[CERT-daily] Tageszusammenfassung - 22.03.2019

Daily end-of-shift report team at cert.at
Fri Mar 22 18:44:53 CET 2019


=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 21-03-2019 18:00 − Freitag 22-03-2019 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Analysis of SeroMiner Trojan, combine multiple anti-analytic techniques ∗∗∗
---------------------------------------------
Foreword Recently, 360 security brain intercepted a mining Trojan 'SeroMiner'. The Trojan behavior is too concealed to be discovered its mining behavior from the security [...]
---------------------------------------------
https://blog.360totalsecurity.com/en/analysis-of-serominer-trojan-combine-multiple-anti-analytic-techniques/


∗∗∗ SigSpoof 4: Bypassing signature verification in Yarn package manager (CVE-2018-12556) ∗∗∗
---------------------------------------------
This attack on GnuPG signature verification is specific to yarn, thepackage manager. It can give a powerful attacker the ability toreplace the Yarn installation with arbitrary code. There areadditional protections in place, so if you are using Yarn, youprobably do not need to worry too much about it.
---------------------------------------------
https://neopg.io/blog/yarn-signature-bypass/


∗∗∗ Over 100,000 GitHub repos have leaked API or cryptographic keys ∗∗∗
---------------------------------------------
Thousands of new API or cryptographic keys leak via GitHub projects every day.
---------------------------------------------
https://www.zdnet.com/article/over-100000-github-repos-have-leaked-api-or-cryptographic-keys/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (firefox), Debian (cron and ntfs-3g), Fedora (firefox, ghostscript, libzip, python2-django1.11, PyYAML, tcpflow, and xen), Mageia (ansible, firefox, and ImageMagick/GraphicsMagick), Red Hat (ghostscript), Scientific Linux (firefox and ghostscript), SUSE (libxml2, unzip, and wireshark), and Ubuntu (firefox, ghostscript, libsolv, ntfs-3g, p7zip, and snapd).
---------------------------------------------
https://lwn.net/Articles/783757/


∗∗∗ IBM Security Bulletin: Potential denial of service vulnerability in WebSphere Application Server (CVE-2019-4046) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-denial-of-service-vulnerability-in-websphere-application-server-cve-2019-4046/


∗∗∗ IBM Security Bulletin: Potential denial of service in Liberty for Java for IBM Cloud (CVE-2018-10237) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-denial-of-service-in-liberty-for-java-for-ibm-cloud-cve-2018-10237/


∗∗∗ ICMP PMTU messages are forwarded to the server side when the TCP proxy-mss setting is enabled in the associated profile ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K52510343


∗∗∗ The BIG-IP SMTPS virtual server may fail to properly restrict I/O buffering, allowing attackers to insert commands into encrypted SMTP sessions ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K23284054


∗∗∗ BIG-IP SNMPD vulnerability CVE-2019-6608 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K12139752


∗∗∗ REST Framework vulnerability CVE-2019-6602 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K11818407


∗∗∗ BIG-IP snmpd vulnerability CVE-2019-6606 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K35209601


∗∗∗ TMM vulnerability CVE-2019-6603 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K14632915


∗∗∗ When authentication is set to require, the Client SSL or Server SSL profile does not report an error when it has an associated invalid CRL ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K15732489

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list