[CERT-daily] Tageszusammenfassung - 15.03.2019
Daily end-of-shift report
team at cert.at
Fri Mar 15 18:06:02 CET 2019
=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 14-03-2019 18:00 − Freitag 15-03-2019 18:00
Handler: Stephan Richter
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Threatlist: IMAP-Based Attacks Compromising Accounts at ‘Unprecedented Scale’ ∗∗∗
---------------------------------------------
Attackers are increasingly targeting insecure legacy protocols, like IMAP, to avoid running into multi-factor authentication in password-spraying campaigns.
---------------------------------------------
https://threatpost.com/imap-attacks-compromise-accounts/142824/
∗∗∗ DNS Tunneling: how DNS can be (ab)used by malicious actors ∗∗∗
---------------------------------------------
DNS is a critical foundation of the Internet that makes it possible to get to websites without entering numerical IP addresses. The power that makes DNS beneficial for everyone also creates potential for abuse. Unit 42 researchers explain how attackers can abuse DNS to hide their tracks and steal data using a technique known as "DNS Tunneling". This research can help organizations understand DNS-based threats and the risks they pose to their environment.
---------------------------------------------
https://unit42.paloaltonetworks.com/dns-tunneling-how-dns-can-be-abused-by-malicious-actors/
=====================
= Vulnerabilities =
=====================
∗∗∗ CVE-2019-0804 | Azure Linux Agent Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
An information disclosure vulnerability exists in the way Azure WaLinuxAgent creates swap files on resource disks. An authenticated attacker who successfully exploited this vulnerability could view data in swap that is normally hidden.
---------------------------------------------
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0804
∗∗∗ VMSA-2019-0003 ∗∗∗
---------------------------------------------
VMware Horizon update addresses Connection Server information disclosure vulnerability.
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2019-0003.html
∗∗∗ VMSA-2019-0002 ∗∗∗
---------------------------------------------
VMware Workstation update addresses elevation of privilege issues.
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2019-0002.html
∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Fedora (mingw-poppler and php), Mageia (apache, gnome-keyring, gnupg2, hiawatha, and rsyslog), openSUSE (libcomps and obs-service-tar_scm), and Ubuntu (libvirt and linux-lts-trusty).
---------------------------------------------
https://lwn.net/Articles/783140/
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Decision Optimization Center (CVE-2018-1890, CVE-2018-12547) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-ibm-decision-optimization-center-cve-2018-1890-cve-2018-12547/
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM ILOG CPLEX Optimization Studio and IBM CPLEX Enterprise Server (CVE-2018-1890, CVE-2018-12547, CVE-2019-2426) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-ilog-cplex-optimization-studio-and-ibm-cplex-enterprise-server-cve-2018-1890-cve-2018-12547-cve-2019-2426/
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM® Db2®. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-ibm-db2-4/
∗∗∗ IBM Security Bulletin: IBM MQ Console has inadequate input validation (CVE-2018-1836) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-console-has-inadequate-input-validation-cve-2018-1836/
∗∗∗ HPESBNS03910 rev.1 - HPE NonStop SafeGuard, Local Disclosure of Sensitive Information ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03910en_us
∗∗∗ HPESBST03911 rev.1 - HPE Command View AE (CVAE) Products, multiple vulnerabilities ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_us
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list