End-of-Day report
Timeframe: Mittwoch 13-11-2019 18:00 - Donnerstag 14-11-2019 18:00
Handler: Robert Waldner
Co-Handler: n/a
News
Researchers Find Bug in Qualcomm Code for Trusted App
Researchers stressing the code related to Qualcomms implementation of the secure execution area on mobile devices found a new vulnerability that could allow access to critical data.
https://www.bleepingcomputer.com/news/security/researchers-find-bug-in-qualcomm-code-for-trusted-app/
NCSC-NZ Cyber threat report for 2018/19 released
The National Cyber Security Centre, (NCSC) has released its Cyber Threat Report for the 2018/19 reporting year.
https://www.ncsc.govt.nz/newsroom/cyber-threat-report-for-201819-released/
Windows & Linux get options to disable Intel TSX to prevent Zombieload v2 attacks
Disclosure of new Zombieload v2 vulnerability prompts OS makers to react with ways to disable Intels TSX technology.
https://www.zdnet.com/article/windows-linux-get-options-to-disable-intel-tsx-to-prevent-zombieload-v2-attacks/
Vulnerabilities
Symantec Fixes Privilege Escalation Flaw in Endpoint Protection
Symantec fixed a local privilege escalation security flaw affecting all Symantec Endpoint Protection software versions prior to 14.2 RU2, and allowing attackers to escalate privileges on compromised devices and execute malicious code using SYSTEM privileges.
https://www.bleepingcomputer.com/news/security/symantec-fixes-privilege-escalation-flaw-in-endpoint-protection/
Security updates for Thursday
Security updates have been issued by Arch Linux (kernel, linux-lts, and linux-zen), CentOS (kernel, sudo, and thunderbird), Debian (linux-4.9), Fedora (samba), openSUSE (apache2-mod_auth_openidc, kernel, qemu, rsyslog, and ucode-intel), Oracle (kernel), Red Hat (kernel and kernel-rt), Scientific Linux (kernel), SUSE (kernel and microcode_ctl), and Ubuntu (kernel, libjpeg-turbo, linux, linux-hwe, linux-oem, linux, linux-hwe, linux-oem-osp1, and qemu).
https://lwn.net/Articles/804775/
Movable Type vulnerable to open redirect
https://jvn.jp/en/jp/JVN65280626/
Security Bulletin: IBM Security Guardium is affected by an OpenSSL vulnerability
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-openssl-vulnerability-2/
Security Bulletin: IBM Security Guardium is affected by an Oracle MySQL vulnerabilities
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-oracle-mysql-vulnerabilities/
Security Bulletin: IBM Security Guardium is affected by an OpenSSL vulnerability
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-openssl-vulnerability/
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Netcool Impact
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-tivoli-netcool-impact/
bzip2 vulnerability CVE-2019-12900
https://support.f5.com/csp/article/K68713584
lodash library vulnerability CVE-2019-10744
https://support.f5.com/csp/article/K47105354