[CERT-daily] Tageszusammenfassung - 14.11.2019

Daily end-of-shift report team at cert.at
Thu Nov 14 18:04:18 CET 2019 

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 13-11-2019 18:00 − Donnerstag 14-11-2019 18:00
Handler:     Robert Waldner
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Researchers Find Bug in Qualcomm Code for Trusted App ∗∗∗
---------------------------------------------
Researchers stressing the code related to Qualcomms implementation of the secure execution area on mobile devices found a new vulnerability that could allow access to critical data.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/researchers-find-bug-in-qualcomm-code-for-trusted-app/


∗∗∗ NCSC-NZ Cyber threat report for 2018/19 released ∗∗∗
---------------------------------------------
The National Cyber Security Centre, (NCSC) has released its Cyber Threat Report for the 2018/19 reporting year.
---------------------------------------------
https://www.ncsc.govt.nz/newsroom/cyber-threat-report-for-201819-released/


∗∗∗ Windows & Linux get options to disable Intel TSX to prevent Zombieload v2 attacks ∗∗∗
---------------------------------------------
Disclosure of new Zombieload v2 vulnerability prompts OS makers to react with ways to disable Intels TSX technology.
---------------------------------------------
https://www.zdnet.com/article/windows-linux-get-options-to-disable-intel-tsx-to-prevent-zombieload-v2-attacks/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Symantec Fixes Privilege Escalation Flaw in Endpoint Protection ∗∗∗
---------------------------------------------
Symantec fixed a local privilege escalation security flaw affecting all Symantec Endpoint Protection software versions prior to 14.2 RU2, and allowing attackers to escalate privileges on compromised devices and execute malicious code using SYSTEM privileges.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/symantec-fixes-privilege-escalation-flaw-in-endpoint-protection/


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (kernel, linux-lts, and linux-zen), CentOS (kernel, sudo, and thunderbird), Debian (linux-4.9), Fedora (samba), openSUSE (apache2-mod_auth_openidc, kernel, qemu, rsyslog, and ucode-intel), Oracle (kernel), Red Hat (kernel and kernel-rt), Scientific Linux (kernel), SUSE (kernel and microcode_ctl), and Ubuntu (kernel, libjpeg-turbo, linux, linux-hwe, linux-oem, linux, linux-hwe, linux-oem-osp1, and qemu).
---------------------------------------------
https://lwn.net/Articles/804775/


∗∗∗ Movable Type vulnerable to open redirect ∗∗∗
---------------------------------------------
https://jvn.jp/en/jp/JVN65280626/


∗∗∗ Security Bulletin: IBM Security Guardium is affected by an OpenSSL vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-openssl-vulnerability-2/


∗∗∗ Security Bulletin: IBM Security Guardium is affected by an Oracle MySQL vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-oracle-mysql-vulnerabilities/


∗∗∗ Security Bulletin: IBM Security Guardium is affected by an OpenSSL vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-openssl-vulnerability/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Netcool Impact ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-tivoli-netcool-impact/


∗∗∗ bzip2 vulnerability CVE-2019-12900 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K68713584


∗∗∗ lodash library vulnerability CVE-2019-10744 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K47105354

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

More information about the Daily mailing list