[CERT-daily] Tageszusammenfassung - 15.04.2019

Daily end-of-shift report team at cert.at
Mon Apr 15 18:08:33 CEST 2019 

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 12-04-2019 18:00 − Montag 15-04-2019 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Hackers could read non-corporate Outlook.com, Hotmail for six months ∗∗∗
---------------------------------------------
Hackers and Microsoft seem to disagree on key details of the hack.
---------------------------------------------
https://arstechnica.com/?p=1491071


∗∗∗ Sicherheitslücken und mangelnder Datenschutz: Microsoft patzt bei Office 365 ∗∗∗
---------------------------------------------
Viele Unternehmen sind bereits auf Office 365 umgestiegen. Doch Microsoft schlampt beim Datenschutz und hält sich nicht an Sicherheitsstandards.
---------------------------------------------
http://heise.de/-4398584


∗∗∗ Vulnerability Spotlight: Multiple vulnerabilities in Shimo VPNs helper tool ∗∗∗
---------------------------------------------
Discovered by Tyler Bohan of Cisco Talos.OverviewCisco Talos is disclosing a series of vulnerabilities found in the Shimo VPN Helper Tool. Shimo VPN is a popular VPN client for MacOS that can be used to connect multiple VPN accounts to one application. These specific vulnerabilities were found in the "helper tool", a feature that Shimo VPN uses to accomplish some of its privileged work.These vulnerabilities are being released without a patch, per our disclosure policy, after [...]
---------------------------------------------
https://blog.talosintelligence.com/2019/04/vulnerability-spotlight-multiple.html


∗∗∗ Tic Toc Pwned ∗∗∗
---------------------------------------------
We were recently tipped off that the Australian Tic Toc Track watch was almost undoubtedly just a version of the Gator kids GPS tracking watch. That's the tracker watch which leaked real time kids position data to anyone, it also allowed anyone to silently listen to children through the watch. Creepy! It all started with [...]
---------------------------------------------
https://www.pentestpartners.com/security-blog/tic-toc-pwned/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (graphicsmagick, jasper, and libssh2), Fedora (kernel, kernel-headers, kernel-tools, nodejs-simple-markdown, and php), openSUSE (netpbm and xen), and SUSE (audiofile, firefox, java-1_7_0-openjdk, libvirt, openssh, and systemd).
---------------------------------------------
https://lwn.net/Articles/786031/


∗∗∗ Security Advisory - Digital Signature Verification Bypass Vulnerability in Some Huawei Routers ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190320-01-ar-en


∗∗∗ IBM Security Bulletin: Vulnerability CVE-2019-3880 in Samba affects IBM i ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-cve-2019-3880-in-samba-affects-ibm-i/


∗∗∗ IBM Security Bulletin: Security vulnerabilities in IBM SDK for Node.js might affect the configuration editor used by IBM Business Automation Workflow and IBM Business Process Manager (BPM) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilities-in-ibm-sdk-for-node-js-might-affect-the-configuration-editor-used-by-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm/


∗∗∗ IBM Security Bulletin: A vulnerability in IBM WebSphere Application Server affects IBM Spectrum Scale packaged in IBM Elastic Storage Server (CVE-2018-10237) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ibm-websphere-application-server-affects-ibm-spectrum-scale-packaged-in-ibm-elastic-storage-server-cve-2018-10237/


∗∗∗ IBM Security Bulletin: IBM Algo Credit Manager Is Affected by a Denial of Service Vulnerability in WebSphere Liberty ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-algo-credit-manager-is-affected-by-a-denial-of-service-vulnerability-in-websphere-liberty/


∗∗∗ IBM Security Bulletin: A vulnerability in IBM Java SDK affects IBM Spectrum Scale packaged in IBM Elastic Storage Server (CVE-2018-3180) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ibm-java-sdk-affects-ibm-spectrum-scale-packaged-in-ibm-elastic-storage-server-cve-2018-3180/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

More information about the Daily mailing list