===================== = End-of-Day report = =====================
Timeframe: Mittwoch 27-11-2019 18:00 − Donnerstag 28-11-2019 18:00 Handler: Robert Waldner Co-Handler: n/a
===================== = News = =====================
∗∗∗ Video: Abo-Falle Streaming-Plattformen ∗∗∗ --------------------------------------------- Streaming-Plattformen werben mit einer kostenlosen Registrierung. Nach fünf Tagen verlangen sie von BenutzerInnen für einen Premium-Status 358,80 Euro, 359,88 Euro bzw. 395,88 Euro. Für die Bezahlung der Rechnung gibt es keinen Grund. --------------------------------------------- https://www.watchlist-internet.at/news/video-abo-falle-streaming-plattformen...
∗∗∗ Adobe discloses security breach impacting Magento Marketplace users ∗∗∗ --------------------------------------------- Security breach was detected last week and traced back to a vulnerability in the Magento Marketplace website. --------------------------------------------- https://www.zdnet.com/article/adobe-discloses-security-breach-impacting-mage...
===================== = Vulnerabilities = =====================
∗∗∗ BlackBerry Powered by Android Security Bulletin - November 2019 ∗∗∗ --------------------------------------------- BlackBerry has released a security update to address multiple vulnerabilities in BlackBerry powered by Android smartphones. We recommend users update to the latest available software build. --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNum...
∗∗∗ DSA-4577 haproxy - security update ∗∗∗ --------------------------------------------- Tim Düsterhus discovered that haproxy, a TCP/HTTP reverse proxy, didnot properly sanitize HTTP headers when converting from HTTP/2 toHTTP/1. This would allow a remote user to perform CRLF injections. --------------------------------------------- https://www.debian.org/security/2019/dsa-4577
∗∗∗ QNAP NAS: Hersteller fixt unter anderem kritische Schwachstelle in Photo Station ∗∗∗ --------------------------------------------- QTS-Updates beseitigen zahlreiche Angriffsmöglichkeiten aus der Ferne. --------------------------------------------- https://heise.de/-4598238
∗∗∗ Security updates for (US) Thanksgiving ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (haproxy and libvorbis), Fedora (mod_auth_mellon and xen), Oracle (389-ds-base, kernel, and tcpdump), SUSE (bsdtar, java-11-openjdk, java-1_7_0-openjdk, and libxml2), and Ubuntu (nss and python-psutil). --------------------------------------------- https://lwn.net/Articles/805777/
∗∗∗ WordPress Plugin "WP Spell Check" vulnerable to cross-site request forgery ∗∗∗ --------------------------------------------- https://jvn.jp/en/jp/JVN26838191/
∗∗∗ Security Bulletin: IBM Security QRadar Packet Capture is vulnerable to Using Components with Known Vulnerabilities ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-qradar-packet...