[CERT-daily] Tageszusammenfassung - 26.08.2019

Mon Aug 26 18:27:27 CEST 2019

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 23-08-2019 18:00 − Montag 26-08-2019 18:00
Handler:     Dimitri Robl
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Phishing-Mail: Keine 1.957,05 Euro Rückzahlung vom Finanzministerium! ∗∗∗
---------------------------------------------
Kriminelle versenden betrügerische Phishing-Mails im Namen des Bundesministeriums für Finanzen (BMF), in denen sie Konsument/innen über eine angebliche Rückzahlung über 1957 Euro informieren. Empfänger/innen dürfen den Links in der Nachricht nicht folgen und keine Daten bekanntgeben. Sie landen in den Händen Krimineller und können für weitere Verbrechen missbraucht werden.
---------------------------------------------
https://www.watchlist-internet.at/news/phishing-mail-keine-195705-euro-rueckzahlung-vom-finanzministerium/


∗∗∗ Lenovo Crapware: Vorinstallierte Systemsoftware macht Laptops angreifbar ∗∗∗
---------------------------------------------
Wer noch das Lenovo Solution Center auf seinem System hat, sollte es schnellstmöglich deinstallieren.
---------------------------------------------
https://heise.de/-4505088


∗∗∗ Jetzt patchen! Exploit-Code für Cisco-Switches in Umlauf ∗∗∗
---------------------------------------------
Es könnten Angriffe auf Switches von Cisco bevorstehen. Sicherheitsupdates gibt es bereits seit Anfang August.
---------------------------------------------
https://heise.de/-4505182


∗∗∗ Attackers are targeting vulnerable Fortigate and Pulse Secure SSL VPNs ∗∗∗
---------------------------------------------
Attackers are taking advantage of recently released vulnerability details and PoC exploit code to extract private keys and user passwords from vulnerable Pulse Connect Secure SSL VPN and Fortigate SSL VPN installations. About the vulnerabilities Attackers have been scanning for and targeting two vulnerabilities: CVE-2019-11510, an arbitrary file reading vulnerability in Pulse Connect Secure CVE-2018-13379, a path traversal flaw in the FortiOS SSL VPN web portal.
---------------------------------------------
https://www.helpnetsecurity.com/2019/08/26/vulnerable-fortigate-pulse-secure-ssl-vpn/


∗∗∗ Malicious WordPress Redirect Campaign Attacking Several Plugins ∗∗∗
---------------------------------------------
Over the past few weeks, our Threat Intelligence team has been tracking an active attack campaign targeting a selection of new and old WordPress plugin vulnerabilities. These attacks seek to maliciously redirect traffic from victims’ sites to a number of potentially harmful locations.
---------------------------------------------
https://www.wordfence.com/blog/2019/08/malicious-wordpress-redirect-campaign-attacking-several-plugins/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (firefox, libreoffice-still, nginx, nginx-mainline, and subversion), Debian (commons-beanutils, h2o, libapache2-mod-auth-openidc, libmspack, qemu, squid, and tiff), Fedora (kubernetes, libmodbus, nfdump, and nodejs), openSUSE (dkgpg, libTMCG, go1.12, neovim, python, qbittorrent, schismtracker, teeworlds, thunderbird, and zstd), and SUSE (go1.11, go1.12, python-SQLAlchemy, and python-Twisted).
---------------------------------------------
https://lwn.net/Articles/797286/


∗∗∗ IBM Security Bulletin: IBM Db2 Mirror for i is affected by CVE-2019-4536 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-db2-mirror-for-i-is-affected-by-cve-2019-4536/


∗∗∗ IBM Security Bulletin: IBM Cloud Automation Manager is affected by a forbidden resouce redirect for bad API path CVE-2019-4132 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-automation-manager-is-affected-by-a-forbidden-resouce-redirect-for-bad-api-path-cve-2019-4132/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect ITCAM for SOA ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-itcam-for-soa-5/


∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect WebSphere Application Server July 2019 CPU ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-websphere-application-server-july-2019-cpu/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily