[CERT-daily] Tageszusammenfassung - 07.03.2019

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 06-03-2019 18:00 − Donnerstag 07-03-2019 18:00
Handler:     Robert Waldner
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Emotet: Eine Übersicht über die Schadsoftware ∗∗∗
---------------------------------------------
Emotet ist bereits 2014 entdeckt worden, unterscheidet sich allerdings in vielen Facetten von anderer Schadsoftware. An dieser Stelle fassen wir die Facetten und Eigenschaften zusammen, die diese Schadsoftware so besonders macht und geben eine kurze Übersicht, wie man sich schützen kann.
---------------------------------------------
https://www.dfn-cert.de/aktuell/emotet-beschreibung.html


∗∗∗ Financial Cyberthreats in 2018 ∗∗∗
---------------------------------------------
The presented report continues the series of Kaspersky Lab reports that provide an overview of how the financial threat landscape has evolved over the years. It covers the common phishing threats that users encounter, along with Windows-based and Android-based financial malware.
---------------------------------------------
https://securelist.com/financial-cyberthreats-in-2018/89788/


∗∗∗ Keine Schnäppchen bei cws-elektro.com ∗∗∗
---------------------------------------------
Bei cws-elektro.com finden Konsument/innen jegliche Elektroartikel zu teils günstigeren Preisen als bei anderen Händler/innen. Der Online-Shop ist jedoch nicht seriös. Berichten zufolge bleibt eine Lieferung aus. Sie verlieren Ihr Geld.
---------------------------------------------
https://www.watchlist-internet.at/news/keine-schnaeppchen-bei-cws-elektrocom/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ ZDI-19-257: (0Day) Advantech WebAccess Node Product Installation File Access Control Modification Privilege Escalation Vulnerability ∗∗∗
---------------------------------------------
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Advantech WebAccess Node. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-19-257/


∗∗∗ Weak Configuration File Encryption in AVAYA One-X communicator ∗∗∗
---------------------------------------------
SEC Consult found a vulnerability within the encryption process used for configuration files of the Avaya One-X communicator. Being able to encrypt arbitrary plaintext by abusing the client, it was possible to decrypt sensitive passwords stored in configuration files.
---------------------------------------------
https://www.sec-consult.com/en/blog/advisories/weak-configuration-file-encryption-in-avaya-one-x-communicator/


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by openSUSE (amavisd-new, apache2, and containerd, docker, docker-runc,), Red Hat (java-1.7.1-ibm and java-1.8.0-ibm), and Ubuntu (linux, linux-azure, linux-gcp, linux-kvm, linux-raspi2, linux-hwe, linux-azure, and php5, php7.0).
---------------------------------------------
https://lwn.net/Articles/782572/


∗∗∗ xpdf: Mehrere Schwachstellen ermöglichen Denial of Service ∗∗∗
---------------------------------------------
Mit Xpdf können PDF-Dokumente betrachtet werden. Dieser PDF-Betrachter ist zudem auch für Microsoft Windows verfügbar.
Ein lokaler Angreifer kann mehrere Schwachstellen in xpdf ausnutzen, um einen Denial of Service Angriff durchzuführen.
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-0193


∗∗∗ Cisco NX-OS Software NX-API Arbitrary Code Execution Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nx-os-api-ex


∗∗∗ IBM Security Bulletin: IBM Cloud Kubernetes Service is affected by a Denial of Service vulnerability in Kubernetes API server ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-kubernetes-service-is-affected-by-a-denial-of-service-vulnerability-in-kubernetes-api-server/


∗∗∗ IBM Security Bulletin: API Connect is affected by an information disclosure vulnerability in the consumer API (CVE-2018-2009) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-api-connect-is-affected-by-an-information-disclosure-vulnerability-in-the-consumer-api-cve-2018-2009/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM® SDK, Java™ Technology Edition affect IBM Operational Decision Manager ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-sdk-java-technology-edition-affect-ibm-operational-decision-manager-6/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-may-affect-ibm-sdk-java-technology-edition-10/


∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by Red Hat kernel vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium-is-affected-by-red-hat-kernel-vulnerabilities/


∗∗∗ IBM Security Bulletin: IBM QRadar SIEM is vulnerable to Apache Tomcat Publicly disclosed vulnerability (CVE-2018-11784) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-siem-is-vulnerable-to-apache-tomcat-publicly-disclosed-vulnerability-cve-2018-11784/


∗∗∗ IBM Security Bulletin: IBM QRadar SIEM is vulnerable to Publicly disclosed Samba vulnerabilities (CVE-2018-10858, CVE-2018-1139) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-siem-is-vulnerable-to-publicly-disclosed-samba-vulnerabilities-cve-2018-10858-cve-2018-1139/


∗∗∗ IBM Security Bulletin: IBM Lotus Protector for Mail Security has released fixes in response to the public disclosed vulnerability for PHP (CVE-2018-19518) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-lotus-protector-for-mail-security-has-released-fixes-in-response-to-the-public-disclosed-vulnerability-for-php-cve-2018-19518/


∗∗∗ IBM Security Bulletin: IBM QRadar SIEM is vulnerable to publicly disclosed vulnerability from GNU glibc (CVE-2018-11237) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-siem-is-vulnerable-to-publicly-disclosed-vulnerability-from-gnu-glibc-cve-2018-11237/


∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime Affects Optim Data Growth, Test Data Management and Application Retirement ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affects-optim-data-growth-test-data-management-and-application-retirement/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily