===================== = End-of-Day report = =====================
Timeframe: Mittwoch 31-07-2019 18:00 − Donnerstag 01-08-2019 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter
===================== = News = =====================
∗∗∗ Brand-New SystemBC Proxy Malware Spotted Using SOCKS5 for Stealth ∗∗∗ --------------------------------------------- The proxy is being distributed by the RIG and Fallout exploit kits. --------------------------------------------- https://threatpost.com/systembc-proxy-malware-socks5-stealth/146879/
∗∗∗ Unpatched Flaws in IoT Smart Deadbolt Open Homes to Danger ∗∗∗ --------------------------------------------- Researchers are warning that unpatched flaws found in the Hickory Smart Bluetooth Enabled Deadbolt allow an attacker with access to a victims phone to break into their houses. --------------------------------------------- https://threatpost.com/unpatched-flaws-in-iot-smart-deadbolt-open-homes-to-d...
∗∗∗ Google Chrome: Sicherheitsupdate mit 43 Security-Fixes veröffentlicht ∗∗∗ --------------------------------------------- Google hat für die kürzlich erschienene Chrome-Version 76 ein Update veröffentlicht. Einige der gefixten Sicherheitslücken weisen den Schweregrad "High" auf. --------------------------------------------- https://heise.de/-4485571
∗∗∗ No summer break for Magecart as web skimming intensifies ∗∗∗ --------------------------------------------- Despite the heat, criminals are hard at work stealing credit card data from unaware shoppers. July marks a notable increase in web skimmer attacks over previous months. --------------------------------------------- https://blog.malwarebytes.com/web-threats/2019/08/no-summer-break-for-mageca...
===================== = Vulnerabilities = =====================
∗∗∗ Apache Subversion svnserve vulnerabilities ∗∗∗ --------------------------------------------- The recent releases of Apache Subversion 1.12.2, 1.10.6, 1.9.12, contain fixes for two security issues, CVE-2018-11782 and CVE-2019-0203. These issues affect Subversion svnserve servers. We encourage server operators to upgrade to the latest appropriate version as soon as reasonable. --------------------------------------------- https://seclists.org/oss-sec/2019/q3/105
∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (httpd, libssh2, and qemu-kvm), Debian (glib2.0, squirrelmail, subversion, and wpa), Fedora (proftpd), Oracle (icedtea-web), Red Hat (icedtea-web), Scientific Linux (icedtea-web), SUSE (icedtea-web, java-1_7_0-openjdk, subversion, and zypper, libzypp and libsolv), and Ubuntu (linux-hwe, openjdk-lts, pango1.0, python-django, and subversion). --------------------------------------------- https://lwn.net/Articles/795082/
∗∗∗ Cisco Nexus 9000 Series ACI Mode Switch Software Link Layer Discovery Protocol Buffer Overflow Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-...
∗∗∗ IBM Security Bulletin: Remote Execution Vulnerability Affects Red Hat Linux Used By IBM WebSphere Application Server in IBM Cloud (CVE-2019-12735) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-remote-execution-vulne...
∗∗∗ IBM Security Bulletin: Vulnerability in IBM Java SDK (April 2019) affecting IBM Application Delivery Intelligence for IBM Z V5.1.0, V5.0.5, and V5.0.4 ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-ibm-j...
∗∗∗ IBM Security Bulletin: Information disclosure in WebSphere Application Server Admin Console in IBM Cloud (CVE-2019-4269) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-information-disclosure...
∗∗∗ IBM Security Bulletin: IBM Jazz for Service Management could allow an unauthorized local user to create unique catalog names that could cause a denial of service (CVE-2019-4275) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-jazz-for-service-m...
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect for Enterprise Resource Planning (CVE-2018-1890, CVE-2018-12547) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabiliti...
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect Snapshot on AIX and Linux (CVE-2018-1890, CVE-2018-12547) Security Bulletin ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabiliti...
∗∗∗ IBM Security Bulletin: Password disclosure via application trace affects IBM Spectrum Protect for Enterprise Resource Planning (CVE-2018-1987) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-password-disclosure-vi...
∗∗∗ IBM Security Bulletin: Financial Transaction Manager for Corporate Payment Services for Multi-Platform v2.1.1 is affected by a potential cross-site scripting (XSS) vulnerability (CVE-2018-15494) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction-...
∗∗∗ IBM Security Bulletin: Financial Transaction Manager for ACH Services is affected by a potential cross-site scripting (XSS) vulnerability (CVE-2018-15494) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction-...
∗∗∗ IcedTea-Web: Mehrere Schwachstellen ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0679
∗∗∗ Symantec Endpoint Protection: Schwachstelle ermöglicht Privilegieneskalation ∗∗∗ --------------------------------------------- http://www.cert-bund.de/advisoryshort/CB-K19-0681