[CERT-daily] Tageszusammenfassung - 13.05.2019

Daily end-of-shift report team at cert.at
Mon May 13 18:38:44 CEST 2019


=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 10-05-2019 18:00 − Montag 13-05-2019 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Administration: Microsoft empfiehlt ein separat abgesichertes Gerät ∗∗∗
---------------------------------------------
Wer komplexe Systeme administriert, kann auch schnell zu einem attraktiven Angriffsziel werden. Microsoft gibt einige Tipps aus dem eigenen Hause, um diese Gefahr zu minimieren. Dazu gehört der Einsatz spezieller Geräte.
---------------------------------------------
https://www.golem.de/news/administration-microsoft-empfiehlt-ein-separat-abgesichertes-geraet-1905-141199-rss.html


∗∗∗ Hashfunktion: Der nächste Nagel im Sarg von SHA-1 ∗∗∗
---------------------------------------------
Eigentlich wissen es alle: Die Hashfunktion SHA-1 ist tot. Forscher haben jetzt eine Methode gefunden, Angriffe auf das Verfahren noch praxisrelevanter zu machen.
---------------------------------------------
https://www.golem.de/news/hashfunktion-der-naechste-nagel-im-sarg-von-sha-1-1905-141197-rss.html


∗∗∗ AR19-133A: Microsoft Office 365 Security Observations ∗∗∗
---------------------------------------------
Original release date: May 13, 2019 Summary As the number of organizations migrating email services to Microsoft Office 365 (O365) and other cloud services increases, the use of third-party companies that move organizations to the cloud is also increasing. Organizations and their third-party partners need to be aware of the risks involved in transitioning to O365 and other cloud services.
---------------------------------------------
https://www.us-cert.gov/ncas/analysis-reports/AR19-133A


∗∗∗ Hackers are collecting payment details, user passwords from 4,600 sites ∗∗∗
---------------------------------------------
Hackers have breached analytics service Picreel and open-source project Alpaca Forms and have modified JavaScript files on the infrastructure of these two companies to embed malicious code on over 4,600 websites, security researchers have told ZDNet. The attack is ongoing, and the malicious scripts are still live, at the time of this articles publishing.
---------------------------------------------
https://www.zdnet.com/article/hackers-are-collecting-payment-details-user-passwords-from-4600-sites/


∗∗∗ Microsoft erweitert BitLocker-Verwaltungsoptionen für Unternehmen ∗∗∗
---------------------------------------------
Microsoft plant zur Verwaltung der BitLocker-Verschlüsselung in Unternehmensumgebungen Erweiterungen für Intune und den System Center Configuration Manager.
---------------------------------------------
https://heise.de/-4420137


∗∗∗ Jetzt patchen: Angreifer nehmen ältere SharePoint-Server-Lücke ins Visier ∗∗∗
---------------------------------------------
Die schon im Februar/März gefixte Lücke CVE-2019-0604 wird aktiv ausgenutzt. Wer die Updates noch nicht installiert hat, sollte spätestens jetzt handeln.
---------------------------------------------
https://heise.de/-4420747


∗∗∗ Images Loading Credit Card Swipers ∗∗∗
---------------------------------------------
We’ve come across an interesting approach to injecting credit card swipers into Magento web pages. Instead of injecting a real script, attackers insert a seemingly benign, invisible image from the same site. The catch is, the  tag has an "onload" event handler that loads the malicious script.
---------------------------------------------
http://labs.sucuri.net/?note=2019-05-10


∗∗∗ NVIDIA Patches High Severity Bugs in GPU Display Driver ∗∗∗
---------------------------------------------
NVIDIA has released patches to address High severity vulnerabilities in its NVIDIA GPU Display Driver that could allow an attacker to escalate privileges or execute code on vulnerable systems.  read more
---------------------------------------------
https://www.securityweek.com/nvidia-patches-high-severity-bugs-gpu-display-driver



=====================
=  Vulnerabilities  =
=====================

∗∗∗ SQLite: Schwachstelle in Programmbibliothek erlaubt Remote Code Execution ∗∗∗
---------------------------------------------
Seit April gibt es SQLite in Version 3.28.0. Angesichts einer kritischen Schwachstelle in früheren Versionen sollten Entwickler schleunigst umsteigen.
---------------------------------------------
https://heise.de/-4421109


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (atftp, ghostscript, openjdk-7, and postgresql-9.4), Fedora (java-11-openjdk, mosquitto, and php), Mageia (bash, binutils, clamav, cronie, jasper, kernel, mxml, openexr, openssh, python, qt4, svgsalamander, sysstat, tar, and tcpreplay), openSUSE (openssl, python3, sqlite3, webkit2gtk3, and wireshark), Red Hat (bind, flatpak, freeradius:3.0, java-1.8.0-openjdk, python-jinja2, rh-ror42-rubygem-actionpack, rh-ror50-rubygem-actionpack, rh-ruby23-ruby, [...]
---------------------------------------------
https://lwn.net/Articles/788266/


∗∗∗ Gemalto DS3 Authentication Server / Ezio Server Command Injection / File Disclosure ∗∗∗
---------------------------------------------
https://cxsecurity.com/issue/WLB-2019050121


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affects WebSphere Application Server April 2019 CPU that is bundled with IBM WebSphere Application Server Patterns ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affects-websphere-application-server-april-2019-cpu-that-is-bundled-with-ibm-websphere-application-server-patterns/


∗∗∗ IBM Security Bulletin: IBM MQ RDQM and IBM MQ Appliance are vulnerable to a denial of service attack (CVE-2018-1084) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-rdqm-and-ibm-mq-appliance-are-vulnerable-to-a-denial-of-service-attack-cve-2018-1084/


∗∗∗ IBM Security Bulletin: Rational DOORS Web Access is affected Cross-site scripting vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-rational-doors-web-access-is-affected-cross-site-scripting-vulnerability/


∗∗∗ Linux kernel vulnerability CVE-2017-8824 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K15526101


∗∗∗ Vulnerability Spotlight: Multiple vulnerabilities in the Roav A1 Dashcam ∗∗∗
---------------------------------------------
https://blog.talosintelligence.com/2019/05/vulnerability-spotlight-multiple.html

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list