=====================
= End-of-Day report =
=====================
Timeframe: Dienstag 05-03-2019 18:00 − Mittwoch 06-03-2019 18:00
Handler: Robert Waldner
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ FIRST releases DDoS mitigation training course ∗∗∗
---------------------------------------------
The Forum of Incident Response and Security Teams (FIRST), which brings together incident responders from around the world, invested in the creation of a new training course “DDoS Mitigation Fundamentals”. Authored by Krassimir T. Tzvetanov, a recognized expert in the field, the training teaches incident responders to handle attacks and securing their organisations.
---------------------------------------------
https://www.first.org/newsroom/releases/20190305
∗∗∗ Sicherheitsupdate: Chrome-Schwachstelle wird aktiv genutzt ∗∗∗
---------------------------------------------
Google hat in Chrome eine Sicherheitslücke behoben, die offenbar bereits aktiv ausgenutzt wird. Details gibt es bislang wenige, aber alle Nutzer von Chrome und dessen Derivaten sollten schnellstmöglich ihren Browser aktualisieren. (Chrome, Google)
---------------------------------------------
https://www.golem.de/news/sicherheitsupdate-chrome-schwachstelle-wird-aktiv…
∗∗∗ Spotlight on Troldesh ransomware, aka ‘Shade’ ∗∗∗
---------------------------------------------
Troldesh is ransomware that relies heavily on user interaction. Nevertheless, a recent spike in detections shows its been successful against businesses in the first few months of 2019.Categories: MalwareThreat analysisTags: decryptordecryptorsransom.troldeshransomwareransomware remediationshadethreat spotlightTroldesh(Read more...)The post Spotlight on Troldesh ransomware, aka ‘Shade’ appeared first on Malwarebytes Labs.
---------------------------------------------
https://blog.malwarebytes.com/threat-analysis/2019/03/spotlight-troldesh-ra…
∗∗∗ Phishing-Versuch durch gefälschte Bawag-Sicherheits-App ∗∗∗
---------------------------------------------
Zahlreiche Konsument/innen melden eine gefälschte Bawag P.S.K. Mail an uns. Kriminelle versuchen darin, potenzielle Opfer zur Installation einer vermeintlichen Sicherheits-App zu bewegen. Die Applikation darf nicht installiert werden, denn ansonsten gelangen die Kriminellen an die Online-Banking-Daten Ihrer Opfer und es kann zu großen finanziellen Schäden kommen.
---------------------------------------------
https://www.watchlist-internet.at/news/phishing-versuch-durch-gefaelschte-b…
=====================
= Vulnerabilities =
=====================
∗∗∗ Vuln: SAP NetWeaver J2EE Engine CVE-2018-17861 Cross Site Scripting Vulnerability ∗∗∗
---------------------------------------------
Remote attackers can exploit this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
SAP NetWeaver J2EE Engine 7.01 is vulnerable; other versions may also be affected.
---------------------------------------------
http://www.securityfocus.com/bid/107269
∗∗∗ Vuln: NetApp SnapCenter CVE-2017-15515 Cross Site Scripting Vulnerability ∗∗∗
---------------------------------------------
Remote attackers can exploit this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials, gain sensitive information, cause denial-of-service conditions and launch other attacks.
NetApp SnapCenter prior to 4.0 is vulnerable.
---------------------------------------------
http://www.securityfocus.com/bid/107272
∗∗∗ Vuln: Apache Mesos CVE-2018-11793 Denial of Service Vulnerability ∗∗∗
---------------------------------------------
Successfully exploiting this issue allows remote attackers to crash the affected application, denying service to legitimate users.
Apache Mesos version 1.4.0 through 1.7.0 are vulnerable; other versions may also be affected.
---------------------------------------------
http://www.securityfocus.com/bid/107281
∗∗∗ Default Privileged Account Vulnerability in the NetApp Service Processor (CVE-2019-5490) ∗∗∗
---------------------------------------------
Certain versions of the NetApp Service Processor firmware were shipped with a default account enabled that could allow unauthorized arbitrary command execution.
---------------------------------------------
https://security.netapp.com/advisory/ntap-20190305-0001/
∗∗∗ OpenSSL Security Advisory: ChaCha20-Poly1305 with long nonces (CVE-2019-1543) ∗∗∗
---------------------------------------------
Any OpenSSL internal use of this cipher, including in SSL/TLS, is safe because no such use sets such a long nonce value. However user applications that use this cipher directly and set a non-default nonce length to be longer than 12 bytes may be vulnerable. OpenSSL versions 1.1.1 and 1.1.0 are affected by this issue. Due to the limited scope of affected deployments this has been assessed as low severity and therefore we are not creating new releases at this time.
---------------------------------------------
https://www.openssl.org/news/secadv/20190306.txt
∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (java-1.7.0-openjdk and java-11-openjdk), Debian (mumble and sox), Fedora (drupal7, drupal7-link, firefox, gpsd, ignition, ming, php-erusev-parsedown, and php-Smarty), openSUSE (hiawatha, python, and supportutils), Oracle (java-1.7.0-openjdk), Red Hat (java-1.7.0-openjdk), Scientific Linux (java-1.7.0-openjdk), and Ubuntu (linux, linux-aws, linux-gcp, linux-kvm, linux-oem, linux-oracle, linux-raspi2 and linux-hwe, linux-aws-hwe, linux-azure,
---------------------------------------------
https://lwn.net/Articles/782462/
∗∗∗ Rockwell Automation Patches Critical DoS/RCE Flaw in RSLinx Software ∗∗∗
---------------------------------------------
Patches released by Rockwell Automation for its RSLinx Classic software address a critical vulnerability that can be exploited for denial-of-service (DoS) attacks and possibly for remote code execution.
---------------------------------------------
https://www.securityweek.com/rockwell-automation-patches-critical-dosrce-fl…
∗∗∗ PEPPERL+FUCHS Path traversal in WirelessHART Gateway ∗∗∗
---------------------------------------------
https://cert.vde.com/de-de/advisories/vde-2019-002
∗∗∗ Cisco Nexus 9000 Series Fabric Switches Application-Centric Infrastructure Mode Privilege Escalation Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ Cisco Nexus 9000 Series Switches Standalone NX-OS Mode Tetration Analytics Agent Arbitrary Code Execution Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ Cisco FXOS and NX-OS Lightweight Directory Access Protocol Denial of Service Vulnerabilities ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ Cisco NX-OS Software Image Signature Verification Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ Cisco NX-OS Software Privilege Escalation Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ Cisco NX-OS Software Privilege Escalation Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ Cisco NX-OS Software Bash Shell Privilege Escalation Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ Cisco Nexus 9000 Series Switches Standalone NX-OS Mode Fibre Channel over Ethernet NPV Denial of Service Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ Cisco NX-OS Software Netstack Denial of Service Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ Cisco NX-OS Software Unauthorized Filesystem Access Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ Cisco NX-OS Software Cisco Fabric Services Denial of Service Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ Cisco NX-OS Software Privilege Escalation Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1613) ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1612) ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ Cisco FXOS and NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1611) ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1610) ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1609) ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1608) ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1607) ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1606) ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ Cisco NX-OS Software NX-API Command Injection Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ Cisco NX-OS Software 802.1X Extensible Authentication Protocol over LAN Denial of Service Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ Cisco NX-OS Software Bash Shell Role-Based Access Control Bypass Privilege Escalation Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ Cisco NX-OS Software NX-API Arbitrary Code Execution Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ Cisco Nexus 5600 and 6000 Series Switches Fibre Channel over Ethernet Denial of Service Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ Action Recommended to Secure the Cisco Nexus PowerOn Auto Provisioning Feature ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ Cisco DNA Center Access Contract Stored Cross-Site Scripting Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ Cisco Enterprise Chat and Email Cross-Site Scripting Vulnerabilities ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ Cisco Application Policy Infrastructure Controller IPv6 Link-Local Address Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Shell Escape Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ Cisco Nexus 9000 Series Fabric Switches Application-Centric Infrastructure Mode Arbitrary File Read Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ Cisco FXOS and NX-OS Software Unauthorized Directory Access Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect WebSphere Application Server January 2019 CPU ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit…
∗∗∗ IBM Security Bulletin: IBM API Connect Developer Portal is affected by arbitrary PHP code execution vulnerability in Drupal (CVE-2019-6340) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-devel…
∗∗∗ IBM Security Bulletin: IBM API Connect is affected by a critical vulnerability in Kubernetes via runc (CVE-2019-5736) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-is-af…
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cloud Transformation Advisor ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit…
∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities Affect IBM WebSphere Application Server in IBM Cloud ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vul…
∗∗∗ IBM Security Bulletin: IBM QRadar SIEM is vulnerable to publicly disclosed vulnerabilities from OpenSSL (CVE-2018-0739, CVE-2018-0732) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-siem-is-vu…
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Montag 04-03-2019 18:00 − Dienstag 05-03-2019 18:00
Handler: Robert Waldner
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ RSAC 2019: Microsoft Zero-Day Allows Exploits to Sneak Past Sandboxes ∗∗∗
---------------------------------------------
The flaw allows attackers to hide exploits in weaponized Word documents in a way that won’t trigger most antivirus solutions, the researchers said. In a recent spam campaign observed by Mimecast, attached Word attachments contained a hidden exploit for an older vulnerability in Microsoft Equation Editor (CVE-2017-11882).
---------------------------------------------
https://threatpost.com/zero-day-exploit-microsoft/142327/
∗∗∗ SPOILER alert, literally: Intel CPUs afflicted with simple data-spewing spec-exec vulnerability ∗∗∗
---------------------------------------------
Leakage ... is visible in all Intel generations starting from 1st-gen Intel Core CPUs Further demonstrating the computational risks of looking into the future, boffins have found another way to abuse speculative execution in Intel CPUs to leak secrets and other data from running applications.…
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2019/03/05/spoiler_int…
∗∗∗ Keine Alibis und Urkundenfälschungen auf dokumenten-guru.de bestellen! ∗∗∗
---------------------------------------------
Auf dokumenten-guru.de finden Konsument/innen ein höchst zwielichtiges Angebot. Gegen Zahlung per Vorkasse werden gefälschte Alibis, Scheinrechnungen, Dokumente sowie die Fälschung von Zeugnissen und Zertifikaten angeboten. Die Dienste sollten auf keinen Fall in Anspruch genommen werden, denn während Lieferungen Erfahrungsberichten zufolge ohnedies ausbleiben, machen sich Konsument/innen durch die Nutzung gefälschter Urkunden und Zeugnisse strafbar!
---------------------------------------------
https://www.watchlist-internet.at/news/keine-alibis-und-urkundenfaelschunge…
∗∗∗ Keine Dienste von installateur-24.info nutzen ∗∗∗
---------------------------------------------
Bei der Google-Suche nach Installateursunternehmen stoßen Konsument/innen auf installateur-24.info. Die Betreiber/innen der Seite werben mit einem rund um die Uhr Notservice, fairen Preisen und viel Erfahrung. Wer die Dienste in Anspruch nimmt, wird böse überrascht, denn die Preise fallen extrem hoch aus und die erbrachten Leistungen lassen zu wünschen übrig.
---------------------------------------------
https://www.watchlist-internet.at/news/keine-dienste-von-installateur-24inf…
=====================
= Vulnerabilities =
=====================
∗∗∗ Android Security Bulletin - March 2019 ∗∗∗
---------------------------------------------
[...] The most severe of these issues is a critical security vulnerability in Media framework that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process.
---------------------------------------------
https://source.android.com/security/bulletin/2019-03-01.html
∗∗∗ VMSA-2018-0023 ∗∗∗
---------------------------------------------
The AirWatch Agent for iOS devices contains a data protection vulnerability whereby the files and keychain entries in the Agent are not encrypted.
The VMware Content Locker for iOS devices contains a data protection vulnerability in the SQLite database. This vulnerability relates to unencrypted filenames and associated metadata in SQLite database for the Content Locker.
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2018-0023.html
∗∗∗ Xen XSA-294 ∗∗∗
---------------------------------------------
Malicious 64bit PV guests may be able to cause a host crash (Denial of Service).
Additionally, vulnerable configurations are unstable even in the absence of an attack.
---------------------------------------------
https://xenbits.xen.org/xsa/advisory-294.html
∗∗∗ Xen XSA-293 ∗∗∗
---------------------------------------------
A malicious unprivileged guest userspace process can escalate its privilege to that of other userspace processes in the same guest, and potentially thereby to that of the guest operating system. Additionally, some guest software which attempts to use this CPU feature may trigger the bug accidentally, leading to crashes or corruption of other processes in the same guest.
---------------------------------------------
https://xenbits.xen.org/xsa/advisory-293.html
∗∗∗ Xen XSA-292 ∗∗∗
---------------------------------------------
Malicious PV guests may be able to cause a host crash (Denial of Service) or to gain access to data pertaining to other guests. Privilege escalation opportunities cannot be ruled out. Additionally, vulnerable configurations are likely to be unstable even
in the absence of an attack.
---------------------------------------------
https://xenbits.xen.org/xsa/advisory-292.html
∗∗∗ Xen XSA-291 ∗∗∗
---------------------------------------------
Malicious or buggy x86 PV guest kernels can mount a Denial of Service (DoS) attack affecting the whole system.
---------------------------------------------
https://xenbits.xen.org/xsa/advisory-291.html
∗∗∗ Xen XSA-290 ∗∗∗
---------------------------------------------
Malicious or buggy x86 PV guest kernels can mount a Denial of Service (DoS) attack affecting the whole system.
---------------------------------------------
https://xenbits.xen.org/xsa/advisory-290.html
∗∗∗ Xen XSA-288 ∗∗∗
---------------------------------------------
An untrusted PV domain with access to a physical device can DMA into its own pagetables, leading to privilege escalation.
---------------------------------------------
https://xenbits.xen.org/xsa/advisory-288.html
∗∗∗ Xen XSA-287 ∗∗∗
---------------------------------------------
A single PV guest can leak arbitrary amounts of memory, leading to a denial of service.
A cooperating pair of PV and HVM/PVH guests can get a writable pagetable entry, leading to information disclosure or privilege escalation.
Privilege escalation attacks using only a single PV guest or a pair of PV guests have not been ruled out.
Note that both of these attacks require very precise timing, which may be difficult to exploit in practice.
---------------------------------------------
https://xenbits.xen.org/xsa/advisory-287.html
∗∗∗ Xen XSA-285 ∗∗∗
---------------------------------------------
Malicious PV guests can escalate their privilege to that of the hypervisor.
---------------------------------------------
https://xenbits.xen.org/xsa/advisory-285.html
∗∗∗ Xen XSA-284 ∗∗∗
---------------------------------------------
The primary impact is a memory leak. Malicious or buggy guests with passed through PCI devices may also be able to escalate their privileges, crash the host, or access data belonging to other guests.
---------------------------------------------
https://xenbits.xen.org/xsa/advisory-284.html
∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (nss), openSUSE (procps), Red Hat (redhat-virtualization-host, rhvm-appliance, and vdsm), SUSE (freerdp, kernel, and obs-service-tar_scm), and Ubuntu (openssh).
---------------------------------------------
https://lwn.net/Articles/781363/
∗∗∗ Security Advisory - FRP Bypass Vulnerability on Some Huawei Smartphones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190305-…
∗∗∗ IBM Security Bulletin: A vulnerability in Spice affects PowerKVM ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-sp…
∗∗∗ IBM Security Bulletin: A vulnerability in Polkit affects PowerKVM ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-po…
∗∗∗ IBM Security Bulletin: A vulnerability in Bind affects PowerKVM ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-bi…
∗∗∗ IBM Security Bulletin: Vulnerabiliies in systemd affect PowerKVM ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabiliies-in-sys…
∗∗∗ IBM Security Bulletin: A vulnerability in Perl affects PowerKVM ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-pe…
∗∗∗ IBM Security Bulletin: Cross-site scripting vulnerability in WebSphere Application Server Admin Console (CVE-2019-4030) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-cross-site-scripting-…
∗∗∗ IBM Security Bulletin: A vulnerability in keepalived affects PowerKVM ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ke…
∗∗∗ IBM Security Bulletin: Vulnerabilities in the Linux Kernel affect PowerKVM ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-th…
∗∗∗ IBM Security Bulletin: Vulnerabiliies in libmspack affect PowerKVM ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabiliies-in-lib…
∗∗∗ IBM Security Bulletin: A vulnerability in NetworkManager affects PowerKVM ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ne…
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 01-03-2019 18:00 − Montag 04-03-2019 18:00
Handler: Robert Waldner
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ The Overlooked Security Threat of Sign-In Kiosks ∗∗∗
---------------------------------------------
New research from IBM shows that several visitor management systems had a rash of vulnerabilities.
---------------------------------------------
https://www.wired.com/story/visitor-management-system-vulnerabilities
∗∗∗ Cisco-Router: Forscher melden Hinweise auf aktive Angriffe ∗∗∗
---------------------------------------------
Eine vergangene Woche gepatchte Sicherheitslücke in mehreren Cisco-Geräten scheint nun aktiv von Angreifern ausgenutzt zu werden. Nutzer sollten zügig handeln.
---------------------------------------------
http://heise.de/-4325072
=====================
= Vulnerabilities =
=====================
∗∗∗ Sicherheitslücke: Adobe veröffentlicht Sicherheitsupdate für Coldfusion ∗∗∗
---------------------------------------------
Adobe hat für die Coldfusion-Versionen 11, 2016 und 2018 ein wichtiges Sicherheitsupdate veröffentlicht. Anwender sollten es möglichst schnell installieren. Der Grund sind laufende Angriffe. (Adobe, Sicherheitslücke)
---------------------------------------------
https://www.golem.de/news/sicherheitsluecke-adobe-veroeffentlicht-sicherhei…
∗∗∗ Frist verstrichen: Google enthüllt ungepatchte Schwachstelle im macOS-Kernel ∗∗∗
---------------------------------------------
Apple hat einen Bug in XNU nach 90 Tagen nicht beseitigt, nun wurden Details veröffentlicht. Googles Project Zero stuft die Schwere der Lücke als "hoch" ein.
---------------------------------------------
http://heise.de/-4325636
∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (chromium, file, gdm, lib32-openssl-1.0, openssl-1.0, and pcre), Debian (advancecomp, ceph, jackson-databind, openssh, and openssl), Fedora (community-mysql, distcc, freerdp, gdm, gnome-boxes, libexif, openocd, pidgin-sipe, remmina, SDL, and xpdf), openSUSE (kernel-firmware and php5), Oracle (java-1.8.0-openjdk and java-11-openjdk), Slackware (infozip and python), and SUSE (caasp-container-manifests, changelog-generator-data-sles12sp3-velum,
---------------------------------------------
https://lwn.net/Articles/781243/
∗∗∗ Vuln: EMC RSA Authentication Manager CVE-2019-3711 Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
http://www.securityfocus.com/bid/107210
∗∗∗ IBM Security Bulletin: Potential WebSphere Application Server weakness in security affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2018-1996) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-websphere-a…
∗∗∗ IBM Security Bulletin: IBM InfoSphere Change Data Capture is affected by a jackson-core open source library vulnerability (CVE-2018-0125) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-infosphere-change…
∗∗∗ IBM Security Bulletin: InfoSphere Data Replication is affected by a Guava open source library vulnerability (CVE-2018-10237) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-infosphere-data-repli…
∗∗∗ IBM Security Bulletin: OpenSSL DSA signature algorithm security vulnerability affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2018-0734) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-openssl-dsa-signature…
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2018-3139, CVE-2018-3180) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit…
∗∗∗ IBM Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2018-1901) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-privilege-escalation-…
∗∗∗ IBM Security Bulletin: IBM InfoSphere Change Data Capture is affected by a Jackson 2.3.3 and 2.4.4 open source library vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-infosphere-change…
∗∗∗ IBM Security Bulletin: IBM Cloud Private middleware is vulnerable to attack from redirect calls ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-private-mid…
∗∗∗ IBM Security Bulletin: A Security Vulnerability affects IBM Cloud Private – CVE-2018-1938 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil…
∗∗∗ IBM Security Bulletin: A Security Vulnerability affects IBM Cloud Private – CVE-2018-1937 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabil…
∗∗∗ IBM Security Bulletin: IBM Cloud Kubernetes Service is affected by a privilege escalation vulnerability in runc ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-kubernetes-…
∗∗∗ HPESBHF03913 rev.1 - HPE OneSphere, Container Breakout ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_n…
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 28-02-2019 18:00 − Freitag 01-03-2019 18:00
Handler: Dimitri Robl
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ Netzwerkanalyse: Wireshark 3.0 nutzt Paketsniffer von Nmap ∗∗∗
---------------------------------------------
Die aktuelle Version 3.0 des Werkzeugs zur Netzwerkanalyse, Wireshark, nutzt unter Windows den proprietären Paketsniffer von Nmap. Das Projekt entfernt außerdem alte Abhängigkeiten und unterstützt einige 5G-Protokolle.
---------------------------------------------
https://www.golem.de/news/netzwerkanalyse-wireshark-3-0-nutzt-paketsniffer-…
∗∗∗ eBay-Phishing auf eBay-Seite ∗∗∗
---------------------------------------------
Betrügern ist es gelungen, eine gefälschte Login-Seite auf einem SSL-gesicherten eBay-Server abzulegen. Der Phishing-Versuch ist für Nutzer schwer erkennbar.
---------------------------------------------
http://heise.de/-4324266
∗∗∗ A Case Study in Wagging the Dog: Computer Takeover ∗∗∗
---------------------------------------------
Last month, Elad Shamir released a phenomenal, in depth post on abusing resource-based constrained delegation (RBCD) in Active Directory. One of the big points he discusses is that if the TrustedToAuthForDelegation UserAccountControl flag is not set, the S4U2self process will still work but the resulting TGS is not FORWARDABLE. This resulting service ticket will fail for traditional constrained delegation, but will still work in the S4U2proxy process for resource-based constrained delegation.
---------------------------------------------
https://posts.specterops.io/a-case-study-in-wagging-the-dog-computer-takeov…
∗∗∗ Finding Perpetrators behind DDoS Attacks ∗∗∗
---------------------------------------------
Reflective Amplification Denial-of-Service attacks continue to be a serious threat.We measured roughly 10,000 attacks per day in a post last year, and the numbers have not gone down since:In the first two months of 2019 our honeypot network already saw [...]
---------------------------------------------
https://sissden.eu/blog/finding-perpetrators-behind-ddos-attacks
=====================
= Vulnerabilities =
=====================
∗∗∗ PSI GridConnect Telecontrol ∗∗∗
---------------------------------------------
This advisory provides mitigation recommendations for a cross-site scripting vulnerability reported in PSI GridConnects Telecontrol compact DIN rail device.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-19-059-01
∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (bind9, file, ikiwiki, ldb, openssl1.0, php7.0, uw-imap, and wordpress), Fedora (ansible, file, flatpak, kernel, kernel-headers, and python-django), openSUSE (kernel and systemd), Scientific Linux (java-1.8.0-openjdk and java-11-openjdk), SUSE (openssl-1_1 and webkit2gtk3), and Ubuntu (libgd2).
---------------------------------------------
https://lwn.net/Articles/781083/
∗∗∗ IBM Security Bulletin: Information Disclosure Security Vulnerability Affects IBM Sterling B2B Integrator (CVE-2019-4063) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-information-disclosur…
∗∗∗ IBM Security Bulletin: Financial Transaction Manager for ACH Services is affected by a potential SQL Injection vulnerability (CVE-2019-4032) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction…
∗∗∗ IBM Security Bulletin: Multiple Cross-Site Scripting Vulnerabilities Affect IBM Sterling B2B Integrator (CVE-2019-4027, CVE-2019-4028, CVE-2019-4029) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-cross-site-s…
∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities affect IBM® Cloud Private – Node.js ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vul…
∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities in OpenSSL Affect IBM Sterling B2B Integrator (CVE-2018-0734, CVE-2018-5407) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vul…
∗∗∗ IBM Security Bulletin: IBM InfoSphere Governance Catalog is affected by an Improper Access Control vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-infosphere-govern…
∗∗∗ IBM Security Bulletin: IBM InfoSphere Governance Catalog is vulnerable to an Open Redirection vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-infosphere-govern…
∗∗∗ IBM Security Bulletin: IBM Security Identity Adapters affected by OpenSSL RSA Key vulnerability (CVE-2018-0737) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-identity…
∗∗∗ IBM Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to multiple security vulnerabilities for IBM Java SDK ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-has-announced-a-r…
∗∗∗ IBM Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to multiple security vulnerabilities for IBM WebSphere Liberty Server ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-has-announced-a-r…
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 27-02-2019 18:00 − Donnerstag 28-02-2019 18:00
Handler: Dimitri Robl
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ ENISA makes recommendations on EU-wide election cybersecurity ∗∗∗
---------------------------------------------
In the context of the upcoming elections for the European Parliament, today the EU Agency for Cybersecurity ENISA publishes an opinion paper on the cybersecurity of elections and provides concrete and forward-looking recommendations to improve the cybersecurity of electoral processes in the EU.
---------------------------------------------
https://www.enisa.europa.eu/news/enisa-news/enisa-makes-recommendations-on-…
∗∗∗ Schluss mit Krypto-Mining im Browser: Coinhive stellt Betrieb ein ∗∗∗
---------------------------------------------
Webseitenbesucher mehr oder minder freiwillig Kryptogeld schürfen lassen lohnt wohl nicht mehr: Der Krypto-Mining-Dienst Coinhive gibt auf.
---------------------------------------------
http://heise.de/-4322936
∗∗∗ Vorsicht beim Kauf von Konzertkarten über Facebook ∗∗∗
---------------------------------------------
Konsument/innen finden auf den Facebookseiten unterschiedlichster Konzerte und Events Ticket-Verkaufsangebote von Privatpersonen. Wer die Tickets kaufen möchte, tritt häufig in Kontakt mit Kriminellen, die Fake-Profile nutzen. Das Geld soll ins Ausland überwiesen werden, die Konzertkarten existieren nicht und die Nutzer/innenkonten der Betroffenen werden später für die gleiche Betrugsmasche missbraucht.
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-beim-kauf-von-konzertkarten…
∗∗∗ perfect-housekeeping.store und hauslinie.store sind Fake-Shops ∗∗∗
---------------------------------------------
Auf der Suche nach günstigen Haushaltsgeräten stoßen Sie womöglich auf perfect-housekeeping.store oder hauslinie.store. Kaffeemaschinen, Kühlschränke, Waschmaschinen und Co können dort deutlich günstiger als in anderen Shops erworben werden. Wir raten von einer Bestellung ab, denn die Ware kann ausschließlich vorab bezahlt werden. Geliefert wird jedoch nie!
---------------------------------------------
https://www.watchlist-internet.at/news/perfect-housekeepingstore-und-hausli…
=====================
= Vulnerabilities =
=====================
∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (gpac, qemu, and sox), openSUSE (libqt5-qtbase), Red Hat (java-1.8.0-openjdk and java-11-openjdk), SUSE (bluez), and Ubuntu (nss and openssl, openssl1.0).
---------------------------------------------
https://lwn.net/Articles/780960/
∗∗∗ ZDI-19-230: (0day) Advantech WebAccess Node tv_enua Stack-based Buffer Overflow Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-19-230/
∗∗∗ ZDI-19-229: (0day) Advantech WebAccess Node spchapi Stack-based Buffer Overflow Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-19-229/
∗∗∗ ZDI-19-228: (0day) Microsoft Visual Studio settings XML External Entity Processing Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-19-228/
∗∗∗ Security Advisory - FRP Bypass Vulnerability on Some Huawei Smartphones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190228-…
∗∗∗ IBM Security Bulletin: IBM Cloud Private is affected by an issue with runc used by Docker ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-private-is-…
∗∗∗ IBM Security Bulletin: Kernel Buffer Overflow in IBM Security Trusteer Rapport for MacOS (CVE-2018-1985) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-kernel-buffer-overflo…
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Dienstag 26-02-2019 18:00 − Mittwoch 27-02-2019 18:00
Handler: Dimitri Robl
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ Google Analytics and Angular in Magento Credit Card Stealing Scripts ∗∗∗
---------------------------------------------
Over the last few months, we’ve noticed several credit card-stealing scripts that use variations of the Google Analytics name to make them look less suspicious and evade detection by website owners. The malicious code is obfuscated and injected into legitimate JS files, such as skin/frontend/default/theme122k/js/jquery.jscrollpane.min.js, js/meigee/jquery.min.js, and js/varien/js.js. The obfuscated code loads another script from www.google-analytics[.]cm/analytics.js. Continue reading
---------------------------------------------
https://blog.sucuri.net/2019/02/google-analytics-and-angular-in-magento-cre…
∗∗∗ Top ten most popular docker images each contain at least 30 vulnerabilities ∗∗∗
---------------------------------------------
[...] The findings show that in every docker image we scanned, we found vulnerable versions of system libraries. The official Node.js image ships 580 vulnerable system libraries, followed by the others each of which ship at least 30 publicly known vulnerabilities.
---------------------------------------------
https://snyk.io/blog/top-ten-most-popular-docker-images-each-contain-at-lea…
∗∗∗ Thunderclap: Macs und PCs anfällig für bösartige Thunderbolt-Peripherie ∗∗∗
---------------------------------------------
Bestehende Schutzmechanismen reichen laut Sicherheitsforschern nicht aus, um Angriffe über USB-C-Peripherie abzuwehren.
---------------------------------------------
http://heise.de/-4321946
∗∗∗ Chrome Zero-Day Exploited to Harvest User Data via PDF Files ∗∗∗
---------------------------------------------
Exploit detection service EdgeSpot says it has spotted several PDF documents that exploit a zero-day vulnerability in Chrome to collect information on users who open the files through Google’s web browser. read more
---------------------------------------------
https://www.securityweek.com/chrome-zero-day-exploited-harvest-user-data-pd…
∗∗∗ Ärger mit vermeintlich kostenlosen Bestellungen! ∗∗∗
---------------------------------------------
Zahlreiche Konsument/innen beschweren sich über Online-Shops wie vermano.de, vimabel.de, deinschmuckladen.com oder lieblings-mensch.com bei uns. Diese werben mit kostenlosen Produkten, für die lediglich Versandkosten anfallen. Die Bestellungen können viel Ärger mit sich bringen. So sind die sie beispielsweise minderwertig, kommen nicht an, führen zu hohen Mahngebühren oder Rücktritte sind nicht möglich. Wir raten von Einkäufen ab.
---------------------------------------------
https://www.watchlist-internet.at/news/aerger-mit-vermeintlich-kostenlosen-…
=====================
= Vulnerabilities =
=====================
∗∗∗ Moxa IKS, EDS ∗∗∗
---------------------------------------------
This advisory includes mitigations for classic buffer overflow, cross-site request forgery, cross-site scripting, improper access controls, improper restriction of excessive authentication attempts, missing encryption of sensitive data, out-of-bounds read, unprotected storage of credentials, predictable from observable state, and uncontrolled resource consumption vulnerabilities reported in the Moxa IKS and EDS industrial switches.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01
∗∗∗ Cisco RV110W, RV130W, and RV215W Routers Management Interface Remote Command Execution Vulnerability ∗∗∗
---------------------------------------------
A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device.
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ Cisco Webex Meetings Desktop App and Cisco Webex Productivity Tools Update Service Command Injection Vulnerability ∗∗∗
---------------------------------------------
A vulnerability in the update service of Cisco Webex Meetings Desktop App and Cisco Webex Productivity Tools for Windows could allow an authenticated, local attacker to execute arbitrary commands as a privileged user.
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (elasticsearch and logstash), CentOS (java-1.8.0-openjdk, kernel, and polkit), Debian (chromium, exiv2, and phpmyadmin), Fedora (java-1.8.0-openjdk-aarch32 and mgetty), openSUSE (docker-runc, gvfs, qemu, systemd, and thunderbird), Oracle (java-1.8.0-openjdk, kernel, and polkit), Red Hat (polkit), Scientific Linux (java-1.8.0-openjdk, kernel, and polkit), Slackware (openssl), SUSE (amavisd-new, apache2, ceph, containerd, docker, docker-runc, [...]
---------------------------------------------
https://lwn.net/Articles/780859/
∗∗∗ IBM Security Bulletin: Vulnerability in the Linux kernel affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (CVE-2018-5391) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-the-…
∗∗∗ IBM Security Bulletin: Multiple Samba vulnerabilities affect IBM Spectrum Protect Plus (CVE-2018-1139, CVE-2018-1140, CVE-2018-10858, CVE-2018-10918, CVE-2018-10919) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-samba-vulner…
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Montag 25-02-2019 18:00 − Dienstag 26-02-2019 18:00
Handler: Dimitri Robl
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ Studie: Verwundbare Geräte in vier von zehn Heimnetzwerken ∗∗∗
---------------------------------------------
16 Millionen Heimnetzwerke wurden für eine Studie der Sicherheitsfirma Avast überprüft: In fast jedem zweiten Netzwerk wurden verwundbare Geräte gefunden. Viele Nutzer haben noch nie ihren Router aktualisiert.
---------------------------------------------
https://www.golem.de/news/studie-verwundbare-geraete-in-vier-von-zehn-heimn…
∗∗∗ BSI warnt vor IT-Geräten mit vorinstallierter Schadsoftware ∗∗∗
---------------------------------------------
Auf Tablets und Smartphones, die über Online-Plattformen auch in Deutschland gekauft werden können, kann sich vorinstallierte Schadsoftware befinden. Das hat das Bundesamt für Sicherheit in der Informationstechnik (BSI) zunächst an einem Tablet nachgewiesen. Das BSI warnt vor dem Einsatz dieses Geräts auf Grundlage von §7 des BSI-Gesetzes und rät allen Anwenderinnen und Anwendern zu besonderer Vorsicht. Im Zuge der Analyse sind zudem weitere Geräte [...]
---------------------------------------------
https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2019/Warnung_vor…
∗∗∗ Sicherheitsupdates: Nvidia schützt Grafikkartentreiber vor Angriffen ∗∗∗
---------------------------------------------
Aktualisierte Treiber für verschiedene Nvidia-Grafikkarten schließen mehrere Sicherheitslücken.
---------------------------------------------
http://heise.de/-4320123
=====================
= Vulnerabilities =
=====================
∗∗∗ OpenSSL Security Advisory [26 February 2019] ∗∗∗
---------------------------------------------
0-byte record padding oracle (CVE-2019-1559)
---------------------------------------------
https://www.openssl.org/news/secadv/20190226.txt
∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (bind, kibana, systemd, and thunderbird), Debian (elfutils and liblivemedia), Fedora (kernel, kernel-headers, kernel-tools, and SDL), openSUSE (dovecot23, firefox, kauth, python-Jinja2, python-numpy, and thunderbird), Red Hat (java-1.8.0-openjdk and kernel), SUSE (python, python-amqp, python-oslo.messaging, python-ovs, python-paramiko, python-psql2mysql, qemu, and supportutils), and Ubuntu (ghostscript, gnome-keyring, and ldb).
---------------------------------------------
https://lwn.net/Articles/780769/
∗∗∗ Vulnerability involving IBM Cloud Baseboard Management Controller (BMC) Firmware ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/vulnerability-involving-ibm-cloud-baseboard…
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities affect Intel® Manycore Platform Software Stack (Intel® MPSS) for Linux and Windows ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit…
∗∗∗ IBM Security Bulletin: IBM MQ Advanced CloudPaks are vulnerable to a denial of service attack within the Systemd package (CVE-2019-6454) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-advanced-cloud…
∗∗∗ IBM Security Bulletin: IBM Content Navigator uses a common key to encrypt certain user names and passwords ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-content-navigator…
∗∗∗ IBM Security Bulletin: Vulnerability in tcpdump affects AIX (CVE-2018-19519) Security Bulletin ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-tcpd…
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Oracle Java SE affect IBM Spectrum Protect Plus (CVE-2018-3136, CVE-2018-3139, CVE-2018-3149, CVE-2018-3169, CVE-2018-3180, CVE-2018-3183, CVE-2018-3214, CVE-2018-13785) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit…
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect Operations Center and Client Management Service (CVE-2018-3139, CVE-2018-3180) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit…
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect the IBM Spectrum Protect Server (CVE-2018-3139. CVE-2018-3180) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit…
∗∗∗ IBM Security Bulletin: Cross-Site Scripting vulnerabilities in IBM Spectrum Protect Operations Center (CVE-2018-1854, CVE-2018-1855) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-cross-site-scripting-…
∗∗∗ IBM Security Bulletin: Multiple Db2 vulnerabilities affect the IBM Spectrum Protect Server (CVE-2018-1685, CVE-2018-1710, CVE-2018-1711, CVE-2018-1780, CVE-2018-1781, CVE-2018-1799, CVE-2018-1802, CVE-2018-1834, CVE-2018-1857, CVE-2018-1897) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-db2-vulnerab…
∗∗∗ IBM Security Bulletin: Password disclosure via trace log in IBM Spectrum Protect Operations Center (CVE-2018-1769) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-password-disclosure-v…
∗∗∗ The BIG-IP APM system may log passwords in plaintext when the Debug log level is enabled ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K31757417
∗∗∗ BIG-IP TMM vulnerability CVE-2019-6594 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K91026261
∗∗∗ BIG-IP APM XSS vulnerability CVE-2019-6595 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K31424926
∗∗∗ TMM SSL profile vulnerability CVE-2019-6592 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K54167061
∗∗∗ BIG-IP APM web pages may be indexed by search engines ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K88126845
∗∗∗ TMM TLS virtual server vulnerability CVE-2019-6593 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K10065173
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 22-02-2019 18:00 − Montag 25-02-2019 18:00
Handler: Dimitri Robl
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ Sicherheitslücken: PDF-Signaturen fälschen leicht gemacht ∗∗∗
---------------------------------------------
Signaturen von PDF-Dateien sind offenbar nicht besonders sicher: Einem Forscherteam der Uni Bochum gelang es, die Signaturprüfung in nahezu allen PDF-Programmen auszutricksen.
---------------------------------------------
https://www.golem.de/news/sicherheitsluecken-pdf-signaturen-faelschen-leich…
∗∗∗ How to Use an Audit Log to Practice WordPress Forensics ∗∗∗
---------------------------------------------
User accountability, improved security & forensics, adhering to compliance and easy troubleshooting are just a few of the benefits of keeping an activity log on your WordPress site.
---------------------------------------------
https://www.htbridge.com/blog/benefits-activity-logs-wordpress-site.html
∗∗∗ Geldwäsche durch Bewerbung bei nebenverdienst-jobs.de ∗∗∗
---------------------------------------------
Über diverse Job-Plattformen und Inseratsseiten locken Kriminelle Konsument/innen auf nebenverdienst-jobs.de. Job-Suchenden werden hier monatliche Überweisungen für das Eröffnen und Zurverfügungstellen eines Bankkontos versprochen. Interessent/innen dürfen sich keinesfalls bewerben, denn es handelt sich um eine Methode der Geldwäsche, durch die sich Konsument/innen unter Umständen strafbar machen.
---------------------------------------------
https://www.watchlist-internet.at/news/geldwaesche-durch-bewerbung-bei-nebe…
∗∗∗ New browser attack lets hackers run bad code even after users leave a web page ∗∗∗
---------------------------------------------
MarioNet attack lets hackers create botnets from users browsers.
---------------------------------------------
https://www.zdnet.com/article/new-browser-attack-lets-hackers-run-bad-code-…
=====================
= Vulnerabilities =
=====================
∗∗∗ SSA-844562: Multiple Vulnerabilities in Licensing Software for WinCC OA ∗∗∗
---------------------------------------------
Multiple vulnerabilities have been identified in the WibuKey Digital Rights Management (DRM) solution, which affect WinCC OA. Siemens recommends users to apply the updates to WibuKey Digital Rights Management (DRM) provided by WIBU SYSTEMS AG.
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-844562.txt
∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (msmtp and python-mysql-connector), Debian (freedink-dfarc, rssh, sox, and waagent), Fedora (docker-latest, java-1.8.0-openjdk, koji, pagure, poppler, and spice), openSUSE (ansible, GraphicsMagick, mosquitto, pspp, spread-sheet-widget, and python-python-gnupg), Red Hat (chromium-browser), Slackware (file), SUSE (kernel, python-Django, qemu, and thunderbird), and Ubuntu (bind9).
---------------------------------------------
https://lwn.net/Articles/780692/
∗∗∗ SA-CORE-2019-003 Notice of increased risk and Additional exploit path - PSA-2019-02-22 ∗∗∗
---------------------------------------------
[...] This Public Service Announcement is a follow-up to SA-CORE-2019-003. This is not an announcement of a new vulnerability. If you have not updated your site as described in SA-CORE-2019-003 you should do that now. There are public exploits now available for this SA.
---------------------------------------------
https://www.drupal.org/psa-2019-02-22
∗∗∗ PHP: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-0166
∗∗∗ IBM Security Bulletin: BigFix deployments with internet-facing relays that are not configured as authenticating are prone to security threats (CVE-2019-4061) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-bigfix-deployments-wi…
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities affect IBM Cloud Object Storage SDK Java (Feb 2019) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit…
∗∗∗ IBM Security Bulletin: Financial Transaction Manager for Corporate Payment Services for Multi-Platform v2.1.1 is affected by a potential directory listing of internal product files vulnerability (CVE-2018-2026) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction…
∗∗∗ IBM Security Bulletin: Financial Transaction Manager for Corporate Payment Services for Multi-Platform v2.1.1 is affected by a potential SQL Injection vulnerability CVE-2018-1819 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction…
∗∗∗ IBM Security Bulletin: Financial Transaction Manager for Corporate Payment Services 2.1.1: Information Leakage in configuration listing (CVE-2018-1670) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction…
∗∗∗ IBM Security Bulletin: Vulnerability in Apache Tomcat affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( CVE-2018-11784) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-apac…
∗∗∗ IBM Security Bulletin: Vulnerability in OpenSLP affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( CVE-2017-17833) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-open…
∗∗∗ IBM Security Bulletin: Vulnerability in Service Assistant affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (CVE-2018-1775) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-serv…
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in the Linux kernel affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit…
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit…
∗∗∗ IBM Security Bulletin: Vulnerability in DHCP affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (CVE-2018-5732) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-dhcp…
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 21-02-2019 18:00 − Freitag 22-02-2019 18:00
Handler: Dimitri Robl
Co-Handler: Robert Waldner
=====================
= News =
=====================
∗∗∗ Statische Analyse von bösartigen Makros in Office-Dokumenten (am Beispiel der Schadsoftware Emotet) ∗∗∗
---------------------------------------------
Verdächtige Office-Dokumente können mit frei verfügbaren Werkzeugen auf Schadsoftware geprüft werden. Dieser Artikel gibt einen Einblick in die statische Analyse solcher Dokumente.
---------------------------------------------
https://www.dfn-cert.de/aktuell/malicious-macros-emotet.html
∗∗∗ Hackers Use Fake Google reCAPTCHA to Cloak Banking Malware ∗∗∗
---------------------------------------------
The most effective phishing and malware campaigns usually employ one of the following two age-old social engineering techniques: Impersonation These online phishing campaigns impersonate a popular brand or product through specially crafted emails, SMS, or social media networks. These campaigns employ various methods including email spoofing, fake or real employee names, and recognized branding to trick users into believing they are from a legitimate source.
---------------------------------------------
https://blog.sucuri.net/2019/02/hackers-use-fake-google-recaptcha-to-cloak-…
∗∗∗ VB2018 paper: The modality of mortality in domain names ∗∗∗
---------------------------------------------
Domains play a crucial role in most cyber attacks, from the very advanced to the very mundane. Today, we publish a VB2018 paper by Paul Vixie (Farsight Security) who undertook the first systematic study into the lifetimes of newly registered domains.
---------------------------------------------
https://www.virusbulletin.com:443/blog/2019/02/vb2018-paper-modality-mortal…
∗∗∗ The lazy person’s guide to cybersecurity: minimum effort for maximum protection ∗∗∗
---------------------------------------------
How can we help our less tech-savvy friends stay more secure online? By giving them a lazy persons guide to cybersecurity, we can offer maximum protection for minimal effort.Categories: 101How-tosTags: cybersecuritypassword managerpotentially unwanted programspush notificationstech support scamsuser awarenessuser education(Read more...)The post The lazy person’s guide to cybersecurity: minimum effort for maximum protection appeared first on Malwarebytes Labs.
---------------------------------------------
https://blog.malwarebytes.com/101/2019/02/the-lazy-persons-guide-to-cyberse…
=====================
= Vulnerabilities =
=====================
∗∗∗ Cr1ptT0r Ransomware Infects D-Link NAS Devices, Targets Embedded Systems ∗∗∗
---------------------------------------------
A new ransomware called Cr1ptT0r built for embedded systems targets network attached storage (NAS) equipment exposed to the internet to encrypt data available on it.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/cr1ptt0r-ransomware-infects-…
∗∗∗ Sicherheitsupdates: Lücken in Cisco HyperFlex machen Angreifer zum Root ∗∗∗
---------------------------------------------
Cisco hat wichtige Sicherheitsupdates für verschiedenen Produkte veröffentlicht. Keine der Lücken gilt als kritisch.
---------------------------------------------
http://heise.de/-4315921
∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Mageia (libreoffice, libtiff, spice, and spice-gtk), openSUSE (build, mosquitto, and nodejs6), Red Hat (firefox, flatpak, and systemd), Scientific Linux (firefox, flatpak, and systemd), SUSE (kernel-firmware and texlive), and Ubuntu (bind9 and ghostscript).
---------------------------------------------
https://lwn.net/Articles/780543/
∗∗∗ Internet Systems Consortium BIND: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Internet Systems Consortium BIND ausnutzen, um einen Denial of Service Angriff durchzuführen oder Informationen offenzulegen.
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-0161
∗∗∗ WinRAR: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit Benutzerrechten ∗∗∗
---------------------------------------------
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in WinRAR ausnutzen, um beliebigen Programmcode mit Benutzerrechten auszuführen.
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-0162
∗∗∗ Adobe Acrobat DC: Schwachstelle ermöglicht Offenlegung von Informationen ∗∗∗
---------------------------------------------
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Adobe Acrobat DC, Adobe Acrobat Reader DC, Adobe Acrobat und Adobe Reader ausnutzen, um Informationen offenzulegen.
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-0163
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Node.js and OpenSSL affect IBM Watson Assistant on IBM Cloud Private ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit…
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Watson Assistant on IBM Cloud Private ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilit…
∗∗∗ IBM Security Bulletin: IBM Cloud Transformation Advisor is affected by a vulnerability in WebSphere Application Server Liberty (CVE-2014-7810) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-transformat…
∗∗∗ IBM Security Bulletin: IBM Cloud Transformation Advisor is affected by a vulnerability in WebSphere Application Server Liberty (CVE-2018-1767) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-transformat…
∗∗∗ BIND vulnerability CVE-2018-5744 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K00040234
∗∗∗ BIND vulnerability CVE-2018-5745 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K25244852
∗∗∗ BIND vulnerability CVE-2019-6465 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K01713115
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 20-02-2019 18:00 − Donnerstag 21-02-2019 18:00
Handler: Dimitri Robl
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ Schadcode: 19 Jahre alte Sicherheitslücke in Winrar ∗∗∗
---------------------------------------------
Vorsicht beim Entpacken von ACE-Archiven: Sie können Dateien an beliebige Orte des Systems schreiben - und damit auch Code ausführen. Ein stabiles Update von Winrar wurde noch nicht veröffentlicht.
---------------------------------------------
https://www.golem.de/news/schadcode-19-jahre-alte-sicherheitsluecke-in-winr…
∗∗∗ The new developments Of the FBot ∗∗∗
---------------------------------------------
Background introductionBeginning on February 16, 2019, 360Netlab has discovered that a large number of HiSilicon DVR/NVR Soc devices have been exploited by attackers to load an updated Fbot botnet program. Fbot was originally discovered and disclosed by 360Netlab [1] , it has been active and is constantly being upgraded.
---------------------------------------------
https://blog.netlab.360.com/the-new-developments-of-the-fbot-en/
∗∗∗ Achtung bei angeblichen Anrufen von Apple ∗∗∗
---------------------------------------------
Kriminelle kontaktieren iPhone-Nutzer/innen und erklären, dass es bei Apple angeblich zu einer Datenpanne gekommen sei und ihre Apple-ID betroffen sei. Sie werden aufgefordert eine weitere Service-Nummer anzurufen, um das Problem zu beheben. Das tückische dahinter: Auf Ihrem Bildschirm scheint die Apple-Support-Nummer samt Logo auf. Brechen Sie das Gespräch ab oder gehen Sie nicht ran!
---------------------------------------------
https://www.watchlist-internet.at/news/achtung-bei-angeblichen-anrufen-von-…
∗∗∗ nordischesdesign.com ist unseriös ∗∗∗
---------------------------------------------
Der Online-Shop nordischesdesign.com bietet moderne Möbel, Lampen, Dekorationsartikel und Geschirr im nordischen Design. Wir raten von einer Bestellung ab, da nicht sicher ist, ob Sie die bestellte Ware erhalten. nordischesdesign.com hat kein Impressum und bietet Konsument/innen keine Kontaktmöglichkeit.
---------------------------------------------
https://www.watchlist-internet.at/news/nordischesdesigncom-ist-unserioes/
=====================
= Vulnerabilities =
=====================
∗∗∗ Security updates available for Adobe Acrobat and Reader (APSB19-13) ∗∗∗
---------------------------------------------
Adobe has published a security bulletin for Adobe Acrobat and Reader (APSB19-13). These updates address a reported bypass to the fix for CVE-2019-7089 first introduced in 2019.010.20091, 2017.011.30120 and 2015.006.30475 and released on February 12, 2019. Successful exploitation could lead to sensitive [...]
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1711
∗∗∗ Drupal core - Highly critical - Remote Code Execution - SA-CORE-2019-003 ∗∗∗
---------------------------------------------
Project: Drupal coreDate: 2019-February-20Security risk: Highly critical 20∕25 AC:None/A:None/CI:All/II:All/E:Theoretical/TD:UncommonVulnerability: Remote Code ExecutionCVE IDs: CVE-2019-6340Description: Some field types do not properly sanitize data from non-form sources. This can lead to arbitrary PHP code execution in some cases.
---------------------------------------------
https://www.drupal.org/sa-core-2019-003
∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (firefox, flatpak, and systemd), Fedora (createrepo_c, dnf, dnf-plugins-core, dnf-plugins-extras, docker, libcomps, libdnf, and runc), Mageia (giflib, irssi, kernel, kernel-linus, libexif, poppler, tcpreplay, and zziplib), and SUSE (php5, procps, and qemu).
---------------------------------------------
https://lwn.net/Articles/780454/
∗∗∗ Microsoft Internet Information Services (IIS): Schwachstelle ermöglicht Denial of Service ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-0159
∗∗∗ Linux kernel vulnerability CVE-2018-5953 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K94735334
∗∗∗ Linux kernel vulnerability CVE-2018-10883 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K94735334
∗∗∗ libcurl vulnerability CVE-2016-8618 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K10196624
∗∗∗ cURL and libcurl vulnerability CVE-2017-2628 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K35453761
∗∗∗ IBM Security Bulletin: Vulnerabilities CVE-2018-17199, CVE-2018-17189, and CVE-2019-0190 in the IBM i HTTP Server affect IBM i. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-cve-2…
∗∗∗ IBM Security Bulletin: Multiple security vulnerabilities in Node.js affect IBM Voice Gateway ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vul…
∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by a kernel vulnerability (CVE-2018-5391) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-a…
∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by krb5 vulnerabilities (CVE-2018-5730 and CVE-2018-5729) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-a…
∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by GnuTLS vulnerabilities (CVE-2018-10845 and CVE-2018-10844) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-a…
∗∗∗ IBM Security Bulletin: A vulnerability in IBM WebSphere Application Server affects IBM Spectrum Scale (CVE-2018-1901) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ib…
∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by a Mozilla Network Security Services (NSS) vulnerability (CVE-2018-12384) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-a…
∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by a UI message injection vulnerability (CVE-2018-1666) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-a…
∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by an unauthorized access vulnerability (CVE-2018-1668) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-a…
∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by a cross-site request forgery vulnerability (CVE-2018-1661) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-a…
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily