[CERT-daily] Tageszusammenfassung - 01.08.2019

Thu Aug 1 18:11:50 CEST 2019

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 31-07-2019 18:00 − Donnerstag 01-08-2019 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Brand-New SystemBC Proxy Malware Spotted Using SOCKS5 for Stealth ∗∗∗
---------------------------------------------
The proxy is being distributed by the RIG and Fallout exploit kits.
---------------------------------------------
https://threatpost.com/systembc-proxy-malware-socks5-stealth/146879/


∗∗∗ Unpatched Flaws in IoT Smart Deadbolt Open Homes to Danger ∗∗∗
---------------------------------------------
Researchers are warning that unpatched flaws found in the Hickory Smart Bluetooth Enabled Deadbolt allow an attacker with access to a victims phone to break into their houses.
---------------------------------------------
https://threatpost.com/unpatched-flaws-in-iot-smart-deadbolt-open-homes-to-danger/146871/


∗∗∗ Google Chrome: Sicherheitsupdate mit 43 Security-Fixes veröffentlicht ∗∗∗
---------------------------------------------
Google hat für die kürzlich erschienene Chrome-Version 76 ein Update veröffentlicht. Einige der gefixten Sicherheitslücken weisen den Schweregrad "High" auf.
---------------------------------------------
https://heise.de/-4485571


∗∗∗ No summer break for Magecart as web skimming intensifies ∗∗∗
---------------------------------------------
Despite the heat, criminals are hard at work stealing credit card data from unaware shoppers. July marks a notable increase in web skimmer attacks over previous months.
---------------------------------------------
https://blog.malwarebytes.com/web-threats/2019/08/no-summer-break-for-magecart-as-web-skimming-intensifies/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Apache Subversion svnserve vulnerabilities ∗∗∗
---------------------------------------------
The recent releases of Apache Subversion 1.12.2, 1.10.6, 1.9.12, contain fixes for two security issues, CVE-2018-11782 and CVE-2019-0203. These issues affect Subversion svnserve servers. We encourage server operators to upgrade to the latest appropriate version as soon as reasonable.
---------------------------------------------
https://seclists.org/oss-sec/2019/q3/105


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (httpd, libssh2, and qemu-kvm), Debian (glib2.0, squirrelmail, subversion, and wpa), Fedora (proftpd), Oracle (icedtea-web), Red Hat (icedtea-web), Scientific Linux (icedtea-web), SUSE (icedtea-web, java-1_7_0-openjdk, subversion, and zypper, libzypp and libsolv), and Ubuntu (linux-hwe, openjdk-lts, pango1.0, python-django, and subversion).
---------------------------------------------
https://lwn.net/Articles/795082/


∗∗∗ Cisco Nexus 9000 Series ACI Mode Switch Software Link Layer Discovery Protocol Buffer Overflow Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190731-nxos-bo


∗∗∗ IBM Security Bulletin: Remote Execution Vulnerability Affects Red Hat Linux Used By IBM WebSphere Application Server in IBM Cloud (CVE-2019-12735) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-remote-execution-vulnerability-affects-red-hat-linux-used-by-ibm-websphere-application-server-in-ibm-cloud-cve-2019-12735/


∗∗∗ IBM Security Bulletin: Vulnerability in IBM Java SDK (April 2019) affecting IBM Application Delivery Intelligence for IBM Z V5.1.0, V5.0.5, and V5.0.4 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-ibm-java-sdk-april-2019-affecting-ibm-application-delivery-intelligence-for-ibm-z-v5-1-0-v5-0-5-and-v5-0-4/


∗∗∗ IBM Security Bulletin: Information disclosure in WebSphere Application Server Admin Console in IBM Cloud (CVE-2019-4269) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-information-disclosure-in-websphere-application-server-admin-console-in-ibm-cloud-cve-2019-4269/


∗∗∗ IBM Security Bulletin: IBM Jazz for Service Management could allow an unauthorized local user to create unique catalog names that could cause a denial of service (CVE-2019-4275) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-jazz-for-service-management-could-allow-an-unauthorized-local-user-to-create-unique-catalog-names-that-could-cause-a-denial-of-service-cve-2019-4275/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect for Enterprise Resource Planning (CVE-2018-1890, CVE-2018-12547) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-spectrum-protect-for-enterprise-resource-planning-cve-2018-1890-cve-2018-12547/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect Snapshot on AIX and Linux (CVE-2018-1890, CVE-2018-12547) Security Bulletin ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-spectrum-protect-snapshot-on-aix-and-linux-cve-2018-1890-cve-2018-12547-security-bulletin/


∗∗∗ IBM Security Bulletin: Password disclosure via application trace affects IBM Spectrum Protect for Enterprise Resource Planning (CVE-2018-1987) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-password-disclosure-via-application-trace-affects-ibm-spectrum-protect-for-enterprise-resource-planning-cve-2018-1987/


∗∗∗ IBM Security Bulletin: Financial Transaction Manager for Corporate Payment Services for Multi-Platform v2.1.1 is affected by a potential cross-site scripting (XSS) vulnerability (CVE-2018-15494) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction-manager-for-corporate-payment-services-for-multi-platform-v2-1-1-is-affected-by-a-potential-cross-site-scripting-xss-vulnerability-cve-2018-15494/


∗∗∗ IBM Security Bulletin: Financial Transaction Manager for ACH Services is affected by a potential cross-site scripting (XSS) vulnerability (CVE-2018-15494) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction-manager-for-ach-services-is-affected-by-a-potential-cross-site-scripting-xss-vulnerability-cve-2018-15494/


∗∗∗ IcedTea-Web: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-0679


∗∗∗ Symantec Endpoint Protection: Schwachstelle ermöglicht Privilegieneskalation ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-0681

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily