[CERT-daily] Tageszusammenfassung - 26.03.2019
Daily end-of-shift report
team at cert.at
Tue Mar 26 18:16:01 CET 2019
=====================
= End-of-Day report =
=====================
Timeframe: Montag 25-03-2019 18:00 − Dienstag 26-03-2019 18:00
Handler: Dimitri Robl
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ Sicherheitslücken: Abus Alarmanlage kann per Funk ausgeschaltet werden ∗∗∗
---------------------------------------------
Gleich drei Sicherheitslücken erlauben verschiedene Angriffe auf die Funkalarmanlage Secvest von Abus. Ein Sicherheitsupdate gibt es nicht.
---------------------------------------------
https://www.golem.de/news/sicherheitsluecken-abus-alarmanlage-kann-per-funk-ausgeschaltet-werden-1903-140268-rss.html
∗∗∗ Coding Error Could Enable Users to Halt LockerGoga Ransomware ∗∗∗
---------------------------------------------
Users could potentially use a coding error in some variants of LockerGoga to halt the ransomware's encryption routine in its tracks. In its analysis of LockerGoga, Alert Logic Threat Research found that the ransomware performs an initial reconnaissance scan through which it collects file lists once it's infected a machine. The malware may come in [...]
---------------------------------------------
https://www.tripwire.com/state-of-security/security-data-protection/coding-error-lockergoga-ransomware/
∗∗∗ Business banking fraud. Keep your eggs in TWO baskets. Here’s why… ∗∗∗
---------------------------------------------
This post has a cautionary tale all about spreading your business banking fraud risk. So, does your business have two bank accounts, with different banks? No? Then you would be well advised to do so, or risk being left unable to trade. WHY?
---------------------------------------------
https://www.pentestpartners.com/security-blog/business-banking-fraud-keep-your-eggs-in-two-baskets-heres-why/
∗∗∗ Amazon Phishing-Mails mit betrügerischem Inhalt ∗∗∗
---------------------------------------------
Unzählige Internetnutzer/innen finden momentan gefälschte Amazon-Mails im Posteingang. Sie werden darin informiert, dass das Amazon-Konto vorläufig deaktiviert wurde. Um es wieder freizuschalten, sollen die Empfänger/innen ihre Daten über den angegeben Link verifizieren. Der Aufforderung darf nicht gefolgt werden! Die eingegebenen Daten gelangen in die Hände Krimineller und das Amazon-Konto wurde nie gesperrt.
---------------------------------------------
https://www.watchlist-internet.at/news/amazon-phishing-mails-mit-betruegerischem-inhalt/
=====================
= Vulnerabilities =
=====================
∗∗∗ Betriebssysteme und iTunes: Apple schließt viele Sicherheitslücken ∗∗∗
---------------------------------------------
Mit der Veröffentlichung von iOS 12.2, Mojave 10.14.4 sowie der neuen iTunes-Version für Windows schließt Apple zahlreiche Sicherheitslücken. Einige davon sind kritisch, da sie Angriffe mit Kernelprivilegien oder hohen Rechten ermöglichen.
---------------------------------------------
https://www.golem.de/news/betriebssysteme-und-itunes-apple-schliesst-viele-sicherheitsluecken-1903-140250-rss.html
∗∗∗ ASUS Releases Security Update for Live Update Software ∗∗∗
---------------------------------------------
ASUS has released Live Update version 3.6.8. This version addresses vulnerabilities that a remote attacker could exploit to take control of an affected system. These vulnerabilities were detected in exploits in the wild. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the ASUS article for more information.
---------------------------------------------
https://www.us-cert.gov/ncas/current-activity/2019/03/26/ASUS-Releases-Security-Update-Live-Update-Software
∗∗∗ rt-sa-2019-007 ∗∗∗
---------------------------------------------
Code Execution via Insecure Shell Function getopt_simple
---------------------------------------------
https://www.redteam-pentesting.de/advisories/rt-sa-2019-007.txt
∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (ghostscript), Debian (libssh2 and wireshark), openSUSE (aubio, blueman, and kauth), Red Hat (kernel-rt and openwsman), Scientific Linux (openwsman), Slackware (mozilla), and SUSE (ovmf and ucode-intel).
---------------------------------------------
https://lwn.net/Articles/784031/
∗∗∗ Synology-SA-19:13 Drupal ∗∗∗
---------------------------------------------
A vulnerability allows remote authenticated users to inject arbitrary web script or HTML via a susceptible version of Drupal.
---------------------------------------------
https://www.synology.com/en-global/support/security/Synology_SA_19_13
∗∗∗ IBM Security Bulletin: Incorrect permissions on restored files and directories using IBM Spectrum Protect Backup-Archive Client web user interface on Windows (CVE-2019-4093) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-incorrect-permissions-on-restored-files-and-directories-using-ibm-spectrum-protect-backup-archive-client-web-user-interface-on-windows-cve-2019-4093/
∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by OpenSSL vulnerabilities (CVE-2018-0732 and CVE-2018-0739) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-affected-by-openssl-vulnerabilities-cve-2018-0732-and-cve-2018-0739/
∗∗∗ IBM Security Bulletin: Vulnerability CVE-2018-14647 in Python affects IBM i ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-cve-2018-14647-in-python-affects-ibm-i/
∗∗∗ IBM Security Bulletin: Apache Axis as used in IBM QRadar SIEM is vulnerable to a possible man in the middle attack. (CVE-2012-5784) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-apache-axis-as-used-in-ibm-qradar-siem-is-vulnerable-to-a-possible-man-in-the-middle-attack-cve-2012-5784/
∗∗∗ Binutils vulnerabilities CVE-2018-20002 and CVE-2018-20657 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K62602089
∗∗∗ D-LINK Router: Mehrere Schwachstellen ermöglichen Umgehen von Sicherheitsvorkehrungen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-0240
∗∗∗ Red Hat Enterprise Linux: Schwachstelle ermöglicht Offenlegung von Informationen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-0244
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list