[CERT-daily] Tageszusammenfassung - 11.11.2019

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 08-11-2019 18:00 − Montag 11-11-2019 18:00
Handler:     Robert Waldner
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ DDoS attacks in Q3 2019 ∗∗∗
---------------------------------------------
Statistically, Q3 2019 differs little from Q2. In terms of geographical distribution of attacks and targets, we saw a continuation of the now familiar trend of unexpected guests appearing, only to drop out the next quarter.
---------------------------------------------
https://securelist.com/ddos-report-q3-2019/94958/


∗∗∗ Vulnerable Versions of Adminer as a Universal Infection Vector ∗∗∗
---------------------------------------------
This past week, we’ve been monitoring a new wave of website infections mostly impacting WordPress and Magento websites. We found that hackers have been injecting scripts from scripts.trasnaltemyrecords[.]com into multiple files and database tables. This is still the same ongoing campaign that we’ve been following for the past few years, where site visitors are redirected to various kinds of scam landing pages—including tech support scams, fake lottery wins, and malicious [...]
---------------------------------------------
https://blog.sucuri.net/2019/11/vulnerable-versions-of-adminer-as-a-universal-infection-vector.html


∗∗∗ Ring Video Doorbell Pro: Mitteilsame IoT-Türklingel verriet WLAN-Zugangsdaten ∗∗∗
---------------------------------------------
Eine Klingel, die Besucher sicht- und hörbar macht, hätte Angreifern unbemerkt vollen WLAN-Zugriff verschaffen können. Automatische Updates wurden verteilt.
---------------------------------------------
https://heise.de/-4583764


∗∗∗ Sofortübersetzer von Muama Enence hält nicht, was er verspricht ∗∗∗
---------------------------------------------
Ein Gerät, das 32 Sprachen unmittelbar übersetzt und Verständigungsprobleme im Urlaub oder bei Geschäftstätigkeiten beseitigt, klingt erstmal hervorragend! Dies verspricht die UAB Ekomlita mit dem MUAMA Enence Instant Translator. Doch Vorsicht: Hier werden mitunter wichtige Informationen zum Produkt verheimlicht, es kommt zu groben Problemen beim Rücktritt und wir hegen Bedenken zum Datenschutz!
---------------------------------------------
https://www.watchlist-internet.at/news/sofortuebersetzer-von-muama-enence-haelt-nicht-was-er-verspricht/


∗∗∗ Apples Siri unterwandert E-Mail-Verschlüsselung ∗∗∗
---------------------------------------------
Nachrichten werden unter macOS im Klartext lokal gespeichert – Fehlerbereinigung laut Apple in Arbeit
---------------------------------------------
https://www.derstandard.at/story/2000110928043/apples-siri-unterwandert-e-mail-verschluesselung



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Jira Service Desk Security Advisory 2019-11-06 ∗∗∗
---------------------------------------------
CVE-2019-15003 - Authorization bypass allows information disclosure CVE-2019-15004 - URL path traversal allows information disclosure
---------------------------------------------
https://confluence.atlassian.com/jira/jira-service-desk-security-advisory-2019-11-06-979412717.html


∗∗∗ UniFi Video Server Privilege Escalation From user to SYSTEM via unauthenticated command execution ∗∗∗
---------------------------------------------
The vulnerability, or feature depending how you look at it, is the ability to execute commands using the evostream API interface that is exposed on localhost:7440.
---------------------------------------------
https://hackerone.com/reports/544928


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (ampache, chromium, djvulibre, firefox-esr, gdal, and ruby-haml), Fedora (chromium, file, gd, hostapd, nspr, and rssh), openSUSE (bcm20702a1-firmware, firefox, gdal, libtomcrypt, php7, python-ecdsa, python3, samba, and thunderbird), SUSE (apache2-mod_auth_openidc, libssh2_org, and rsyslog), and Ubuntu (bash).
---------------------------------------------
https://lwn.net/Articles/804325/


∗∗∗ Security Bulletin: IBM QRadar SIEM is vulnerable to multiple Kernel vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-multiple-kernel-vulnerabilities/


∗∗∗ Security Bulletin: IBM RackSwitch firmware products are affected by TCP denial of service vulnarabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-rackswitch-firmware-products-are-affected-by-tcp-denial-of-service-vulnarabilities/


∗∗∗ Security Bulletin: IBM Tivoli Netcool Impact is affected by an Apache Camel vulnerability (CVE-2019-0188) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tivoli-netcool-impact-is-affected-by-an-apache-camel-vulnerability-cve-2019-0188/


∗∗∗ Security Bulletin: Node.js lodash vulnerability affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) ( CVE-2019-10744) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-node-js-lodash-vulnerability-affects-ibm-spectrum-control-formerly-tivoli-storage-productivity-center-cve-2019-10744/


∗∗∗ Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerability in SQLite (CVE-2018-20346) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-flex-system-chassis-management-module-cmm-is-affected-by-vulnerability-in-sqlite-cve-2018-20346/


∗∗∗ Security Bulletin: IBM QRadar SIEM is vulnerable to Jetty Vulnerabilities (CVE-2017-7656, CVE-2017-7657, CVE-2017-7658, CVE-2018-12536) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-jetty-vulnerabilities-cve-2017-7656-cve-2017-7657-cve-2017-7658-cve-2018-12536/


∗∗∗ Security Bulletin: IBM Tivoli Netcool Impact is affected by an Apache Camel vulnerability (CVE-2019-0194) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tivoli-netcool-impact-is-affected-by-an-apache-camel-vulnerability-cve-2019-0194/


∗∗∗ Security Bulletin: IBM QRadar SIEM is vulnerable to cross site scripting (XSS) (CVE-2019-4470) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-cross-site-scripting-xss-cve-2019-4470/


∗∗∗ Security Bulletin: Multiple vulnerabilities in Python affect IBM i ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-python-affect-ibm-i/


∗∗∗ Security Bulletin: IBM QRadar SIEM is vulnerable to Intel Microarchitectural Data Sampling (MDS) Vulnerabilites ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-intel-microarchitectural-data-sampling-mds-vulnerabilites/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily