[CERT-daily] Tageszusammenfassung - 28.01.2019

Mon Jan 28 18:06:37 CET 2019

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 25-01-2019 18:00 − Montag 28-01-2019 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Datenbank: Lange bekannte MySQL-Lücke führt zu Angriffen ∗∗∗
---------------------------------------------
Das MySQL-Protokoll erlaubt es Servern, Daten des Clients auszulesen. Offenbar nutzte die kriminelle Gruppe Magecart dies zuletzt, um mit dem PHP-Datenbankfrontend Adminer Systeme anzugreifen. Auch PhpMyAdmin ist verwundbar. (MySQL, PHP)
---------------------------------------------
https://www.golem.de/news/datenbank-lange-bekannte-mysql-luecke-fuehrt-zu-angriffen-1901-138999-rss.html


∗∗∗ LabKey Vulnerabilities Threaten Medical Research Data ∗∗∗
---------------------------------------------
LabKey Server version 18.3.0-61806.763, released on January 16, patches all three issues, so users should update as soon as possible.
---------------------------------------------
https://threatpost.com/labkey-vulnerabilities-medical-research/141200/


∗∗∗ NumPy Is Awaiting Fix for Critical Remote Code Execution Bug ∗∗∗
---------------------------------------------
The current version of the popular NumPy library relies on unsafe default usage of a Python module that could lead to remote code execution in the context of the affected application.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/numpy-is-awaiting-fix-for-critical-remote-code-execution-bug/


∗∗∗ Jetzt patchen! Angreifer machen Jagd auf Cisco-Router ∗∗∗
---------------------------------------------
Sicherheitsforscher beobachten vermehrte Scans nach verwundbaren Routern von Cisco. Patches stehen zum Download bereit.
---------------------------------------------
http://heise.de/-4289149


∗∗∗ Vulnerability Spotlight: Multiple WIBU SYSTEMS WubiKey vulnerabilities ∗∗∗
---------------------------------------------
Cisco Talos discovered two vulnerabilities that could allow remote code execution and memory disclosure at the kernel level in WIBU-SYSTEMS WibuKey. WibuKey is a USB key designed to protect software and intellectual properties. It allows the users to manage software license via USB key. A third vulnerability is located in userland and can be triggered remotely, as its located in the network [...]
---------------------------------------------
https://blog.talosintelligence.com/2019/01/multiple-wibu-system-vulnerabilities.html


∗∗∗ Warnung vor software-outlet24.de ∗∗∗
---------------------------------------------
Auf software-outlet24.de werden Microsoft Office Pakete sowie Windows 10 und Windows 7 Produkt-Keys angeboten. Die Preise sind sehr günstig und laden zu einem schnellen Kauf ein. Zahlreiche Konsument/innen berichten uns von ausbleibenden Lieferungen und fehlender Rückerstattung.
---------------------------------------------
https://www.watchlist-internet.at/news/warnung-vor-software-outlet24de/


∗∗∗ WordPress sites under attack via zero-day in abandoned plugin ∗∗∗
---------------------------------------------
Developers of Total Donations plugin have gone missing, leaving former customers open to attacks.
---------------------------------------------
https://www.zdnet.com/article/wordpress-sites-under-attack-via-zero-day-in-abandoned-plugin/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Symantec Ghost Solution Suite DLL Hijack ∗∗∗
---------------------------------------------
Symantec Ghost Solution Suite (GSS) may be susceptible to a DLL hijacking vulnerability, which is a type of issue whereby a potential attacker attempts to execute unexpected code on your machine. This occurs via placement of a potentially foreign file (DLL) that the attacker then attempts to run via a linked application.
---------------------------------------------
https://support.symantec.com/en_US/article.SYMSA1474.html


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (apache, go, haproxy, matrix-synapse, nasm, and powerdns-recursor), Debian (coturn, ghostscript, krb5, policykit-1, and qtbase-opensource-src), Fedora (wireshark), openSUSE (nodejs4, nodejs8, openssh, PackageKit, and wireshark), Oracle (qemu and thunderbird), Scientific Linux (thunderbird), and SUSE (avahi, krb5, and python-paramiko).
---------------------------------------------
https://lwn.net/Articles/777688/


∗∗∗ Security Advisory - Memory Double Free Vulnerability in Image Processing Module of Some Huawei Smart Phones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190128-01-ivp-en


∗∗∗ IBM Security Bulletin: API Connect V5 is impacted by sensitive information disclosure via a REST API (CVE-2018-1976) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-api-connect-v5-is-impacted-by-sensitive-information-disclosure-via-a-rest-api-cve-2018-1976/


∗∗∗ IBM Security Bulletin: Security Bulletin: Vulnerability in IBM Java SDK affects IBM Developer for z Systems (CVE-2018-3180) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-bulletin-vulnerability-in-ibm-java-sdk-affects-ibm-developer-for-z-systems-cve-2018-3180/


∗∗∗ phpMyAdmin: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-0089

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily