[CERT-daily] Tageszusammenfassung - 11.04.2019

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 10-04-2019 18:00 − Donnerstag 11-04-2019 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Introducing the security configuration framework: A prioritized guide to hardening Windows 10 ∗∗∗
---------------------------------------------
The security configuration framework is designed to help simplify security configuration while still allowing enough flexibility to allow you to balance security, productivity, and user experience. We are defining discrete prescriptive Windows 10 security configurations (levels 5 through 1) to meet many of the common device scenarios we see today in the enterprise.
---------------------------------------------
https://www.microsoft.com/security/blog/2019/04/11/introducing-the-security-configuration-framework-a-prioritized-guide-to-hardening-windows-10/


∗∗∗ Selfie: reflections on TLS 1.3 with PSK ∗∗∗
---------------------------------------------
TLS 1.3 allows two parties to establish a shared session key from an out-of-band agreed Pre Shared Key (PSK). ... We identify a security vulnerability in this TLS 1.3 path, by showing a new reflection attack that we call ``Selfie. The Selfie attack breaks the mutual authentication. It leverages the fact that TLS does not mandate explicit authentication of the server and the client in every message.
---------------------------------------------
https://eprint.iacr.org/2019/347


∗∗∗ Amazon-Phishing-Mail im Umlauf ∗∗∗
---------------------------------------------
Kriminelle geben sich als amazon-Kundenservice aus und versuchen persönliche Daten abzugreifen. Angeblich arbeitet amazon derzeit daran, den Kundendatenschutz zu verbessern und bittet um die Überprüfung der persönlichen Kontodaten. Folgen Nutzer/innen den Anweisungen, übmittlen sie Betrüger/innen sämtliche Daten.
---------------------------------------------
https://www.watchlist-internet.at/news/amazon-phishing-mail-im-umlauf/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ VU#192371: Multiple VPN applications insecurely store session cookies ∗∗∗
---------------------------------------------
Virtual Private Networks(VPNs)are used to create a secure connection with another network over the internet. Multiple VPN applications store the authentication and/or session cookies insecurely in memory and/or log files. CWE-311:Missing Encryption of Sensitive Data The following products and versions store the cookie insecurely in log files: - Palo Alto Networks GlobalProtect prior to 4.1.0(CVE-2019-15373)- Pulse Secure Connect Secure prior to 8.1R14,8.2,8.3R6,and 9.0R2 The following products [...]
---------------------------------------------
https://kb.cert.org/vuls/id/192371


∗∗∗ Dragonblood: Angreifer können bei WPA3 unter Umständen WLAN-Passwörter knacken ∗∗∗
---------------------------------------------
Mehrere Sicherheitslücken in der WPA3-Personal-Anmeldung von WLANs erlauben es Angreifern unter bestimmten Umständen, den Traffic von Geräten abzuhören.
---------------------------------------------
http://heise.de/-4393108


∗∗∗ Juniper Networks fixt teils kritische Schwachstellen ∗∗∗
---------------------------------------------
Zahlreiche Netzwerkgeräte von Juniper sind anfällig für Remote-Angriffe. Der Hersteller hat Sicherheitshinweise und Updates veröffentlicht.
---------------------------------------------
http://heise.de/-4397797


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (apache, evolution, gnutls, and thunderbird), Debian (wpa), Gentoo (git), Mageia (dovecot, flash-player-plugin, gpac, gpsd, imagemagick, koji, libssh2, libvirt, mariadb, ming, mumble, ntp, python, python3, squirrelmail, and wget), openSUSE (apache2), Red Hat (httpd24-httpd and httpd24-mod_auth_mellon), SUSE (libqt5-qtbase, openldap2, tar, and xmltooling), and Ubuntu (ruby1.9.1, ruby2.0, ruby2.3, ruby2.5 and wpa).
---------------------------------------------
https://lwn.net/Articles/785676/


∗∗∗ WebKitGTK and WPE WebKit Security Advisory WSA-2019-0002 ∗∗∗
---------------------------------------------
https://webkitgtk.org/security/WSA-2019-0002.html


∗∗∗ IBM Security Bulletin: IBM API Connect’s Developer Portal(V5) is impacted by a critical local file Inclusion vulnerability (CVE-2019-4203) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connects-developer-portalv5-is-impacted-by-a-critical-local-file-inclusion-vulnerability-cve-2019-4203/


∗∗∗ IBM Security Bulletin: IBM Cloud Kubernetes Service is affected by a CNI security vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-kubernetes-service-is-affected-by-a-cni-security-vulnerability/


∗∗∗ IBM Security Bulletin: IBM API Connect’s Developer Portal(V5) is vulnerable to command injection (CVE-2019-4202) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connects-developer-portalv5-is-vulnerable-to-command-injection-cve-2019-4202/


∗∗∗ IBM Security Bulletin: Security vulnerability in FlexNet Publisher affects IBM Rational License Key Server ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerability-in-flexnet-publisher-affects-ibm-rational-license-key-server/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Financial Transaction Manager for Corporate Payment Services for Multi-Platform ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-financial-transaction-manager-for-corporate-payment-services-for-multi-platform/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Financial Transaction Manager for Check Services for Multi-Platform ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-financial-transaction-manager-for-check-services-for-multi-platform/


∗∗∗ IBM Security Bulletin: A security vulnerabiltiy has been addressed in IBM Cognos Analytics (CVE-2019-4178) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerabiltiy-has-been-addressed-in-ibm-cognos-analytics-cve-2019-4178/


∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by an OpenSSL vulnerability (CVE-2018-0734) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-affected-by-an-openssl-vulnerability-cve-2018-0734/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Process Designer used in IBM Business Automation Workflow, IBM Business Process Manager, and IBM WebSphere Lombardi Edition ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-process-designer-used-in-ibm-business-automation-workflow-ibm-business-process-manager-and-ibm-websphere-lombardi-editi/


∗∗∗ BIG-IP APM URL classification vulnerability CVE-2019-6610 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K42465020


∗∗∗ HPESBHF03912 rev.2 - Certain HPE Servers with a UEFI-based BIOS, Multiple Local Vulnerabilities ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03912en_us


∗∗∗ Apache Tomcat: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit den Rechten des Dienstes ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-0306


∗∗∗ Red Hat OpenShift: Mehrere Schwachstellen ermöglichen Umgehen von Sicherheitsvorkehrungen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-0305

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily