlaubszielen, beispielsweise den USA, Kanada, der Türkei oder Ägypten, ist die Beantragung eines E-Visums oder einer Einreisegenehmigung vorab notwendig. Hierbei ist Vorsicht geboten, denn neben den offiziellen behördlichen Websites sind auch zahlreiche Dienstleister im Internet zu finden, die für die gleiche Leistung stark überhöhte Gebühren verrechnen. --------------------------------------------- https://www.watchlist-internet.at/news/vorsicht-vor-ueberteuerten-einreiseg… ∗∗∗ The Hitchhiker's Guide To Initial Access ∗∗∗ --------------------------------------------- Abusing Bias - Part 2 --------------------------------------------- https://posts.specterops.io/the-hitchhikers-guide-to-initial-access-57b66aa… ===================== = Vulnerabilities = ===================== ∗∗∗ NREL BEopt 2.8.0 Insecure Library Loading Arbitrary Code Execution ∗∗∗ --------------------------------------------- BEopt suffers from a DLL Hijacking issue. The vulnerability is caused due to the application loading libraries (sdl2.dll and libegl.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into opening a related application file .BEopt located on a remote WebDAV or SMB share. --------------------------------------------- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5513.php ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (polkit), Debian (chromium, openjpeg2, php7.0, poppler, and symfony), Fedora (evolution, kernel, and kernel-headers), Gentoo (curl, firefox, keepalived, rdesktop, systemd, tar, wget, and zsh), openSUSE (gdm and hiawatha), Slackware (ntp), SUSE (audit, containerd, docker, docker-runc, golang-github-docker-libnetwork, runc, file, java-1_8_0-openjdk, mariadb, openssl-1_0_0, and sssd), and Ubuntu (poppler). --------------------------------------------- https://lwn.net/Articles/782780/ ∗∗∗ Vuln: NTP CVE-2019-8936 Denial of Service Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/107337 ∗∗∗ IBM Security Bulletin: A Security Vulnerability affects IBM Cloud Private Metering ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities have been identified in FasterXML Jackson library shipped with IBM Tivoli Netcool/OMNIbus Common Integration Libraries (CVE-2018-19360, CVE-2018-19361, CVE-2018-19362, CVE-2018-1000873) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: A Security Vulnerability affects IBM Cloud Private Service Catalog ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… ∗∗∗ glibc vulnerability CVE-2016-10739 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K35040315 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 08.03.2019
by Daily end-of-shift report 08 Mar '19

08 Mar '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 07-03-2019 18:00 − Freitag 08-03-2019 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Serious Security: When randomness isn’t – and why it matters ∗∗∗ --------------------------------------------- The password ji32k7au4a83 looks pretty random and feels as though it should be unique - read this article to find out why its neither! --------------------------------------------- https://nakedsecurity.sophos.com/2019/03/08/serious-security-when-randomnes… ∗∗∗ Google warnt vor Zero-Day-Lücke in Windows 7 ∗∗∗ --------------------------------------------- Angreifer nutzten eine Kombination aus Lücken in Chrome und Windows 7, um Rechner mit Spionage-Software zu infizieren. Nur eine von beiden ist geschlossen. --------------------------------------------- http://heise.de/-4329796 ∗∗∗ Jetzt updaten: Kritische Lücke in Apache Solr ∗∗∗ --------------------------------------------- Einige Versionen der Open-Source-Suchplattform Solr weisen ein mögliches Einfallstor für entfernte Angreifer auf. Updates sind verfügbar. --------------------------------------------- http://heise.de/-4329895 ∗∗∗ From Fake Updates to Unwanted Redirects ∗∗∗ --------------------------------------------- At the end of February, we wrote about a massive wave of site infections that pushed fake browser updates. In the beginning of March, the attack evolved into redirecting site visitors to sketchy ad URLs. --------------------------------------------- http://labs.sucuri.net/?note=2019-03-08 ∗∗∗ Smart unhackable car alarms open the doors of 3 million vehicles to hackers ∗∗∗ --------------------------------------------- The moment you call a product "unhackable" you are asking for trouble. --------------------------------------------- https://www.zdnet.com/article/smart-car-alarms-opened-the-doors-of-3-millio… ===================== = Vulnerabilities = ===================== ∗∗∗ Security Advisory 2019-02: Security Update for OTRS Framework ∗∗∗ --------------------------------------------- March 08, 2019 — Please read carefully and check if the version of your OTRS system is affected by this vulnerability. --------------------------------------------- https://community.otrs.com/security-advisory-2019-02-security-update-for-ot… ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (php-typo3-phar-stream-wrapper2), Mageia (gnutls, nagios, openssl, and python-gnupg), openSUSE (apache2, ceph, chromium, openssh, and webkit2gtk3), and Ubuntu (nvidia-graphics-drivers-390). --------------------------------------------- https://lwn.net/Articles/782653/ ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affects WebSphere Application Server January 2019 CPU that is bundled with IBM WebSphere Application Server Patterns ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Vulnerabilities identified in IBM® Java SDK affect WebSphere Service Registry and Repository and WebSphere Service Registry and Repository Studio (CVE-2018-12547 and CVE-2019-2426) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-ident… ∗∗∗ IBM Security Bulletin: FileNet CMIS (FNCMIS) leveraging Spring Framework is vulnerable to a denial of service caused by improper handling of range request by the ResourceHttpRequestHandler ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-filenet-cmis-fncmis-l… ∗∗∗ IBM Security Bulletin: Security Vulnerabilities affect IBM Cloud Private Vulnerability Advisor Kafka and Notification Dispatcher ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit… ∗∗∗ IBM Security Bulletin: Security Vulnerabilities affect IBM Cloud Private MongoDB ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit… ∗∗∗ IBM Security Bulletin: Security Vulnerabilities affect IBM Cloud Private Monitoring ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit… ∗∗∗ IBM Security Bulletin: Security Vulnerabilities affect IBM Cloud Private Logging ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM MQ could allow a local user to inject code that could be executed with root privileges. (CVE-2018-1998) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-could-allow-a-… ∗∗∗ IBM Security Bulletin: IBM MQ is vulnerable to a privilege escalation attack when using multiplexed channels (CVE-2018-1974) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-is-vulnerable-… ∗∗∗ IBM Security Bulletin: Multiple buffer overflow vulnerabilities exist in IBM® Db2® leading to privilege escalation (CVE-2018-1922, CVE-2018-1923, CVE-2018-1978, CVE-2018-1980, CVE-2019-4015, CVE-2019-4016). ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-buffer-overf… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 07.03.2019
by Daily end-of-shift report 07 Mar '19

07 Mar '19

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 06-03-2019 18:00 − Donnerstag 07-03-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Emotet: Eine Übersicht über die Schadsoftware ∗∗∗ --------------------------------------------- Emotet ist bereits 2014 entdeckt worden, unterscheidet sich allerdings in vielen Facetten von anderer Schadsoftware. An dieser Stelle fassen wir die Facetten und Eigenschaften zusammen, die diese Schadsoftware so besonders macht und geben eine kurze Übersicht, wie man sich schützen kann. --------------------------------------------- https://www.dfn-cert.de/aktuell/emotet-beschreibung.html ∗∗∗ Financial Cyberthreats in 2018 ∗∗∗ --------------------------------------------- The presented report continues the series of Kaspersky Lab reports that provide an overview of how the financial threat landscape has evolved over the years. It covers the common phishing threats that users encounter, along with Windows-based and Android-based financial malware. --------------------------------------------- https://securelist.com/financial-cyberthreats-in-2018/89788/ ∗∗∗ Keine Schnäppchen bei cws-elektro.com ∗∗∗ --------------------------------------------- Bei cws-elektro.com finden Konsument/innen jegliche Elektroartikel zu teils günstigeren Preisen als bei anderen Händler/innen. Der Online-Shop ist jedoch nicht seriös. Berichten zufolge bleibt eine Lieferung aus. Sie verlieren Ihr Geld. --------------------------------------------- https://www.watchlist-internet.at/news/keine-schnaeppchen-bei-cws-elektroco… ===================== = Vulnerabilities = ===================== ∗∗∗ ZDI-19-257: (0Day) Advantech WebAccess Node Product Installation File Access Control Modification Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- This vulnerability allows local attackers to escalate privileges on vulnerable installations of Advantech WebAccess Node. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-19-257/ ∗∗∗ Weak Configuration File Encryption in AVAYA One-X communicator ∗∗∗ --------------------------------------------- SEC Consult found a vulnerability within the encryption process used for configuration files of the Avaya One-X communicator. Being able to encrypt arbitrary plaintext by abusing the client, it was possible to decrypt sensitive passwords stored in configuration files. --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/weak-configuration-file-encr… ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by openSUSE (amavisd-new, apache2, and containerd, docker, docker-runc,), Red Hat (java-1.7.1-ibm and java-1.8.0-ibm), and Ubuntu (linux, linux-azure, linux-gcp, linux-kvm, linux-raspi2, linux-hwe, linux-azure, and php5, php7.0). --------------------------------------------- https://lwn.net/Articles/782572/ ∗∗∗ xpdf: Mehrere Schwachstellen ermöglichen Denial of Service ∗∗∗ --------------------------------------------- Mit Xpdf können PDF-Dokumente betrachtet werden. Dieser PDF-Betrachter ist zudem auch für Microsoft Windows verfügbar. Ein lokaler Angreifer kann mehrere Schwachstellen in xpdf ausnutzen, um einen Denial of Service Angriff durchzuführen. --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0193 ∗∗∗ Cisco NX-OS Software NX-API Arbitrary Code Execution Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ IBM Security Bulletin: IBM Cloud Kubernetes Service is affected by a Denial of Service vulnerability in Kubernetes API server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-kubernetes-… ∗∗∗ IBM Security Bulletin: API Connect is affected by an information disclosure vulnerability in the consumer API (CVE-2018-2009) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-api-connect-is-affect… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM® SDK, Java™ Technology Edition affect IBM Operational Decision Manager ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by Red Hat kernel vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium… ∗∗∗ IBM Security Bulletin: IBM QRadar SIEM is vulnerable to Apache Tomcat Publicly disclosed vulnerability (CVE-2018-11784) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-siem-is-vu… ∗∗∗ IBM Security Bulletin: IBM QRadar SIEM is vulnerable to Publicly disclosed Samba vulnerabilities (CVE-2018-10858, CVE-2018-1139) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-siem-is-vu… ∗∗∗ IBM Security Bulletin: IBM Lotus Protector for Mail Security has released fixes in response to the public disclosed vulnerability for PHP (CVE-2018-19518) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-lotus-protector-f… ∗∗∗ IBM Security Bulletin: IBM QRadar SIEM is vulnerable to publicly disclosed vulnerability from GNU glibc (CVE-2018-11237) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-siem-is-vu… ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime Affects Optim Data Growth, Test Data Management and Application Retirement ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 06.03.2019
by Daily end-of-shift report 06 Mar '19

06 Mar '19

===================== = End-of-Day report = ===================== Timeframe: Dienstag 05-03-2019 18:00 − Mittwoch 06-03-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ FIRST releases DDoS mitigation training course ∗∗∗ --------------------------------------------- The Forum of Incident Response and Security Teams (FIRST), which brings together incident responders from around the world, invested in the creation of a new training course “DDoS Mitigation Fundamentals”. Authored by Krassimir T. Tzvetanov, a recognized expert in the field, the training teaches incident responders to handle attacks and securing their organisations. --------------------------------------------- https://www.first.org/newsroom/releases/20190305 ∗∗∗ Sicherheitsupdate: Chrome-Schwachstelle wird aktiv genutzt ∗∗∗ --------------------------------------------- Google hat in Chrome eine Sicherheitslücke behoben, die offenbar bereits aktiv ausgenutzt wird. Details gibt es bislang wenige, aber alle Nutzer von Chrome und dessen Derivaten sollten schnellstmöglich ihren Browser aktualisieren. (Chrome, Google) --------------------------------------------- https://www.golem.de/news/sicherheitsupdate-chrome-schwachstelle-wird-aktiv… ∗∗∗ Spotlight on Troldesh ransomware, aka ‘Shade’ ∗∗∗ --------------------------------------------- Troldesh is ransomware that relies heavily on user interaction. Nevertheless, a recent spike in detections shows its been successful against businesses in the first few months of 2019.Categories: MalwareThreat analysisTags: decryptordecryptorsransom.troldeshransomwareransomware remediationshadethreat spotlightTroldesh(Read more...)The post Spotlight on Troldesh ransomware, aka ‘Shade’ appeared first on Malwarebytes Labs. --------------------------------------------- https://blog.malwarebytes.com/threat-analysis/2019/03/spotlight-troldesh-ra… ∗∗∗ Phishing-Versuch durch gefälschte Bawag-Sicherheits-App ∗∗∗ --------------------------------------------- Zahlreiche Konsument/innen melden eine gefälschte Bawag P.S.K. Mail an uns. Kriminelle versuchen darin, potenzielle Opfer zur Installation einer vermeintlichen Sicherheits-App zu bewegen. Die Applikation darf nicht installiert werden, denn ansonsten gelangen die Kriminellen an die Online-Banking-Daten Ihrer Opfer und es kann zu großen finanziellen Schäden kommen. --------------------------------------------- https://www.watchlist-internet.at/news/phishing-versuch-durch-gefaelschte-b… ===================== = Vulnerabilities = ===================== ∗∗∗ Vuln: SAP NetWeaver J2EE Engine CVE-2018-17861 Cross Site Scripting Vulnerability ∗∗∗ --------------------------------------------- Remote attackers can exploit this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. SAP NetWeaver J2EE Engine 7.01 is vulnerable; other versions may also be affected. --------------------------------------------- http://www.securityfocus.com/bid/107269 ∗∗∗ Vuln: NetApp SnapCenter CVE-2017-15515 Cross Site Scripting Vulnerability ∗∗∗ --------------------------------------------- Remote attackers can exploit this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials, gain sensitive information, cause denial-of-service conditions and launch other attacks. NetApp SnapCenter prior to 4.0 is vulnerable. --------------------------------------------- http://www.securityfocus.com/bid/107272 ∗∗∗ Vuln: Apache Mesos CVE-2018-11793 Denial of Service Vulnerability ∗∗∗ --------------------------------------------- Successfully exploiting this issue allows remote attackers to crash the affected application, denying service to legitimate users. Apache Mesos version 1.4.0 through 1.7.0 are vulnerable; other versions may also be affected. --------------------------------------------- http://www.securityfocus.com/bid/107281 ∗∗∗ Default Privileged Account Vulnerability in the NetApp Service Processor (CVE-2019-5490) ∗∗∗ --------------------------------------------- Certain versions of the NetApp Service Processor firmware were shipped with a default account enabled that could allow unauthorized arbitrary command execution. --------------------------------------------- https://security.netapp.com/advisory/ntap-20190305-0001/ ∗∗∗ OpenSSL Security Advisory: ChaCha20-Poly1305 with long nonces (CVE-2019-1543) ∗∗∗ --------------------------------------------- Any OpenSSL internal use of this cipher, including in SSL/TLS, is safe because no such use sets such a long nonce value. However user applications that use this cipher directly and set a non-default nonce length to be longer than 12 bytes may be vulnerable. OpenSSL versions 1.1.1 and 1.1.0 are affected by this issue. Due to the limited scope of affected deployments this has been assessed as low severity and therefore we are not creating new releases at this time. --------------------------------------------- https://www.openssl.org/news/secadv/20190306.txt ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (java-1.7.0-openjdk and java-11-openjdk), Debian (mumble and sox), Fedora (drupal7, drupal7-link, firefox, gpsd, ignition, ming, php-erusev-parsedown, and php-Smarty), openSUSE (hiawatha, python, and supportutils), Oracle (java-1.7.0-openjdk), Red Hat (java-1.7.0-openjdk), Scientific Linux (java-1.7.0-openjdk), and Ubuntu (linux, linux-aws, linux-gcp, linux-kvm, linux-oem, linux-oracle, linux-raspi2 and linux-hwe, linux-aws-hwe, linux-azure, --------------------------------------------- https://lwn.net/Articles/782462/ ∗∗∗ Rockwell Automation Patches Critical DoS/RCE Flaw in RSLinx Software ∗∗∗ --------------------------------------------- Patches released by Rockwell Automation for its RSLinx Classic software address a critical vulnerability that can be exploited for denial-of-service (DoS) attacks and possibly for remote code execution. --------------------------------------------- https://www.securityweek.com/rockwell-automation-patches-critical-dosrce-fl… ∗∗∗ PEPPERL+FUCHS Path traversal in WirelessHART Gateway ∗∗∗ --------------------------------------------- https://cert.vde.com/de-de/advisories/vde-2019-002 ∗∗∗ Cisco Nexus 9000 Series Fabric Switches Application-Centric Infrastructure Mode Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Nexus 9000 Series Switches Standalone NX-OS Mode Tetration Analytics Agent Arbitrary Code Execution Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco FXOS and NX-OS Lightweight Directory Access Protocol Denial of Service Vulnerabilities ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS Software Image Signature Verification Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS Software Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS Software Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS Software Bash Shell Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Nexus 9000 Series Switches Standalone NX-OS Mode Fibre Channel over Ethernet NPV Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS Software Netstack Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS Software Unauthorized Filesystem Access Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS Software Cisco Fabric Services Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS Software Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1613) ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1612) ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco FXOS and NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1611) ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1610) ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1609) ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1608) ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1607) ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1606) ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS Software NX-API Command Injection Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS Software 802.1X Extensible Authentication Protocol over LAN Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS Software Bash Shell Role-Based Access Control Bypass Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS Software NX-API Arbitrary Code Execution Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Nexus 5600 and 6000 Series Switches Fibre Channel over Ethernet Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Action Recommended to Secure the Cisco Nexus PowerOn Auto Provisioning Feature ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco DNA Center Access Contract Stored Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Enterprise Chat and Email Cross-Site Scripting Vulnerabilities ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Application Policy Infrastructure Controller IPv6 Link-Local Address Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Shell Escape Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Nexus 9000 Series Fabric Switches Application-Centric Infrastructure Mode Arbitrary File Read Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco FXOS and NX-OS Software Unauthorized Directory Access Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect WebSphere Application Server January 2019 CPU ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: IBM API Connect Developer Portal is affected by arbitrary PHP code execution vulnerability in Drupal (CVE-2019-6340) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-devel… ∗∗∗ IBM Security Bulletin: IBM API Connect is affected by a critical vulnerability in Kubernetes via runc (CVE-2019-5736) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-is-af… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cloud Transformation Advisor ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities Affect IBM WebSphere Application Server in IBM Cloud ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vul… ∗∗∗ IBM Security Bulletin: IBM QRadar SIEM is vulnerable to publicly disclosed vulnerabilities from OpenSSL (CVE-2018-0739, CVE-2018-0732) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-siem-is-vu… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 05.03.2019
by Daily end-of-shift report 05 Mar '19

05 Mar '19

===================== = End-of-Day report = ===================== Timeframe: Montag 04-03-2019 18:00 − Dienstag 05-03-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ RSAC 2019: Microsoft Zero-Day Allows Exploits to Sneak Past Sandboxes ∗∗∗ --------------------------------------------- The flaw allows attackers to hide exploits in weaponized Word documents in a way that won’t trigger most antivirus solutions, the researchers said. In a recent spam campaign observed by Mimecast, attached Word attachments contained a hidden exploit for an older vulnerability in Microsoft Equation Editor (CVE-2017-11882). --------------------------------------------- https://threatpost.com/zero-day-exploit-microsoft/142327/ ∗∗∗ SPOILER alert, literally: Intel CPUs afflicted with simple data-spewing spec-exec vulnerability ∗∗∗ --------------------------------------------- Leakage ... is visible in all Intel generations starting from 1st-gen Intel Core CPUs Further demonstrating the computational risks of looking into the future, boffins have found another way to abuse speculative execution in Intel CPUs to leak secrets and other data from running applications.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2019/03/05/spoiler_int… ∗∗∗ Keine Alibis und Urkundenfälschungen auf dokumenten-guru.de bestellen! ∗∗∗ --------------------------------------------- Auf dokumenten-guru.de finden Konsument/innen ein höchst zwielichtiges Angebot. Gegen Zahlung per Vorkasse werden gefälschte Alibis, Scheinrechnungen, Dokumente sowie die Fälschung von Zeugnissen und Zertifikaten angeboten. Die Dienste sollten auf keinen Fall in Anspruch genommen werden, denn während Lieferungen Erfahrungsberichten zufolge ohnedies ausbleiben, machen sich Konsument/innen durch die Nutzung gefälschter Urkunden und Zeugnisse strafbar! --------------------------------------------- https://www.watchlist-internet.at/news/keine-alibis-und-urkundenfaelschunge… ∗∗∗ Keine Dienste von installateur-24.info nutzen ∗∗∗ --------------------------------------------- Bei der Google-Suche nach Installateursunternehmen stoßen Konsument/innen auf installateur-24.info. Die Betreiber/innen der Seite werben mit einem rund um die Uhr Notservice, fairen Preisen und viel Erfahrung. Wer die Dienste in Anspruch nimmt, wird böse überrascht, denn die Preise fallen extrem hoch aus und die erbrachten Leistungen lassen zu wünschen übrig. --------------------------------------------- https://www.watchlist-internet.at/news/keine-dienste-von-installateur-24inf… ===================== = Vulnerabilities = ===================== ∗∗∗ Android Security Bulletin - March 2019 ∗∗∗ --------------------------------------------- [...] The most severe of these issues is a critical security vulnerability in Media framework that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process. --------------------------------------------- https://source.android.com/security/bulletin/2019-03-01.html ∗∗∗ VMSA-2018-0023 ∗∗∗ --------------------------------------------- The AirWatch Agent for iOS devices contains a data protection vulnerability whereby the files and keychain entries in the Agent are not encrypted. The VMware Content Locker for iOS devices contains a data protection vulnerability in the SQLite database. This vulnerability relates to unencrypted filenames and associated metadata in SQLite database for the Content Locker. --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2018-0023.html ∗∗∗ Xen XSA-294 ∗∗∗ --------------------------------------------- Malicious 64bit PV guests may be able to cause a host crash (Denial of Service). Additionally, vulnerable configurations are unstable even in the absence of an attack. --------------------------------------------- https://xenbits.xen.org/xsa/advisory-294.html ∗∗∗ Xen XSA-293 ∗∗∗ --------------------------------------------- A malicious unprivileged guest userspace process can escalate its privilege to that of other userspace processes in the same guest, and potentially thereby to that of the guest operating system. Additionally, some guest software which attempts to use this CPU feature may trigger the bug accidentally, leading to crashes or corruption of other processes in the same guest. --------------------------------------------- https://xenbits.xen.org/xsa/advisory-293.html ∗∗∗ Xen XSA-292 ∗∗∗ --------------------------------------------- Malicious PV guests may be able to cause a host crash (Denial of Service) or to gain access to data pertaining to other guests. Privilege escalation opportunities cannot be ruled out. Additionally, vulnerable configurations are likely to be unstable even in the absence of an attack. --------------------------------------------- https://xenbits.xen.org/xsa/advisory-292.html ∗∗∗ Xen XSA-291 ∗∗∗ --------------------------------------------- Malicious or buggy x86 PV guest kernels can mount a Denial of Service (DoS) attack affecting the whole system. --------------------------------------------- https://xenbits.xen.org/xsa/advisory-291.html ∗∗∗ Xen XSA-290 ∗∗∗ --------------------------------------------- Malicious or buggy x86 PV guest kernels can mount a Denial of Service (DoS) attack affecting the whole system. --------------------------------------------- https://xenbits.xen.org/xsa/advisory-290.html ∗∗∗ Xen XSA-288 ∗∗∗ --------------------------------------------- An untrusted PV domain with access to a physical device can DMA into its own pagetables, leading to privilege escalation. --------------------------------------------- https://xenbits.xen.org/xsa/advisory-288.html ∗∗∗ Xen XSA-287 ∗∗∗ --------------------------------------------- A single PV guest can leak arbitrary amounts of memory, leading to a denial of service. A cooperating pair of PV and HVM/PVH guests can get a writable pagetable entry, leading to information disclosure or privilege escalation. Privilege escalation attacks using only a single PV guest or a pair of PV guests have not been ruled out. Note that both of these attacks require very precise timing, which may be difficult to exploit in practice. --------------------------------------------- https://xenbits.xen.org/xsa/advisory-287.html ∗∗∗ Xen XSA-285 ∗∗∗ --------------------------------------------- Malicious PV guests can escalate their privilege to that of the hypervisor. --------------------------------------------- https://xenbits.xen.org/xsa/advisory-285.html ∗∗∗ Xen XSA-284 ∗∗∗ --------------------------------------------- The primary impact is a memory leak. Malicious or buggy guests with passed through PCI devices may also be able to escalate their privileges, crash the host, or access data belonging to other guests. --------------------------------------------- https://xenbits.xen.org/xsa/advisory-284.html ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (nss), openSUSE (procps), Red Hat (redhat-virtualization-host, rhvm-appliance, and vdsm), SUSE (freerdp, kernel, and obs-service-tar_scm), and Ubuntu (openssh). --------------------------------------------- https://lwn.net/Articles/781363/ ∗∗∗ Security Advisory - FRP Bypass Vulnerability on Some Huawei Smartphones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190305-… ∗∗∗ IBM Security Bulletin: A vulnerability in Spice affects PowerKVM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-sp… ∗∗∗ IBM Security Bulletin: A vulnerability in Polkit affects PowerKVM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-po… ∗∗∗ IBM Security Bulletin: A vulnerability in Bind affects PowerKVM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-bi… ∗∗∗ IBM Security Bulletin: Vulnerabiliies in systemd affect PowerKVM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabiliies-in-sys… ∗∗∗ IBM Security Bulletin: A vulnerability in Perl affects PowerKVM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-pe… ∗∗∗ IBM Security Bulletin: Cross-site scripting vulnerability in WebSphere Application Server Admin Console (CVE-2019-4030) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-cross-site-scripting-… ∗∗∗ IBM Security Bulletin: A vulnerability in keepalived affects PowerKVM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ke… ∗∗∗ IBM Security Bulletin: Vulnerabilities in the Linux Kernel affect PowerKVM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-th… ∗∗∗ IBM Security Bulletin: Vulnerabiliies in libmspack affect PowerKVM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabiliies-in-lib… ∗∗∗ IBM Security Bulletin: A vulnerability in NetworkManager affects PowerKVM ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ne… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 04.03.2019
by Daily end-of-shift report 04 Mar '19

04 Mar '19

===================== = End-of-Day report = ===================== Timeframe: Freitag 01-03-2019 18:00 − Montag 04-03-2019 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ The Overlooked Security Threat of Sign-In Kiosks ∗∗∗ --------------------------------------------- New research from IBM shows that several visitor management systems had a rash of vulnerabilities. --------------------------------------------- https://www.wired.com/story/visitor-management-system-vulnerabilities ∗∗∗ Cisco-Router: Forscher melden Hinweise auf aktive Angriffe ∗∗∗ --------------------------------------------- Eine vergangene Woche gepatchte Sicherheitslücke in mehreren Cisco-Geräten scheint nun aktiv von Angreifern ausgenutzt zu werden. Nutzer sollten zügig handeln. --------------------------------------------- http://heise.de/-4325072 ===================== = Vulnerabilities = ===================== ∗∗∗ Sicherheitslücke: Adobe veröffentlicht Sicherheitsupdate für Coldfusion ∗∗∗ --------------------------------------------- Adobe hat für die Coldfusion-Versionen 11, 2016 und 2018 ein wichtiges Sicherheitsupdate veröffentlicht. Anwender sollten es möglichst schnell installieren. Der Grund sind laufende Angriffe. (Adobe, Sicherheitslücke) --------------------------------------------- https://www.golem.de/news/sicherheitsluecke-adobe-veroeffentlicht-sicherhei… ∗∗∗ Frist verstrichen: Google enthüllt ungepatchte Schwachstelle im macOS-Kernel ∗∗∗ --------------------------------------------- Apple hat einen Bug in XNU nach 90 Tagen nicht beseitigt, nun wurden Details veröffentlicht. Googles Project Zero stuft die Schwere der Lücke als "hoch" ein. --------------------------------------------- http://heise.de/-4325636 ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (chromium, file, gdm, lib32-openssl-1.0, openssl-1.0, and pcre), Debian (advancecomp, ceph, jackson-databind, openssh, and openssl), Fedora (community-mysql, distcc, freerdp, gdm, gnome-boxes, libexif, openocd, pidgin-sipe, remmina, SDL, and xpdf), openSUSE (kernel-firmware and php5), Oracle (java-1.8.0-openjdk and java-11-openjdk), Slackware (infozip and python), and SUSE (caasp-container-manifests, changelog-generator-data-sles12sp3-velum, --------------------------------------------- https://lwn.net/Articles/781243/ ∗∗∗ Vuln: EMC RSA Authentication Manager CVE-2019-3711 Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/107210 ∗∗∗ IBM Security Bulletin: Potential WebSphere Application Server weakness in security affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2018-1996) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-websphere-a… ∗∗∗ IBM Security Bulletin: IBM InfoSphere Change Data Capture is affected by a jackson-core open source library vulnerability (CVE-2018-0125) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-infosphere-change… ∗∗∗ IBM Security Bulletin: InfoSphere Data Replication is affected by a Guava open source library vulnerability (CVE-2018-10237) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-infosphere-data-repli… ∗∗∗ IBM Security Bulletin: OpenSSL DSA signature algorithm security vulnerability affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2018-0734) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-openssl-dsa-signature… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2018-3139, CVE-2018-3180) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit… ∗∗∗ IBM Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2018-1901) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-privilege-escalation-… ∗∗∗ IBM Security Bulletin: IBM InfoSphere Change Data Capture is affected by a Jackson 2.3.3 and 2.4.4 open source library vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-infosphere-change… ∗∗∗ IBM Security Bulletin: IBM Cloud Private middleware is vulnerable to attack from redirect calls ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-private-mid… ∗∗∗ IBM Security Bulletin: A Security Vulnerability affects IBM Cloud Private – CVE-2018-1938 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… ∗∗∗ IBM Security Bulletin: A Security Vulnerability affects IBM Cloud Private – CVE-2018-1937 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil… ∗∗∗ IBM Security Bulletin: IBM Cloud Kubernetes Service is affected by a privilege escalation vulnerability in runc ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-kubernetes-… ∗∗∗ HPESBHF03913 rev.1 - HPE OneSphere, Container Breakout ∗∗∗ --------------------------------------------- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 01.03.2019
by Daily end-of-shift report 01 Mar '19

01 Mar '19

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 28-02-2019 18:00 − Freitag 01-03-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Netzwerkanalyse: Wireshark 3.0 nutzt Paketsniffer von Nmap ∗∗∗ --------------------------------------------- Die aktuelle Version 3.0 des Werkzeugs zur Netzwerkanalyse, Wireshark, nutzt unter Windows den proprietären Paketsniffer von Nmap. Das Projekt entfernt außerdem alte Abhängigkeiten und unterstützt einige 5G-Protokolle. --------------------------------------------- https://www.golem.de/news/netzwerkanalyse-wireshark-3-0-nutzt-paketsniffer-… ∗∗∗ eBay-Phishing auf eBay-Seite ∗∗∗ --------------------------------------------- Betrügern ist es gelungen, eine gefälschte Login-Seite auf einem SSL-gesicherten eBay-Server abzulegen. Der Phishing-Versuch ist für Nutzer schwer erkennbar. --------------------------------------------- http://heise.de/-4324266 ∗∗∗ A Case Study in Wagging the Dog: Computer Takeover ∗∗∗ --------------------------------------------- Last month, Elad Shamir released a phenomenal, in depth post on abusing resource-based constrained delegation (RBCD) in Active Directory. One of the big points he discusses is that if the TrustedToAuthForDelegation UserAccountControl flag is not set, the S4U2self process will still work but the resulting TGS is not FORWARDABLE. This resulting service ticket will fail for traditional constrained delegation, but will still work in the S4U2proxy process for resource-based constrained delegation. --------------------------------------------- https://posts.specterops.io/a-case-study-in-wagging-the-dog-computer-takeov… ∗∗∗ Finding Perpetrators behind DDoS Attacks ∗∗∗ --------------------------------------------- Reflective Amplification Denial-of-Service attacks continue to be a serious threat.We measured roughly 10,000 attacks per day in a post last year, and the numbers have not gone down since:In the first two months of 2019 our honeypot network already saw [...] --------------------------------------------- https://sissden.eu/blog/finding-perpetrators-behind-ddos-attacks ===================== = Vulnerabilities = ===================== ∗∗∗ PSI GridConnect Telecontrol ∗∗∗ --------------------------------------------- This advisory provides mitigation recommendations for a cross-site scripting vulnerability reported in PSI GridConnects Telecontrol compact DIN rail device. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-19-059-01 ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (bind9, file, ikiwiki, ldb, openssl1.0, php7.0, uw-imap, and wordpress), Fedora (ansible, file, flatpak, kernel, kernel-headers, and python-django), openSUSE (kernel and systemd), Scientific Linux (java-1.8.0-openjdk and java-11-openjdk), SUSE (openssl-1_1 and webkit2gtk3), and Ubuntu (libgd2). --------------------------------------------- https://lwn.net/Articles/781083/ ∗∗∗ IBM Security Bulletin: Information Disclosure Security Vulnerability Affects IBM Sterling B2B Integrator (CVE-2019-4063) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-information-disclosur… ∗∗∗ IBM Security Bulletin: Financial Transaction Manager for ACH Services is affected by a potential SQL Injection vulnerability (CVE-2019-4032) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction… ∗∗∗ IBM Security Bulletin: Multiple Cross-Site Scripting Vulnerabilities Affect IBM Sterling B2B Integrator (CVE-2019-4027, CVE-2019-4028, CVE-2019-4029) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-cross-site-s… ∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities affect IBM® Cloud Private – Node.js ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vul… ∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities in OpenSSL Affect IBM Sterling B2B Integrator (CVE-2018-0734, CVE-2018-5407) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vul… ∗∗∗ IBM Security Bulletin: IBM InfoSphere Governance Catalog is affected by an Improper Access Control vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-infosphere-govern… ∗∗∗ IBM Security Bulletin: IBM InfoSphere Governance Catalog is vulnerable to an Open Redirection vulnerability ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-infosphere-govern… ∗∗∗ IBM Security Bulletin: IBM Security Identity Adapters affected by OpenSSL RSA Key vulnerability (CVE-2018-0737) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-identity… ∗∗∗ IBM Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to multiple security vulnerabilities for IBM Java SDK ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-has-announced-a-r… ∗∗∗ IBM Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to multiple security vulnerabilities for IBM WebSphere Liberty Server ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-has-announced-a-r… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily March 2019