[CERT-daily] Tageszusammenfassung - 27.03.2019

Daily end-of-shift report team at cert.at
Wed Mar 27 18:38:36 CET 2019 

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 26-03-2019 18:00 − Mittwoch 27-03-2019 18:00
Handler:     Dimitri Robl
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ UC Browser for Android, Desktop Exposes 500+ Million Users to MiTM Attacks ∗∗∗
---------------------------------------------
The extremely popular UC Browser and UC Browser Mini Android applications with a total of over 600 million installs expose their users to MiTM attacks by downloading and installing extra modules from their own servers using unprotected channels and bypassing Google Plays servers altogether.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/uc-browser-for-android-desktop-exposes-500-million-users-to-mitm-attacks/


∗∗∗ Abuse of hidden "well-known" directory in HTTPS sites ∗∗∗
---------------------------------------------
WordPress and Joomla are among the most popular Content Management Systems (CMSs). They have also become popular for malicious actors, as cybercriminals target sites on these platforms for hacking and injecting malicious content. During the past few weeks, ThreatLabZ researchers have detected several WordPress and Joomla sites that were serving Shade/Troldesh ransomware, backdoors, redirectors, and a variety of phishing pages.
---------------------------------------------
https://www.zscaler.com/blogs/research/abuse-hidden-well-known-directory-https-sites


∗∗∗ Sicherheitsforscher entdecken 36 neue Sicherheitslücken im LTE-Standard ∗∗∗
---------------------------------------------
Aufgrund von Lücken sollen Angreifer in der Lage sein, Verbindungen im LTE-Netz zu stören oder sogar zu manipulieren. Das geht aber mit viel Aufwand einher.
---------------------------------------------
http://heise.de/-4352711


∗∗∗ What Is Access Control? A Key Component Of Data Security ∗∗∗
---------------------------------------------
Who should be able to access a company's data? Under what circumstances do organisations deny access to a user with access privileges? To adequately protect data, an organisation's access control [...]
---------------------------------------------
https://blog.schneider-electric.com/building-management/2019/03/27/what-is-access-control-a-key-component-of-data-security/


∗∗∗ Rechnungen betrügerischer Streaming-Websites nicht bezahlen! ∗∗∗
---------------------------------------------
Die Welle betrügerischer Streaming-Plattformen mit Namen wie nolistream.de, someflix.de, daftstream.de oder savaflix.de reißt nicht ab. Die Websites verfolgen nur ein Ziel: Internetuser/innen zu unberechtigten Zahlungen zu drängen. Durch gefälschte Rechnungen, Mahnungen und Inkassoschreiben sollen Betroffene eingeschüchtert werden. Die geforderten 358,80, 359,88 oder 479,16 Euro dürfen nicht bezahlt werden!
---------------------------------------------
https://www.watchlist-internet.at/news/rechnungen-betruegerischer-streaming-websites-nicht-bezahlen/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Siemens SCALANCE X ∗∗∗
---------------------------------------------
This advisory includes mitigations for an expected behavior violation vulnerability reported in the Siemens SCALANCE X products.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-19-085-01


∗∗∗ ENTTEC Lighting Controllers ∗∗∗
---------------------------------------------
This advisory includes mitigations for a missing authentication for critical function vulnerability reported in ENTTEC’s lighting controllers.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-19-085-03-0


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (openjdk-7), Fedora (cfitsio, firefox, librsvg2, and pdns), openSUSE (firefox), Red Hat (firefox), Scientific Linux (firefox), SUSE (gd, grub2, ImageMagick, kernel, libcaca, libmspack, ntp, ovmf, w3m, and wavpack), and Ubuntu (php7.0, php7.2, qemu, and xmltooling).
---------------------------------------------
https://lwn.net/Articles/784114/


∗∗∗ Cisco Security Advisories ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-71135
https://tools.cisco.com/security/center/psirtrss20/CiscoSecurityAdvisory.xml


∗∗∗ XML vulnerability CVE-2017-9233 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K03244804


∗∗∗ Security Advisory - Improper Authentication Vulnerability in Some Huawei AP Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190327-01-ap-en


∗∗∗ IBM Security Bulletin: Potential denial of service in WebSphere Application Server Admin Console (CVE-2019-4080) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-denial-of-service-in-websphere-application-server-admin-console-cve-2019-4080/


∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in Oracle Outside In Technology affect IBM Rational DOORS Next Generation ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-oracle-outside-in-technology-affect-ibm-rational-doors-next-generation-5/


∗∗∗ IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in xorg-x11-libX11 (CVE-2018-14598 CVE-2018-14599 CVE-2018-14600) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-flex-system-chassis-management-module-cmm-is-affected-by-vulnerabilities-in-xorg-x11-libx11-cve-2018-14598-cve-2018-14599-cve-2018-14600/


∗∗∗ IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in GNU C Library (CVE-2015-5180 CVE-2017-15670 CVE-2017-15804) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-flex-system-chassis-management-module-cmm-is-affected-by-vulnerabilities-in-gnu-c-library-cve-2015-5180-cve-2017-15670-cve-2017-15804/


∗∗∗ IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in cURL (CVE-2018-14618 CVE-2018-16840 CVE-2018-16842) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-flex-system-chassis-management-module-cmm-is-affected-by-vulnerabilities-in-curl-cve-2018-14618-cve-2018-16840-cve-2018-16842/


∗∗∗ IBM Security Bulletin: Content Collector for Email is affected by 3RD PARTY IBM WebSphere Application Server Deserialization ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-content-collector-for-email-is-affected-by-3rd-party-ibm-websphere-application-server-deserialization/


∗∗∗ IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in PHP (CVE-2018-17082 CVE-2018-14883 CVE-2018-14851 CVE-2017-9118) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-flex-system-chassis-management-module-cmm-is-affected-by-vulnerabilities-in-php-cve-2018-17082-cve-2018-14883-cve-2018-14851-cve-2017-9118/


∗∗∗ IBM Security Bulletin: Content Collector for Email is affected by 3RD PARTY CSRF and OOB-XXE Vulnerabilities in WebSphere Web Application Server’s Integrated Solutions Console 9.0.0.8, 8.5.5.13, and 8.5.5.9 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-content-collector-for-email-is-affected-by-3rd-party-csrf-and-oob-xxe-vulnerabilities-in-websphere-web-application-servers-integrated-solutions-console-9-0-0-8-8-5-5-13-and/


∗∗∗ IBM Security Bulletin: IBM Security Identity Manager Virtual Appliance is affected by multiple vulnerabilities (CVE-2017-6464, CVE-2017-6463, CVE-2017-6462, CVE-2015-3331, CVE-2014-2523) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-identity-manager-virtual-appliance-is-affected-by-multiple-vulnerabilities-cve-2017-6464-cve-2017-6463-cve-2017-6462-cve-2015-3331-cve-2014-2523/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Security Identity Manager Virtual Appliance ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-ibm-security-identity-manager-virtual-appliance/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

More information about the Daily mailing list