[CERT-daily] Tageszusammenfassung - 09.05.2019

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 08-05-2019 18:00 − Donnerstag 09-05-2019 18:00
Handler:     Dimitri Robl
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Samsung: Forscher konnte auf Entwicklungsumgebung zugreifen ∗∗∗
---------------------------------------------
Zugangsdaten, Zertifikate, Tokens, Schlüssel und Quellcode: Ein Sicherheitsforscher fand eine öffentlich zugängliche Gitlab-Installation von Samsung - und hätte selbst den Softwarecode ändern können.
---------------------------------------------
https://www.golem.de/news/samsung-forscher-konnte-auf-entwicklungsumgebung-zugreifen-1905-141145-rss.html


∗∗∗ Eggheads confirm: Rampant Android bloatware a privacy and security hellscape ∗∗∗
---------------------------------------------
Bundled software not just an annoyance, its also a risk The apps bundled with many Android phones are presenting threats to security and privacy greater than most users think.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2019/05/09/android_bloatware_security/


∗∗∗ Ongoing Credit Card Data Leak ∗∗∗
---------------------------------------------
Our DNSMon flagged an abnormal domain name magento-analytics[.]com, through continuous tracking, and correlation with various data, we found out that the domain name has been used to inject malicious JS script to various online shopping sites to steal the credit card owner / card number / expiration time / CVV information.
---------------------------------------------
https://blog.netlab.360.com/ongoing-credit-card-data-leak/


∗∗∗ Kritische Lücke: Docker-Images von Alpine Linux mit Root-Zugang ohne Passwort ∗∗∗
---------------------------------------------
Einige Versionen der offiziellen Docker-Images von Alpine Linux erlaubten das Einloggen als root mit leerem Passwortfeld. Jetzt ist das Problem behoben.
---------------------------------------------
https://heise.de/-4418636


∗∗∗ Vulnerabilities in financial mobile apps put consumers and businesses at risk ∗∗∗
---------------------------------------------
It’s good to know that your bank’s website boasts that little green padlock, promotes secure communication, and follows a two-factor authentication (2FA) scheme. But are their mobile apps equally secure?
---------------------------------------------
https://blog.malwarebytes.com/101/2019/05/vulnerabilities-in-financial-mobile-apps-put-consumers-and-businesses-at-risk/


∗∗∗ Vulnerability Spotlight: Remote code execution bug in SQLite ∗∗∗
---------------------------------------------
SQLite contains an exploitable use-after-free vulnerability that could allow an attacker to gain the ability to remotely execute code on the victim machine.
---------------------------------------------
https://blog.talosintelligence.com/2019/05/vulnerability-spotlight-remote-code.html


∗∗∗ Finger weg von elektriker-mg.at ∗∗∗
---------------------------------------------
Beauftragen Sie elektriker-mg.at besser nicht bei Problemen, denn dieses Unternehmen ist betrügerisch. elektriker-mg.at wirbt auf seiner Website damit, 24 Stunden am Tag und 365 Tage im Jahr verfügbar und innerhalb kürzester Zeit bei Ihnen zu sein. Das freundliche Lächeln des Elektrikers trügt: Sie werden um viel Geld betrogen und Ihr Schaden wird nicht behoben!
---------------------------------------------
https://www.watchlist-internet.at/news/finger-weg-von-elektriker-mgat/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Fedora (drupal7, exiv2, filezilla, and libfilezilla), openSUSE (gnutls, GraphicsMagick, hostinfo, supportutils, and ovmf), Scientific Linux (flatpak and ghostscript), SUSE (mutt and samba), and Ubuntu (Monit).
---------------------------------------------
https://lwn.net/Articles/787943/


∗∗∗ Phar Vulnerabilities Patched in Drupal, TYPO3 ∗∗∗
---------------------------------------------
Updates released this week for the Drupal and TYPO3 open source content management systems (CMSs) patch vulnerabilities related to how Phar archives are handled. The Phar (PHP Archive) package format enables developers to place all the files of a PHP application inside a single archive.
---------------------------------------------
https://www.securityweek.com/phar-vulnerabilities-patched-drupal-typo3


∗∗∗ Kaspersky Anti-Virus: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit Administratorrechten ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-0387


∗∗∗ IBM Security Bulletin: Cross-site scripting in IBM Business Automation Workflow and IBM Business Process Manager (BPM) (CVE-2019-4204) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-cross-site-scripting-in-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-cve-2019-4204/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Application Dependency Discovery Manager (TADDM) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-tivoli-application-dependency-discovery-manager-taddm-4/


∗∗∗ IBM Security Bulletin: IBM DataPower Gateway is affected by a message spoofing vulnerability (CVE-2019-6110) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-datapower-gateway-is-affected-by-a-message-spoofing-vulnerability-cve-2019-6110/


∗∗∗ IBM Security Bulletin: A vulnerability in IBM Cloud App Management V2018 could allow an attacker to obtain sensitive configuration information ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ibm-cloud-app-management-v2018-could-allow-an-attacker-to-obtain-sensitive-configuration-information/


∗∗∗ IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Integrated Analytics System ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-openssl-affects-ibm-integrated-analytics-system/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM SDK Java Technology Edition affect IBM Cloud App Management V2018.4.1 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-sdk-java-technology-edition-affect-ibm-cloud-app-management-v2018-4-1/


∗∗∗ IBM Security Bulletin: A vulnerability in Apache Tomcat could affect IBM Cloud App Management V2018 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-apache-tomcat-could-affect-ibm-cloud-app-management-v2018/


∗∗∗ IBM Security Bulletin: Financial Transaction Manager for Corporate Payment Services is affected by a potential cross-site request forgery vulnerability (CVE-2018-1790) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction-manager-for-corporate-payment-services-is-affected-by-a-potential-cross-site-request-forgery-vulnerability-cve-2018-1790/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily