[CERT-daily] Tageszusammenfassung - 12.02.2019

Tue Feb 12 18:09:26 CET 2019

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 11-02-2019 18:00 − Dienstag 12-02-2019 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ New Offensive USB Cable Allows Remote Attacks over WiFi ∗∗∗
---------------------------------------------
Like a scene from a James Bond or Mission Impossible movie, a new offensive USB cable plugged into a computer could allow attackers to execute commands over WiFi as if they were using the computers keyboard.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-offensive-usb-cable-allows-remote-attacks-over-wifi/


∗∗∗ Runc: Sicherheitslücke ermöglicht Übernahme von Container-Host ∗∗∗
---------------------------------------------
Eine Sicherheitslücke ermöglicht es, dass Software aus einem Container ausbricht. Die Ausführungsumgebung Runc, mit der Container gestartet werden, kann überschrieben und so der Host übernommen werden. Docker und viele andere Lösungen sind verwundbar.
---------------------------------------------
https://www.golem.de/news/runc-sicherheitsluecke-ermoeglicht-uebernahme-von-container-host-1902-139332-rss.html


∗∗∗ Prozessor-Sicherheit: Intels sichere Software-Enklave SGX wurde geknackt ∗∗∗
---------------------------------------------
Die Forscher hinter Meltdown und Spectre können Intel Software Guard Extensions missbrauchen, um Schadcode vor dem Administrator des Systems zu verstecken.
---------------------------------------------
http://heise.de/-4306965


∗∗∗ Presseaussendung: Watchlist Internet warnt vor Identitätsdiebstahl mit Ausweiskopien ∗∗∗
---------------------------------------------
Die Watchlist Internet (www.watchlist-internet.at), Österreichs zentrale Informationsplattform zu Internet-Betrug und Online-Fallen, warnt vor vermehrtem Betrug mit Ausweiskopien. Kriminelle nutzen diesen Identitätsdiebstahl immer häufiger, um Straftaten in fremdem Namen zu begehen. Die Watchlist erklärt, wie Konsumenten dennoch Ausweiskopien bei seriösen Geschäften versenden können, ohne Betrügern in die Falle zu gehen.
---------------------------------------------
https://www.watchlist-internet.at/presse/12022019-presseaussendung-watchlist-internet-warnt-vor-identitaetsdiebstahl-mit-ausweiskopien/


∗∗∗ In eine Shopping-Falle getappt? Hier gibt’s nützliche Tipps! ∗∗∗
---------------------------------------------
Im Internet werben unzählige Shops, die angebliche Markenware zu sehr günstigen Preisen anbieten, um Kund/innen. Trotz .at- oder .de-Domains haben die Websites Ihren Sitz etwa in China. Die versendeten Waren sind gefälscht, qualitativ minderwertig und werden häufig vom Zoll beschlagnahmt. Zusätzlich gelangen Kriminelle an Kreditkartendaten ihrer Opfer.
---------------------------------------------
https://www.watchlist-internet.at/news/in-eine-shopping-falle-getappt-hier-gibts-nuetzliche-tipps/


∗∗∗ WordPress plugin flaw lets you take over entire sites ∗∗∗
---------------------------------------------
Vulnerability found in social sharing plugin named "Simple Social Buttons," installed on more than 40,000 WordPress sites.
---------------------------------------------
https://www.zdnet.com/article/wordpress-plugin-flaw-lets-you-take-over-entire-sites/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security Bulletins Posted ∗∗∗
---------------------------------------------
Adobe has published security bulletins for Adobe Flash Player (APSB19-06), Adobe ColdFusion (APSB19-10), Adobe Acrobat and Reader (APSB19-07) and Adobe Creative Cloud Desktop Application (APSB19-11). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin.
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1705


∗∗∗ Cisco Network Assurance Engine CLI Access with Default Password Vulnerability ∗∗∗
---------------------------------------------
A vulnerability in the management web interface of Cisco Network Assurance Engine (NAE) could allow an unauthenticated, local attacker to gain unauthorized access or cause a Denial of Service (DoS) condition on the server. The vulnerability is due to a fault in the password management system of NAE. An attacker could exploit this vulnerability by authenticating with the default administrator password via the CLI of an affected server.
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190212-nae-dos


∗∗∗ Joomla 3.9.3 Release ∗∗∗
---------------------------------------------
Joomla 3.9.3 is now available. This is a security fix release for the 3.x series of Joomla which addresses 6 security vulnerabilities and contains 30 bug fixes and improvements.
---------------------------------------------
https://www.joomla.org/announcements/release-news/5756-joomla-3-9-3-release.html


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (chromium, dovecot, firefox, and spice), Debian (curl, php5, rssh, and wordpress), Fedora (curl, ghostscript, mingw-libconfuse, and radvd), openSUSE (java-11-openjdk and python-urllib3), Red Hat (chromium-browser and kernel), and SUSE (etcd and kernel).
---------------------------------------------
https://lwn.net/Articles/779543/


∗∗∗ SAP Security Patch Day 2019 ∗∗∗
---------------------------------------------
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943


∗∗∗ ZDI-19-178: Cisco WebEx Recorder and Player asplayback Out-Of-Bounds Read Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-19-178/


∗∗∗ Linux kernel vulnerability CVE-2018-17972 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K27673650


∗∗∗ Siemens Security Advisories ∗∗∗
---------------------------------------------
https://new.siemens.com/global/en/products/services/cert.html#SecurityPublications
https://cert-portal.siemens.com/productcert/txt/ssa-505225.txt
https://cert-portal.siemens.com/productcert/txt/ssa-760124.txt
https://cert-portal.siemens.com/productcert/txt/ssa-104088.txt
https://cert-portal.siemens.com/productcert/txt/ssa-275839.txt
https://cert-portal.siemens.com/productcert/txt/ssa-284673.txt
https://cert-portal.siemens.com/productcert/txt/ssa-346262.txt
https://cert-portal.siemens.com/productcert/txt/ssa-179516.txt
https://cert-portal.siemens.com/productcert/txt/ssa-168644.txt
https://cert-portal.siemens.com/productcert/txt/ssa-268644.txt
https://cert-portal.siemens.com/productcert/txt/ssa-347726.txt
https://cert-portal.siemens.com/productcert/txt/ssb-439005.txt
https://cert-portal.siemens.com/productcert/txt/ssa-377318.txt
https://cert-portal.siemens.com/productcert/txt/ssa-579309.txt
https://cert-portal.siemens.com/productcert/txt/ssa-635129.txt
https://cert-portal.siemens.com/productcert/txt/ssa-845879.txt
https://cert-portal.siemens.com/productcert/txt/ssa-254686.txt


∗∗∗ IBM Security Bulletin: A Security Vulnerability affects IBM Cloud Private Cloud Foundry (CVE-2018-15761) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerability-affects-ibm-cloud-private-cloud-foundry-cve-2018-15761/


∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in Apache Tomcat affects IBM UrbanCode Deploy (CVE-2018-11784) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-apache-tomcat-affects-ibm-urbancode-deploy-cve-2018-11784/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Netcool Agile Service Manager ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-netcool-agile-service-manager-2/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Privileged Identity Manager ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-security-privileged-identity-manager/


∗∗∗ IBM Security Bulletin: IBM Security Privileged Identity Manager is affected by multiple vulnerabilities(CVE-2016-10009, CVE-2016-6515, CVE-2016-6210, CVE-2017-6464, CVE-2017-6463) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-privileged-identity-manager-is-affected-by-multiple-vulnerabilitiescve-2016-10009-cve-2016-6515-cve-2016-6210-cve-2017-6464-cve-2017-6463/


∗∗∗ IBM Security Bulletin: IBM Security Privileged Identity Manager is affected by multiple IBM WebSphere Application Server vulnerabilities(CVE-2017-1137, CVE-2018-1567, CVE-2017-1194) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-privileged-identity-manager-is-affected-by-multiple-ibm-websphere-application-server-vulnerabilitiescve-2017-1137-cve-2018-1567-cve-2017-1194/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily