[CERT-daily] Tageszusammenfassung - 14.02.2019

Thu Feb 14 18:08:08 CET 2019

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 13-02-2019 18:00 − Donnerstag 14-02-2019 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Shlayer Malware Disables macOS Gatekeeper to Run Unsigned Payloads ∗∗∗
---------------------------------------------
A new variant of the multi-stage Shlayer malware known to target macOS users has been observed in the wild, now being capable to escalate privileges using a two-year-old technique and to disable the Gatekeeper protection mechanism to run unsigned second stage payloads.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/shlayer-malware-disables-macos-gatekeeper-to-run-unsigned-payloads/


∗∗∗ Firefox, Firefox ESR und Tor Browser rüsten sich gegen Schadcode ∗∗∗
---------------------------------------------
Mozilla und die Entwickler des Tor Browsers haben in aktuellen Versionen mehrere mit dem Bedrohungsgrad "hoch" eingestufte Lücken geschlossen.
---------------------------------------------
http://heise.de/-4308974


∗∗∗ Kauf von Welpen und Tierbabys auf adiso.at nicht ratsam ∗∗∗
---------------------------------------------
Konsument/innen finden auf adiso.at Hundewelpen und Tierbabys unterschiedlichster Rassen. Die abgebildeten Tierfotos verlocken zwar zu einem Kauf, doch davon ist dringend abzuraten. Personen, die sich für einen Welpen entscheiden, müssen meist vorab Geld bezahlen ohne den Hund gesehen zu haben. Es kommt immer wieder zu weiteren Geldforderungen, bis die Opfer begreifen, dass es die Welpen gar nicht gibt.
---------------------------------------------
https://www.watchlist-internet.at/news/kauf-von-welpen-und-tierbabys-auf-adisoat-nicht-ratsam/


∗∗∗ Betrug auf insboote.eu und ltnagro.eu ∗∗∗
---------------------------------------------
Auf der Website insboote.eu können Konsument/innen Boote und auf der Website ltnagro.eu Bau- oder Landmaschinen kaufen. Die Bezahlung der Ware ist nur im Voraus möglich. Käufer/innen, die das Geld für die Maschinen bezahlen, verlieren es, denn es kommt zu keiner Übergabe
---------------------------------------------
https://www.watchlist-internet.at/news/betrug-auf-insbooteeu-und-ltnagroeu/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Entity Registration - Critical - Multiple Vulnerabilities - SA-CONTRIB-2019-017 ∗∗∗
---------------------------------------------
Project: Entity RegistrationDate: 2019-February-13Security risk: Critical 18∕25 AC:Basic/A:None/CI:Some/II:Some/E:Exploit/TD:DefaultVulnerability: Multiple Vulnerabilities Description: This module enables you to take registrations for events, gathering information from registrants including email address and any other questions you wish to configure.In some cases, an anonymous user may view, edit, or delete other anonymous registrations by guessing the URL of that registration based on a [...]
---------------------------------------------
https://www.drupal.org/sa-contrib-2019-017


∗∗∗ OAuth 2.0 Client Login (Single Sign-On) - Critical - Multiple Vulnerabilities - SA-CONTRIB-2019-016 ∗∗∗
---------------------------------------------
Project: OAuth 2.0 Client Login (Single Sign-On)Date: 2019-February-13Security risk: Critical 17∕25 AC:Basic/A:None/CI:Some/II:Some/E:Proof/TD:AllVulnerability: Multiple Vulnerabilities Description: This module enables you to allow login into the Drupal websites through an external provider over the OAuth 2.0 protocol.The module sets a Drupal variable used for redirection based on unsanitised user input, leading to an Open Redirect vulnerability. It also fails to sanitise user input [...]
---------------------------------------------
https://www.drupal.org/sa-contrib-2019-016


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (python-gnupg), Mageia (avahi, dom4j, gvfs, kauth, libwmf, logback, mad, python, python-django, and radvd), openSUSE (curl, haproxy, lua53, python-slixmpp, runc, spice, and uriparser), Red Hat (flash-plugin), Slackware (mozilla), and SUSE (build and docker-runc).
---------------------------------------------
https://lwn.net/Articles/779810/


∗∗∗ Synology-SA-19:06 Docker ∗∗∗
---------------------------------------------
A vulnerability allows remote attackers to execute arbitrary commands via a susceptible version of Docker.
---------------------------------------------
https://www.synology.com/en-global/support/security/Synology_SA_19_06


∗∗∗ D-LINK Router: Mehrere Schwachstellen ermöglichen Erlangen von Administratorrechten ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-0142


∗∗∗ IBM Security Bulletin: IBM FileNet Content Manager and IBM Enterprise Content Management Text Search security vulnerability in Apache PDFBox ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-filenet-content-manager-and-ibm-enterprise-content-management-text-search-security-vulnerability-in-apache-pdfbox/


∗∗∗ IBM Security Bulletin: Vulnerabilities in the Linux kernel affect PowerKVM ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-the-linux-kernel-affect-powerkvm-13/


∗∗∗ IBM Security Bulletin: Apache Commons FileUpload Vulnerability Can Affect IBM Sterling Order Management (CVE-2016-1000031) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-apache-commons-fileupload-vulnerability-can-affect-ibm-sterling-order-management-cve-2016-1000031/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily