End-of-Day report
Timeframe: Freitag 08-11-2019 18:00 - Montag 11-11-2019 18:00
Handler: Robert Waldner
Co-Handler: n/a
News
DDoS attacks in Q3 2019
Statistically, Q3 2019 differs little from Q2. In terms of geographical distribution of attacks and targets, we saw a continuation of the now familiar trend of unexpected guests appearing, only to drop out the next quarter.
https://securelist.com/ddos-report-q3-2019/94958/
Vulnerable Versions of Adminer as a Universal Infection Vector
This past week, we-ve been monitoring a new wave of website infections mostly impacting WordPress and Magento websites. We found that hackers have been injecting scripts from scripts.trasnaltemyrecords[.]com into multiple files and database tables. This is still the same ongoing campaign that we-ve been following for the past few years, where site visitors are redirected to various kinds of scam landing pages-including tech support scams, fake lottery wins, and malicious [...]
https://blog.sucuri.net/2019/11/vulnerable-versions-of-adminer-as-a-universal-infection-vector.html
Ring Video Doorbell Pro: Mitteilsame IoT-Türklingel verriet WLAN-Zugangsdaten
Eine Klingel, die Besucher sicht- und hörbar macht, hätte Angreifern unbemerkt vollen WLAN-Zugriff verschaffen können. Automatische Updates wurden verteilt.
https://heise.de/-4583764
Sofortübersetzer von Muama Enence hält nicht, was er verspricht
Ein Gerät, das 32 Sprachen unmittelbar übersetzt und Verständigungsprobleme im Urlaub oder bei Geschäftstätigkeiten beseitigt, klingt erstmal hervorragend! Dies verspricht die UAB Ekomlita mit dem MUAMA Enence Instant Translator. Doch Vorsicht: Hier werden mitunter wichtige Informationen zum Produkt verheimlicht, es kommt zu groben Problemen beim Rücktritt und wir hegen Bedenken zum Datenschutz!
https://www.watchlist-internet.at/news/sofortuebersetzer-von-muama-enence-haelt-nicht-was-er-verspricht/
Apples Siri unterwandert E-Mail-Verschlüsselung
Nachrichten werden unter macOS im Klartext lokal gespeichert - Fehlerbereinigung laut Apple in Arbeit
https://www.derstandard.at/story/2000110928043/apples-siri-unterwandert-e-mail-verschluesselung
Vulnerabilities
Jira Service Desk Security Advisory 2019-11-06
CVE-2019-15003 - Authorization bypass allows information disclosure CVE-2019-15004 - URL path traversal allows information disclosure
https://confluence.atlassian.com/jira/jira-service-desk-security-advisory-2019-11-06-979412717.html
UniFi Video Server Privilege Escalation From user to SYSTEM via unauthenticated command execution
The vulnerability, or feature depending how you look at it, is the ability to execute commands using the evostream API interface that is exposed on localhost:7440.
https://hackerone.com/reports/544928
Security updates for Monday
Security updates have been issued by Debian (ampache, chromium, djvulibre, firefox-esr, gdal, and ruby-haml), Fedora (chromium, file, gd, hostapd, nspr, and rssh), openSUSE (bcm20702a1-firmware, firefox, gdal, libtomcrypt, php7, python-ecdsa, python3, samba, and thunderbird), SUSE (apache2-mod_auth_openidc, libssh2_org, and rsyslog), and Ubuntu (bash).
https://lwn.net/Articles/804325/
Security Bulletin: IBM QRadar SIEM is vulnerable to multiple Kernel vulnerabilities
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-multiple-kernel-vulnerabilities/
Security Bulletin: IBM RackSwitch firmware products are affected by TCP denial of service vulnarabilities
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-rackswitch-firmware-products-are-affected-by-tcp-denial-of-service-vulnarabilities/
Security Bulletin: IBM Tivoli Netcool Impact is affected by an Apache Camel vulnerability (CVE-2019-0188)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tivoli-netcool-impact-is-affected-by-an-apache-camel-vulnerability-cve-2019-0188/
Security Bulletin: Node.js lodash vulnerability affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) ( CVE-2019-10744)
https://www.ibm.com/blogs/psirt/security-bulletin-node-js-lodash-vulnerability-affects-ibm-spectrum-control-formerly-tivoli-storage-productivity-center-cve-2019-10744/
Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerability in SQLite (CVE-2018-20346)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-flex-system-chassis-management-module-cmm-is-affected-by-vulnerability-in-sqlite-cve-2018-20346/
Security Bulletin: IBM QRadar SIEM is vulnerable to Jetty Vulnerabilities (CVE-2017-7656, CVE-2017-7657, CVE-2017-7658, CVE-2018-12536)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-jetty-vulnerabilities-cve-2017-7656-cve-2017-7657-cve-2017-7658-cve-2018-12536/
Security Bulletin: IBM Tivoli Netcool Impact is affected by an Apache Camel vulnerability (CVE-2019-0194)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tivoli-netcool-impact-is-affected-by-an-apache-camel-vulnerability-cve-2019-0194/
Security Bulletin: IBM QRadar SIEM is vulnerable to cross site scripting (XSS) (CVE-2019-4470)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-cross-site-scripting-xss-cve-2019-4470/
Security Bulletin: Multiple vulnerabilities in Python affect IBM i
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-python-affect-ibm-i/
Security Bulletin: IBM QRadar SIEM is vulnerable to Intel Microarchitectural Data Sampling (MDS) Vulnerabilites
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-intel-microarchitectural-data-sampling-mds-vulnerabilites/