===================== = End-of-Day report = =====================
Timeframe: Mittwoch 24-07-2019 18:00 − Donnerstag 25-07-2019 18:00 Handler: Robert Waldner Co-Handler: n/a
===================== = News = =====================
∗∗∗ BlueKeep, mal wieder ∗∗∗ --------------------------------------------- Das "Schöne" an der IT ist, dass uns manche Themen längerfristig begleiten. So auch die Schwachstelle mit der CVE-Nummer 2019-0708, besser bekannt unter dem Namen "BlueKeep". Wir haben davor gewarnt und darüber gebloggt - und Letzteres muss leider wieder sein. --------------------------------------------- http://www.cert.at/services/blog/20190725104348-2524.html
∗∗∗ When Users Attack! Users (and Admins) Thwarting Security Controls, (Thu, Jul 25th) ∗∗∗ --------------------------------------------- Today, I'd like to discuss a few of the Critical Controls, and how I see real people abusing or circumventing them in real companies. (Sorry, no code in todays story, but we do have some GPOs ) --------------------------------------------- https://isc.sans.edu/diary/rss/25170
∗∗∗ Verordnung über qualifizierte Stellen – QuaSteV ∗∗∗ --------------------------------------------- Mit dieser Verordnung werden jene Erfordernisse, die qualifizierte Stellen erfüllen müssen, um Betreiber wesentlicher Dienste im Hinblick auf die von ihnen betriebenen wesentlichen Dienste gemäß § 17 Abs. 3 NISG überprüfen zu können, sowie das Verfahren zur Feststellung qualifizierter Stellen festgelegt. --------------------------------------------- https://www.ris.bka.gv.at/Dokumente/BgblAuth/BGBLA_2019_II_226/BGBLA_2019_II...
∗∗∗ Cook: security things in Linux v5.2 ∗∗∗ --------------------------------------------- Over on his blog, Kees Cook runs through the security changes that came in Linux 5.2. --------------------------------------------- https://lwn.net/Articles/794145/
∗∗∗ Hundewelpen aus Kamerun auf Facebook? Nicht kaufen! ∗∗∗ --------------------------------------------- Immer wieder wenden sich verzweifelte Konsument/innen an uns, die im Internet Hundewelpen kaufen wollten. Egal ob auf Facebook oder auf Kleinanzeigenplattformen gilt: Soll Geld nach Kamerun oder andere weit entfernte Länder überwiesen werden, handelt es sich höchstwahrscheinlich um ein betrügerisches Angebot! Die Tiere gibt es nicht und das Geld ist verloren. --------------------------------------------- https://www.watchlist-internet.at/news/hundewelpen-aus-kamerun-auf-facebook-...
===================== = Vulnerabilities = =====================
∗∗∗ Vuln: Ansible CVE-2019-10206 Remote Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- Successfully exploiting this issue may allow an attacker to obtain sensitive information that may aid in further attacks. --------------------------------------------- http://www.securityfocus.com/bid/109361
∗∗∗ FreeBSD: Bhyve out-of-bounds read in XHCI device ∗∗∗ --------------------------------------------- A misbehaving bhyve guest could crash the system or access memory that it should not be able to. --------------------------------------------- https://www.freebsd.org/security/advisories/FreeBSD-SA-19:16.bhyve.asc
∗∗∗ Exim: security release for CVE-2019-13917 ∗∗∗ --------------------------------------------- A local or remote attacker can execute programs with root privileges - if youve an unusual configuration. Mitigation: Do not use ${sort } in your configuration. Fixed in: Exim 4.92.1. --------------------------------------------- http://exim.org/static/doc/security/CVE-2019-13917.txt
∗∗∗ Micro Focus ArcSight Logger CVE-2019-3485 HTML Injection Vulnerability ∗∗∗ --------------------------------------------- Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible. --------------------------------------------- https://www.securityfocus.com/bid/109363/discuss
∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (java-1.7.0-openjdk, java-1.8.0-openjdk, and java-11-openjdk), Debian (exim4), Fedora (java-latest-openjdk), openSUSE (libsass, tomcat, and ucode-intel), Oracle (java-1.7.0-openjdk and thunderbird), SUSE (OpenEXR, spamassassin, and thunderbird), and Ubuntu (ansible and patch). --------------------------------------------- https://lwn.net/Articles/794623/
∗∗∗ IBM Security Bulletin: IBM Cloud Kubernetes Service is impacted by a security vulnerability in Project Calico ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-kubernetes-s...
∗∗∗ IBM Security Bulletin: IBM Network Performance Insight (CVE-2019-10241, CVE-2019-10247) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-network-performanc...
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Content Classification ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabiliti...
∗∗∗ IBM Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise (CVE-2018-1719) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabili...