[CERT-daily] Tageszusammenfassung - 28.11.2019
Daily end-of-shift report
team at cert.at
Thu Nov 28 18:48:37 CET 2019
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 27-11-2019 18:00 − Donnerstag 28-11-2019 18:00
Handler: Robert Waldner
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Video: Abo-Falle Streaming-Plattformen ∗∗∗
---------------------------------------------
Streaming-Plattformen werben mit einer kostenlosen Registrierung. Nach fünf Tagen verlangen sie von BenutzerInnen für einen Premium-Status 358,80 Euro, 359,88 Euro bzw. 395,88 Euro. Für die Bezahlung der Rechnung gibt es keinen Grund.
---------------------------------------------
https://www.watchlist-internet.at/news/video-abo-falle-streaming-plattformen/
∗∗∗ Adobe discloses security breach impacting Magento Marketplace users ∗∗∗
---------------------------------------------
Security breach was detected last week and traced back to a vulnerability in the Magento Marketplace website.
---------------------------------------------
https://www.zdnet.com/article/adobe-discloses-security-breach-impacting-magento-marketplace-users/
=====================
= Vulnerabilities =
=====================
∗∗∗ BlackBerry Powered by Android Security Bulletin - November 2019 ∗∗∗
---------------------------------------------
BlackBerry has released a security update to address multiple vulnerabilities in BlackBerry powered by Android smartphones. We recommend users update to the latest available software build.
---------------------------------------------
http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000059568
∗∗∗ DSA-4577 haproxy - security update ∗∗∗
---------------------------------------------
Tim Düsterhus discovered that haproxy, a TCP/HTTP reverse proxy, didnot properly sanitize HTTP headers when converting from HTTP/2 toHTTP/1. This would allow a remote user to perform CRLF injections.
---------------------------------------------
https://www.debian.org/security/2019/dsa-4577
∗∗∗ QNAP NAS: Hersteller fixt unter anderem kritische Schwachstelle in Photo Station ∗∗∗
---------------------------------------------
QTS-Updates beseitigen zahlreiche Angriffsmöglichkeiten aus der Ferne.
---------------------------------------------
https://heise.de/-4598238
∗∗∗ Security updates for (US) Thanksgiving ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (haproxy and libvorbis), Fedora (mod_auth_mellon and xen), Oracle (389-ds-base, kernel, and tcpdump), SUSE (bsdtar, java-11-openjdk, java-1_7_0-openjdk, and libxml2), and Ubuntu (nss and python-psutil).
---------------------------------------------
https://lwn.net/Articles/805777/
∗∗∗ WordPress Plugin "WP Spell Check" vulnerable to cross-site request forgery ∗∗∗
---------------------------------------------
https://jvn.jp/en/jp/JVN26838191/
∗∗∗ Security Bulletin: IBM Security QRadar Packet Capture is vulnerable to Using Components with Known Vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-qradar-packet-capture-is-vulnerable-to-using-components-with-known-vulnerabilities/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list