[CERT-daily] Tageszusammenfassung - 18.07.2019

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 17-07-2019 18:00 − Donnerstag 18-07-2019 18:00
Handler:     Robert Waldner
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Netz- und Informationssystemsicherheitsverordnung – NISV ∗∗∗
---------------------------------------------
Am 17.07.2019 wurde die Netz- und Informationssystemsicherheitsverordnung - NISV veröffentlicht. Diese ergänzt das Bundesgesetz zur Gewährleistung eines hohen Sicherheitsniveaus von Netz- und Informationssystemen (Netz- und Informationssystemsicherheitsgesetz - NISG) und bietet die Grundlage für die Identifizierung der Betreiber wesentlicher Dienste.
---------------------------------------------
https://www.ris.bka.gv.at/Dokumente/BgblAuth/BGBLA_2019_II_215/BGBLA_2019_II_215.html


∗∗∗ WeAct: Datenleck bei Petitionsplattform von Campact ∗∗∗
---------------------------------------------
Ein Fehler auf der Petitionsplattform WeAct von Campact ermöglichte den Zugriff auf die Daten der Unterstützer. Rund 1,8 Millionen Unterzeichner sind betroffen. Die Nichtregierungsorganisation hat die Hintergründe des Fehlers veröffentlicht. (Datenleck, Datenschutz)
---------------------------------------------
https://www.golem.de/news/weact-datenleck-bei-petitionsplattform-von-campact-1907-142648-rss.html


∗∗∗ Unseriöse Shops: Versprechen Wunderdinge – liefern minderwertige Ware! ∗∗∗
---------------------------------------------
Konsument/innen stoßen beim Surfen im Internet immer wieder auf Werbung zu Produkten, die wahre Wunderdinge versprechen. Während manche Gegenstände halten, was sie versprechen, wird in anderen Fällen billigste Ware durch aggressive Werbung an die Frau und den Mann gebracht. Ähnliches gilt für Websites wie wifiboost.pro, airfreez.pro, coolblade.pro oder cleanaqua.pro, die darüber hinaus zahlreiche gesetzliche Vorgaben beim Verkauf missachten.
---------------------------------------------
https://www.watchlist-internet.at/news/unserioese-shops-versprechen-wunderdinge-liefern-minderwertige-ware/


∗∗∗ Zoom RCE only hit those who uninstalled it: Assetnote ∗∗∗
---------------------------------------------
Local webserver searched for domain suffixes that left it open to exploitation.
---------------------------------------------
https://www.zdnet.com/article/zoom-rce-only-hit-those-who-uninstalled-it-assetnote/#ftag=RSSbaffb68

=====================
=  Vulnerabilities  =
=====================

∗∗∗ Wireshark: ASN.1 BER and related dissectors crash ∗∗∗
---------------------------------------------
It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.
---------------------------------------------
https://www.wireshark.org/security/wnpa-sec-2019-20.html


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (chromium, firefox, and squid), CentOS (thunderbird and vim), Debian (libonig), SUSE (firefox, glibc, kernel, libxslt, and tomcat), and Ubuntu (libreoffice and thunderbird).
---------------------------------------------
https://lwn.net/Articles/794104/
∗∗∗ Cisco IOS Access Points Software 802.11r Fast Transition Denial of Service Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190717-aironet-dos


∗∗∗ Cisco Industrial Network Director Web Services Management Agent Unauthorized Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190717-wsma-info


∗∗∗ Cisco Small Business SPA500 Series IP Phones Local Command Execution Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190717-spa500-command


∗∗∗ Cisco Small Business Series Switches Open Redirect Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190717-sbss-redirect


∗∗∗ Cisco Identity Services Engine Cross-Site Scripting Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190717-ise-xss


∗∗∗ Cisco Identity Services Engine Blind SQL Injection Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190717-ise-sql-inject


∗∗∗ Cisco Vision Dynamic Signage Director REST API Authentication Bypass Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190717-cvdsd-wmauth


∗∗∗ Cisco FindIT Network Management Software Static Credentials Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190717-cfnm-statcred


∗∗∗ Security Advisory - Improper Authentication Vulnerability on PC Manager ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190718-01-pcmanager-en


∗∗∗ IBM Security Bulletin: IBM WebSphere Cast Iron Solution is affected by Apache Tomcat vulnerabilities CVE-2019-10072 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-websphere-cast-iron-solution-is-affected-by-apache-tomcat-vulnerabilities-cve-2019-10072/


∗∗∗ IBM Security Bulletin: Security Bulletin: Multiple vulnerabilities in current releases of the IBM® SDK, Java™ Technology Edition affect IBM Tivoli Network Manager IP Edition (CVE-2018-1890, CVE-2019-2426) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-bulletin-multiple-vulnerabilities-in-current-releases-of-the-ibm-sdk-java-technology-edition-affect-ibm-tivoli-network-manager-ip-edition-cve-2018-189/


∗∗∗ IBM Security Bulletin: A vulnerability in IBM WebSphere Application Server affects IBM Spectrum Scale packaged in IBM Elastic Storage Server (CVE-2019-4046) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ibm-websphere-application-server-affects-ibm-spectrum-scale-packaged-in-ibm-elastic-storage-server-cve-2019-4046/


∗∗∗ IBM Security Bulletin: An IBM QRadar SIEM protocol is vulnerable to Incorrect Permission Assignment (CVE-2018-2024) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-an-ibm-qradar-siem-protocol-is-vulnerable-to-incorrect-permission-assignment-cve-2018-2024/


∗∗∗ IBM Security Bulletin: A vulnerability in IBM Java SDK and IBM Java Runtime affects IBM QRadar SIEM ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ibm-java-sdk-and-ibm-java-runtime-affects-ibm-qradar-siem/


∗∗∗ IBM Security Bulletin: Asset Analyzer (RAA) is affected by a WebSphere Application Server vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-asset-analyzer-raa-is-affected-by-a-websphere-application-server-vulnerability/


∗∗∗ IBM Security Bulletin: IBM Watson Studio – Local allows mounting glusterFS without security check ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-watson-studio-local-allows-mounting-glusterfs-without-security-check/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities affect Watson Explorer (CVE-2017-14166, CVE-2017-14501, CVE-2017-14502, CVE-2017-14503) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-affect-watson-explorer-cve-2017-14166-cve-2017-14501-cve-2017-14502-cve-2017-14503/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily