[CERT-daily] Tageszusammenfassung - 04.06.2019
Daily end-of-shift report
team at cert.at
Tue Jun 4 18:05:33 CEST 2019
=====================
= End-of-Day report =
=====================
Timeframe: Montag 03-06-2019 18:00 − Dienstag 04-06-2019 18:00
Handler: Robert Waldner
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ VU#576688: Microsoft windows RDP Network Level Authenticaion can bypass the Windows lock screen ∗∗∗
---------------------------------------------
Microsoft Windows Remote Desktop supports a feature called Network Level Authentication(NLA),which moves the authentication aspect of a remote session from the RDP layer to the network-layer. The use of NLA is recommended to reduce the attack surface of systems exposed using the RDP protocol.
---------------------------------------------
https://kb.cert.org/vuls/id/576688
∗∗∗ VB2018 paper: Lazarus Group: a mahjong game played with different sets of tiles ∗∗∗
---------------------------------------------
The Lazarus Group, generally linked to the North Korean government, is one of the most notorious threat groups seen in recent years. At VB2018 ESET researchers Peter Kálnai and Michal Poslušný presented a paper looking at the groups various campaigns. Today, we publish their paper and the recording of their presentation. Read more
---------------------------------------------
https://www.virusbulletin.com:443/blog/2019/06/vb2018-paper-lazarus-group-mahjong-game-played-different-sets-tiles/
∗∗∗ So schützen Sie sich vor Kleinanzeigen-Betrug ∗∗∗
---------------------------------------------
Kleinanzeigen-Plattformen erfreuen sich großer Beliebtheit. Sie bieten eine hervorragende Möglichkeit, alte Gegenstände zu verkaufen, die nicht mehr gebraucht werden, oder wahre Schnäppchen aus zweiter Hand zu ergattern. Doch Vorsicht: Sowohl hinter angeblichen Interessent/innen als auch Verkäufer/innen verstecken sich oft Kriminelle, die es nur auf das Geld oder die Ware ihrer Opfer abgesehen haben.
---------------------------------------------
https://www.watchlist-internet.at/news/so-schuetzen-sie-sich-vor-kleinanzeigen-betrug/
=====================
= Vulnerabilities =
=====================
∗∗∗ Android Security Bulletin - June 2019 ∗∗∗
---------------------------------------------
The most severe of these issues is a critical security vulnerability in Media framework that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process.
---------------------------------------------
https://source.android.com/security/bulletin/2019-06-01.html
∗∗∗ Potentielles Sicherheitsproblem in Mailserver-Software Exim - Patches ab 11. 6. verfügbar ∗∗∗
---------------------------------------------
Das Exim-Projekt hat am 4. 6. 2019 Vorab-Informationen zu einer schwerwiegenden Sicherheitslücke veröffentlicht. Entsprechende Patches sind bereits für Linux-Distributionen etc. verfügbar, und so können von diesen - zeitgleich mit Veröffentlichung des Patches - ab 11. 6. fehlerbereinigte Pakete ausgerollt werden.
---------------------------------------------
http://www.cert.at/warnings/all/20190604.html
∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (python-django and python2-django), Debian (heimdal), Fedora (kernel, kernel-headers, kernel-tools, and sqlite), openSUSE (containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork and GraphicsMagick), Oracle (thunderbird), Red Hat (systemd and thunderbird), SUSE (bind and firefox), and Ubuntu (qtbase-opensource-src).
---------------------------------------------
https://lwn.net/Articles/790266/
∗∗∗ IBM Security Bulletin: IBM InfoSphere Information Analyzer and Information Governance Catalog is affected by an Information Disclosure vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-infosphere-information-analyzer-and-information-governance-catalog-is-affected-by-an-information-disclosure-vulnerability/
∗∗∗ IBM Security Bulletin: IBM Cloud Transformation Advisor is affected by a Node.js denial of service vulnerability (CVE-2019-5737) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-transformation-advisor-is-affected-by-a-node-js-denial-of-service-vulnerability-cve-2019-5737/
∗∗∗ IBM Security Bulletin: Jazz for Service Management (JazzSM) could allow a remote attacker to conduct phishing attacks, using an open redirect attack (CVE-2019-4201) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-jazz-for-service-management-jazzsm-could-allow-a-remote-attacker-to-conduct-phishing-attacks-using-an-open-redirect-attack-cve-2019-4201/
∗∗∗ IBM Security Bulletin: Vulnerabilities in the Java runtime environment that IBM provides affect WebSphere eXtreme Scale ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-the-java-runtime-environment-that-ibm-provides-affect-websphere-extreme-scale/
∗∗∗ IBM Security Bulletin: IBM Maximo Asset Management is vulnerable to Malicious File Upload attack (CVE-2019-4056) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-maximo-asset-management-is-vulnerable-to-malicious-file-upload-attack-cve-2019-4056/
∗∗∗ IBM Security Bulletin: IBM Maximo Asset Management is vulnerable to Back and Refresh Attack (CVE-2019-4048) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-maximo-asset-management-is-vulnerable-to-back-and-refresh-attack-cve-2019-4048/
∗∗∗ IBM Security Bulletin: IBM Cloud Transformation Advisor is affected by a vulnerability in WebSphere Application Server Liberty (CVE-2019-4046) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-transformation-advisor-is-affected-by-a-vulnerability-in-websphere-application-server-liberty-cve-2019-4046/
∗∗∗ IBM Security Bulletin: IBM Maximo Asset Management is vulnerable to Reverse Tabnabbing (CVE-2018-2028) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-maximo-asset-management-is-vulnerable-to-reverse-tabnabbing-cve-2018-2028/
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affects-ibm-san-volume-controller-ibm-storwize-ibm-spectrum-virtualize-and-ibm-flashsystem-products/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list