End-of-Day report
Timeframe: Freitag 25-01-2019 18:00 - Montag 28-01-2019 18:00
Handler: Stephan Richter
Co-Handler: n/a
News
Datenbank: Lange bekannte MySQL-Lücke führt zu Angriffen
Das MySQL-Protokoll erlaubt es Servern, Daten des Clients auszulesen. Offenbar nutzte die kriminelle Gruppe Magecart dies zuletzt, um mit dem PHP-Datenbankfrontend Adminer Systeme anzugreifen. Auch PhpMyAdmin ist verwundbar. (MySQL, PHP)
https://www.golem.de/news/datenbank-lange-bekannte-mysql-luecke-fuehrt-zu-angriffen-1901-138999-rss.html
LabKey Vulnerabilities Threaten Medical Research Data
LabKey Server version 18.3.0-61806.763, released on January 16, patches all three issues, so users should update as soon as possible.
https://threatpost.com/labkey-vulnerabilities-medical-research/141200/
NumPy Is Awaiting Fix for Critical Remote Code Execution Bug
The current version of the popular NumPy library relies on unsafe default usage of a Python module that could lead to remote code execution in the context of the affected application.
https://www.bleepingcomputer.com/news/security/numpy-is-awaiting-fix-for-critical-remote-code-execution-bug/
Jetzt patchen! Angreifer machen Jagd auf Cisco-Router
Sicherheitsforscher beobachten vermehrte Scans nach verwundbaren Routern von Cisco. Patches stehen zum Download bereit.
http://heise.de/-4289149
Vulnerability Spotlight: Multiple WIBU SYSTEMS WubiKey vulnerabilities
Cisco Talos discovered two vulnerabilities that could allow remote code execution and memory disclosure at the kernel level in WIBU-SYSTEMS WibuKey. WibuKey is a USB key designed to protect software and intellectual properties. It allows the users to manage software license via USB key. A third vulnerability is located in userland and can be triggered remotely, as its located in the network [...]
https://blog.talosintelligence.com/2019/01/multiple-wibu-system-vulnerabilities.html
Warnung vor software-outlet24.de
Auf software-outlet24.de werden Microsoft Office Pakete sowie Windows 10 und Windows 7 Produkt-Keys angeboten. Die Preise sind sehr günstig und laden zu einem schnellen Kauf ein. Zahlreiche Konsument/innen berichten uns von ausbleibenden Lieferungen und fehlender Rückerstattung.
https://www.watchlist-internet.at/news/warnung-vor-software-outlet24de/
WordPress sites under attack via zero-day in abandoned plugin
Developers of Total Donations plugin have gone missing, leaving former customers open to attacks.
https://www.zdnet.com/article/wordpress-sites-under-attack-via-zero-day-in-abandoned-plugin/
Vulnerabilities
Symantec Ghost Solution Suite DLL Hijack
Symantec Ghost Solution Suite (GSS) may be susceptible to a DLL hijacking vulnerability, which is a type of issue whereby a potential attacker attempts to execute unexpected code on your machine. This occurs via placement of a potentially foreign file (DLL) that the attacker then attempts to run via a linked application.
https://support.symantec.com/en_US/article.SYMSA1474.html
Security updates for Monday
Security updates have been issued by Arch Linux (apache, go, haproxy, matrix-synapse, nasm, and powerdns-recursor), Debian (coturn, ghostscript, krb5, policykit-1, and qtbase-opensource-src), Fedora (wireshark), openSUSE (nodejs4, nodejs8, openssh, PackageKit, and wireshark), Oracle (qemu and thunderbird), Scientific Linux (thunderbird), and SUSE (avahi, krb5, and python-paramiko).
https://lwn.net/Articles/777688/
Security Advisory - Memory Double Free Vulnerability in Image Processing Module of Some Huawei Smart Phones
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190128-01-ivp-en
IBM Security Bulletin: API Connect V5 is impacted by sensitive information disclosure via a REST API (CVE-2018-1976)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-api-connect-v5-is-impacted-by-sensitive-information-disclosure-via-a-rest-api-cve-2018-1976/
IBM Security Bulletin: Security Bulletin: Vulnerability in IBM Java SDK affects IBM Developer for z Systems (CVE-2018-3180)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-bulletin-vulnerability-in-ibm-java-sdk-affects-ibm-developer-for-z-systems-cve-2018-3180/
phpMyAdmin: Mehrere Schwachstellen
http://www.cert-bund.de/advisoryshort/CB-K19-0089