[CERT-daily] Tageszusammenfassung - 01.04.2019

Daily end-of-shift report team at cert.at
Mon Apr 1 18:20:54 CEST 2019 

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 29-03-2019 18:00 − Montag 01-04-2019 18:00
Handler:     Dimitri Robl
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Mira Ransomware Decryptor ∗∗∗
---------------------------------------------
We investigated some recent Ransomware called Mira (Trojan:W32/Ransomware.AN) in order to check if it's feasible to decrypt the encrypted files. Most often, decryption can be very challenging because of missing keys that are needed for decryption. However, in the case of Mira ransomware, it appends all information required to decrypt an encrypted file into the [...]
---------------------------------------------
https://labsblog.f-secure.com/2019/04/01/mira-ransomware-decryptor/


∗∗∗ Zero-Day-Lücke in Smart-Home-Router SR20 von TP-Link ∗∗∗
---------------------------------------------
Unter gewissen Umständen könnte ein Angreifer Schadcode mit Root-Rechten auf dem TP-Link-Router SR20 ausführen.
---------------------------------------------
http://heise.de/-4356942


∗∗∗ Sicherheitsupdates: Nagios XI für vielfältige Angriffe anfällig ∗∗∗
---------------------------------------------
Die Serverüberwachungssoftware Nagios IX ist über mehrere Sicherheitslücken attackierbar. Abgesicherte Ausgaben sind verfügbar.
---------------------------------------------
http://heise.de/-4357207


∗∗∗ Peculiar PHP Present In Popular Pipdig Power Pack (P3) Plugin ∗∗∗
---------------------------------------------
This week, our team was notified of suspicious code present in a plugin offered alongside themes sold by Pipdig, a UK-based web development team. The user, who wishes to remain anonymous, reached out to us with concerns that the plugin's developer can grant themselves administrative access to sites using the plugin, or even delete affected [...]
---------------------------------------------
https://www.wordfence.com/blog/2019/03/peculiar-php-present-in-popular-pipdig-power-pack-plugin/


∗∗∗ Hilfreiche Infos zu Finanzbetrug der Finanzmarktaufsicht ∗∗∗
---------------------------------------------
Bei Investments, die hohe Gewinne versprechen, ist Vorsicht geboten. Insbesondere im Bereich Bitcoins und Kryptowährungen kursieren zahlreiche betrügerische Angebote im Netz, bei denen Inverstor/innen ihr eingesetztes Geld verlieren. Die Finanzmarktaufsicht Österreich stellt mit ihrem Finanz ABC nun Hilfreiches rund um Finanzen, Geldanlagen sowie dem Erkennen von Finanzbetrug zur Verfügung.
---------------------------------------------
https://www.watchlist-internet.at/news/hilfreiche-infos-zu-finanzbetrug-der-finanzmarktaufsicht/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ CVE-2019-9193: Authenticated Arbitrary Command Execution on PostgreSQL 9.3 > Latest ∗∗∗
---------------------------------------------
PostgreSQL, commonly known as Postgres is one of the largest and most popular database systems in the world. It is the primary database of Mac OSX but also has Linux and Windows versions available.
---------------------------------------------
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2019-9193-authenticated-arbitrary-command-execution-on-postgresql-9-3/


∗∗∗ Pydio 8 Multiple Vulnerabilities ∗∗∗
---------------------------------------------
Multiple vulnerabilities were found in Pydio 8 (latest version 8.2.2), which allows an attacker with regular user access to the application and by tricking an administrator account to open a shared URL bookmark through the application, to obtain the victims session identifiers in order to impersonate him/her and to perform actions such as create a new user administrator account.
---------------------------------------------
https://www.secureauth.com/labs/advisories/pydio-8-multiple-vulnerabilities


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (chromium, drupal7, gpsd, libav, libdatetime-timezone-perl, php5, rails, thunderbird, twig, tzdata, and wordpress), Fedora (edk2, flatpak, fuse, ghostscript, gnutls, golang-googlecode-go-crypto, grub2, mxml, poppler, and systemd), Mageia (file, kernel, live, mplayer, vlc, openjpeg2, pdns, and poppler), openSUSE (containerd, docker, docker-runc, golang-github-docker-libnetwork, runc, kernel, ovmf, and ucode-intel), SUSE (adcli, sssd, GraphicsMagick, [...]
---------------------------------------------
https://lwn.net/Articles/784563/


∗∗∗ Vuln: Redhat Atomic OpenShift CVE-2019-3884 Spoofing Vulnerability ∗∗∗
---------------------------------------------
http://www.securityfocus.com/bid/107649


∗∗∗ Apple Mac OS: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-0243%20UPDATE%201


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM i ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-ibm-i/


∗∗∗ IBM Security Bulletin: Vulnerability CVE-2019-1559 in OpenSSL affects IBM i ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-cve-2019-1559-in-openssl-affects-ibm-i/


∗∗∗ IBM Security Bulletin: IBM Event Streams is affected by Go vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-event-streams-is-affected-by-go-vulnerabilities/


∗∗∗ IBM Security Bulletin: Vulnerability in IBM WebSphere Application Server Liberty affects IBM Watson Compare and Comply on IBM Cloud Private ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-ibm-websphere-application-server-liberty-affects-ibm-watson-compare-and-comply-on-ibm-cloud-private/


∗∗∗ IBM Security Bulletin: IBM InfoSphere Information Server is affected by an Information Disclosure vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-infosphere-information-server-is-affected-by-an-information-disclosure-vulnerability/


∗∗∗ IBM Security Bulletin: IBM InfoSphere Information Server is affected by an Improper Authentication vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-infosphere-information-server-is-affected-by-an-improper-authentication-vulnerability/


∗∗∗ IBM Security Bulletin: Vulnerabilities in IBM WebSphere Application Server Liberty affect IBM Spectrum Protect Snapshot for VMware (CVE-2014-7810, CVE-2018-8039) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-ibm-websphere-application-server-liberty-affect-ibm-spectrum-protect-snapshot-for-vmware-cve-2014-7810-cve-2018-8039/


∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities have been fixed in IBM Security Privileged Identity Manager Appliance. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vulnerabilities-have-been-fixed-in-ibm-security-privileged-identity-manager-appliance/


∗∗∗ IBM Security Bulletin: XML External Entity Injection Security Vulnerability Affects IBM Sterling B2B Integrator (CVE-2019-4043) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-xml-external-entity-injection-security-vulnerability-affects-ibm-sterling-b2b-integrator-cve-2019-4043/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

More information about the Daily mailing list