===================== = End-of-Day report = =====================
Timeframe: Donnerstag 07-03-2019 18:00 − Freitag 08-03-2019 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter
===================== = News = =====================
∗∗∗ Serious Security: When randomness isn’t – and why it matters ∗∗∗ --------------------------------------------- The password ji32k7au4a83 looks pretty random and feels as though it should be unique - read this article to find out why its neither! --------------------------------------------- https://nakedsecurity.sophos.com/2019/03/08/serious-security-when-randomness...
∗∗∗ Google warnt vor Zero-Day-Lücke in Windows 7 ∗∗∗ --------------------------------------------- Angreifer nutzten eine Kombination aus Lücken in Chrome und Windows 7, um Rechner mit Spionage-Software zu infizieren. Nur eine von beiden ist geschlossen. --------------------------------------------- http://heise.de/-4329796
∗∗∗ Jetzt updaten: Kritische Lücke in Apache Solr ∗∗∗ --------------------------------------------- Einige Versionen der Open-Source-Suchplattform Solr weisen ein mögliches Einfallstor für entfernte Angreifer auf. Updates sind verfügbar. --------------------------------------------- http://heise.de/-4329895
∗∗∗ From Fake Updates to Unwanted Redirects ∗∗∗ --------------------------------------------- At the end of February, we wrote about a massive wave of site infections that pushed fake browser updates. In the beginning of March, the attack evolved into redirecting site visitors to sketchy ad URLs. --------------------------------------------- http://labs.sucuri.net/?note=2019-03-08
∗∗∗ Smart unhackable car alarms open the doors of 3 million vehicles to hackers ∗∗∗ --------------------------------------------- The moment you call a product "unhackable" you are asking for trouble. --------------------------------------------- https://www.zdnet.com/article/smart-car-alarms-opened-the-doors-of-3-million...
===================== = Vulnerabilities = =====================
∗∗∗ Security Advisory 2019-02: Security Update for OTRS Framework ∗∗∗ --------------------------------------------- March 08, 2019 — Please read carefully and check if the version of your OTRS system is affected by this vulnerability. --------------------------------------------- https://community.otrs.com/security-advisory-2019-02-security-update-for-otr...
∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Fedora (php-typo3-phar-stream-wrapper2), Mageia (gnutls, nagios, openssl, and python-gnupg), openSUSE (apache2, ceph, chromium, openssh, and webkit2gtk3), and Ubuntu (nvidia-graphics-drivers-390). --------------------------------------------- https://lwn.net/Articles/782653/
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affects WebSphere Application Server January 2019 CPU that is bundled with IBM WebSphere Application Server Patterns ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabiliti...
∗∗∗ IBM Security Bulletin: Vulnerabilities identified in IBM® Java SDK affect WebSphere Service Registry and Repository and WebSphere Service Registry and Repository Studio (CVE-2018-12547 and CVE-2019-2426) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-identi...
∗∗∗ IBM Security Bulletin: FileNet CMIS (FNCMIS) leveraging Spring Framework is vulnerable to a denial of service caused by improper handling of range request by the ResourceHttpRequestHandler ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-filenet-cmis-fncmis-le...
∗∗∗ IBM Security Bulletin: Security Vulnerabilities affect IBM Cloud Private Vulnerability Advisor Kafka and Notification Dispatcher ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabiliti...
∗∗∗ IBM Security Bulletin: Security Vulnerabilities affect IBM Cloud Private MongoDB ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabiliti...
∗∗∗ IBM Security Bulletin: Security Vulnerabilities affect IBM Cloud Private Monitoring ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabiliti...
∗∗∗ IBM Security Bulletin: Security Vulnerabilities affect IBM Cloud Private Logging ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabiliti...
∗∗∗ IBM Security Bulletin: IBM MQ could allow a local user to inject code that could be executed with root privileges. (CVE-2018-1998) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-could-allow-a-l...
∗∗∗ IBM Security Bulletin: IBM MQ is vulnerable to a privilege escalation attack when using multiplexed channels (CVE-2018-1974) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-is-vulnerable-t...
∗∗∗ IBM Security Bulletin: Multiple buffer overflow vulnerabilities exist in IBM® Db2® leading to privilege escalation (CVE-2018-1922, CVE-2018-1923, CVE-2018-1978, CVE-2018-1980, CVE-2019-4015, CVE-2019-4016). ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-buffer-overfl...