[CERT-daily] Tageszusammenfassung - 27.05.2019
Daily end-of-shift report
team at cert.at
Mon May 27 18:29:10 CEST 2019
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 24-05-2019 18:00 − Montag 27-05-2019 18:00
Handler: Dimitri Robl
Co-Handler: Robert Waldner
=====================
= News =
=====================
∗∗∗ Joomla and WordPress Found Harboring Malicious Redirect Code ∗∗∗
---------------------------------------------
New .htaccess injector threat on Joomla and WordPress websites redirects to malicious websites.
---------------------------------------------
https://threatpost.com/joomla-and-wordpress-malicious-redirect-code/145068/
∗∗∗ Serious Security: Don’t let your SQL server attack you with ransomware ∗∗∗
---------------------------------------------
Tales from the honeypot: this time a MySQL-based attack. Old tricks still work, because were still making old mistakes - heres what to do.
---------------------------------------------
https://nakedsecurity.sophos.com/2019/05/25/serious-security-dont-let-your-sql-server-attack-you-with-ransomware/
∗∗∗ Alles Fake: sendlein.net, reipel.net, kleimer.net und lieberg24.com ∗∗∗
---------------------------------------------
Die verlockenden Technik-Angebote bei sendlein.net, reipel.net, kleimer.net oder lieberg24.com sind leider zu schön, um wahr zu sein! Es handelt sich um betrügerische Shops, die nicht liefern. Sie verlieren Ihr Geld und geben Kreditkartendaten preis, die für Online-Einkäufe verwendet werden könnten!
---------------------------------------------
https://www.watchlist-internet.at/news/alles-fake-sendleinnet-reipelnet-kleimernet-und-lieberg24com/
∗∗∗ Intense scanning activity detected for BlueKeep RDP flaw ∗∗∗
---------------------------------------------
A threat actor hidden behind Tor nodes is scanning for Windows systems vulnerable to BlueKeep flaw.
---------------------------------------------
https://www.zdnet.com/article/intense-scanning-activity-detected-for-bluekeep-rdp-flaw/#ftag=RSSbaffb68
=====================
= Vulnerabilities =
=====================
∗∗∗ BlackBerry Powered by Android Security Bulletin - May 2019 ∗∗∗
---------------------------------------------
BlackBerry has released a security update to address multiple vulnerabilities in BlackBerry powered by Android smartphones. ... This advisory is in response to the Android Security Bulletin (May) and addresses issues in that bulletin that affect BlackBerry powered by Android smartphones
---------------------------------------------
http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000057037
∗∗∗ New unpatched macOS Gatekeeper Bypass Published Online ∗∗∗
---------------------------------------------
Details have been released for an unpatched vulnerability in macOS 10.14.5 (Mojave) and below that allows a hacker to execute arbitrary code without user interaction.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-unpatched-macos-gatekeeper-bypass-published-online/
∗∗∗ Fortinet schließt mehrere Sicherheitslücken in FortiOS und Co. ∗∗∗
---------------------------------------------
Das SSL-VPN-Webportal von FortiOS war über mehrere Wege angreifbar – aus der Ferne und teils ohne Authentifizierung. Der Hersteller rät zum Update.
---------------------------------------------
https://heise.de/-4432813
∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (curl, jackson-databind, minissdpd, php5, thunderbird, wireshark, and wpa), Fedora (curl, drupal7, firefox, kernel, libmediainfo, mediaconch, mediainfo, mod_http2, mupdf, rust, and singularity), openSUSE (containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork), Oracle (firefox and libvirt), Scientific Linux (firefox and libvirt), and SUSE (bluez, curl, gnutls, java-1_7_1-ibm, libu2f-host, libvirt, python3, screen, and xen).
---------------------------------------------
https://lwn.net/Articles/789523/
∗∗∗ SSA-932041: Vulnerability in Radiography and Mobile X-ray Products from Siemens Healthineers ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-932041.txt
∗∗∗ SSA-832947: Vulnerability in Laboratory Diagnostics Products from Siemens Healthineers ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-832947.txt
∗∗∗ SSA-433987: Vulnerability in Radiation Oncology Products from Siemens Healthineers ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-433987.txt
∗∗∗ SSA-406175: Vulnerability in Siemens Healthineers Software Products ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-406175.txt
∗∗∗ SSA-166360: Vulnerability in Advanced Therapy Products from Siemens Healthineers ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-166360.txt
∗∗∗ SSA-616199: Vulnerability in Point of Care Diagnostics Products from Siemens Healthineers - Blood Gas ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-616199.txt
∗∗∗ IBM Security Bulletin: IBM QRadar WinCollect Agent Does Not Verify TLS Syslog Certificate (CVE-2019-4264) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-wincollect-agent-does-not-verify-tls-syslog-certificate-cve-2019-4264/
∗∗∗ IBM Security Bulletin: Security vulnerability affects the Report Builder shipped with Jazz Reporting Service (CVE-2019-4184) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerability-affects-the-report-builder-shipped-with-jazz-reporting-service-cve-2019-4184/
∗∗∗ GNU Binutils vulnerability CVE-2019-9070 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K13534168
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list