[CERT-daily] Tageszusammenfassung - 17.04.2019
Daily end-of-shift report
team at cert.at
Wed Apr 17 18:08:24 CEST 2019
=====================
= End-of-Day report =
=====================
Timeframe: Dienstag 16-04-2019 18:00 − Mittwoch 17-04-2019 18:00
Handler: Robert Waldner
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ New Microsoft Edge to Warn Users When in Administrator Mode ∗∗∗
---------------------------------------------
The upcoming Chromium-based Microsoft Edge browser will warn users when they launch the browser with administrative privileges and suggest that they relaunch the browser as a non-administrator.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-microsoft-edge-to-warn-users-when-in-administrator-mode/
∗∗∗ Subdomain Takeover: Microsoft verliert Kontrolle über Windows-Kacheln ∗∗∗
---------------------------------------------
Mit einem Service von Microsoft konnten Webseiten Neuigkeiten auf Windows-Kacheln als sogenannte Windows Live Tiles darstellen. Den Service gibt es nicht mehr, die zugehörige Subdomain konnten wir übernehmen und eigene Kachelinhalte anzeigen.
---------------------------------------------
https://www.golem.de/news/subdomain-takeover-microsoft-verliert-kontrolle-ueber-windows-kacheln-1904-140709-rss.html
∗∗∗ Angriffe auf Confluence - Patch-Stand checken ∗∗∗
---------------------------------------------
Das DFN-CERT warnt vor verstärkten Angriffen auf den Collaboration-Service Confluence. Die nutzen Lücken aus, für die es bereits Patches gibt
---------------------------------------------
https://heise.de/-4401658
∗∗∗ A third-party patch for Microsoft’s Internet Explorer zero-day vulnerability ∗∗∗
---------------------------------------------
Don’t want to wait for Microsoft to fix the problem in how Internet Explorer handles .MHT files? Other security researchers come to the rescue.
---------------------------------------------
https://www.grahamcluley.com/third-party-patch-internet-explorer/
∗∗∗ Betrügerische Job-Angebote führen zu Identitätsdiebstahl und Geldwäsche! ∗∗∗
---------------------------------------------
Immer wieder stoßen Konsument/innen auf verlockende Job-Angebote bei vermeintlichen Marktforschungsinstituten. Als solches stellte sich auch webspection.de dar. Für die Teilnahme an der ersten Umfrage – ein angeblicher Test des Video-Ident-Verfahrens IDnow – mussten Interessent/innen Ausweise und Dokumente an die kriminellen Betreiber/innen weiterleiten. Die Folge: Betrüger/innen verfügen über ein Konto im Namen der Betroffenen und nutzen dieses zur
---------------------------------------------
https://www.watchlist-internet.at/news/betruegerische-job-angebote-fuehren-zu-identitaetsdiebstahl-und-geldwaesche/
=====================
= Vulnerabilities =
=====================
∗∗∗ Evernote Fixes Remote Code Execution Vulnerability in macOS App ∗∗∗
---------------------------------------------
A local file path traversal vulnerability which allows attackers to run arbitrary code on their targets Macs remotely was fixed by Evernote after receiving a report from security researcher Dhiraj Mishra.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/evernote-fixes-remote-code-execution-vulnerability-in-macos-app/
∗∗∗ Sicherheitslücke: EA Origin führte Schadcode per Link aus ∗∗∗
---------------------------------------------
Ein Klick auf den falschen Link konnte genügen: Die Spieleplattform EA Origin führte über präparierte Links beliebige Software oder Schadcode aus. Auch die Konten der Spieler konnten auf diese Weise übernommen werden. (Origin, Phishing)
---------------------------------------------
https://www.golem.de/news/sicherheitsluecke-ea-origin-fuehrte-schadcode-per-link-aus-1904-140738-rss.html
∗∗∗ Delta Industrial Automation CNCSoft ∗∗∗
---------------------------------------------
This advisory includes mitigations for heap-based buffer overflow, out-of-bounds read, and stack-based buffer overflow vulnerabilities reported in Delta Electronics Delta Industrial Automation CNCSoft ScreenEditor software.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-19-106-01
∗∗∗ Oracle Critical Patch Update Advisory - April 2019 ∗∗∗
---------------------------------------------
Java, MySQL, Solairs, VirtualBox uvam.
---------------------------------------------
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
∗∗∗ Security Advisory - Information Disclosure Vulnerability on Smartphones ∗∗∗
---------------------------------------------
There is an information disclosure vulnerability on certain Huawei smartphones. An attacker could view the photos after a series of operation without unlock the screen lock. Successful exploit could cause an information disclosure condition.
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190417-01-smartphone-en
∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (mod_auth_mellon), Debian (ghostscript and ruby2.3), openSUSE (dovecot22, gnuplot, and openwsman), Scientific Linux (mod_auth_mellon), SUSE (krb5, openexr, python3, and wget), and Ubuntu (firefox and openjdk-lts).
---------------------------------------------
https://lwn.net/Articles/786157/
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX Security Bulletin ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-aix-security-bulletin-3/
∗∗∗ IBM Security Bulletin: Vulnerability in OpenSSL affects AIX (CVE-2019-1559) Security Bulletin ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-openssl-affects-aix-cve-2019-1559-security-bulletin/
∗∗∗ IBM Security Bulletin: IBM MQ and IBM MQ Appliance are vulnerable to a denial of service attack within the TLS key renegotiation functions (CVE-2019-4055) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-and-ibm-mq-appliance-are-vulnerable-to-a-denial-of-service-attack-within-the-tls-key-renegotiation-functions-cve-2019-4055/
∗∗∗ IBM Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by vulnerability in OpenSSL (CVE-2018-0737) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-bladecenter-advanced-management-module-amm-is-affected-by-vulnerability-in-openssl-cve-2018-0737/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list