End-of-Day report
Timeframe: Mittwoch 27-11-2019 18:00 - Donnerstag 28-11-2019 18:00
Handler: Robert Waldner
Co-Handler: n/a
News
Video: Abo-Falle Streaming-Plattformen
Streaming-Plattformen werben mit einer kostenlosen Registrierung. Nach fünf Tagen verlangen sie von BenutzerInnen für einen Premium-Status 358,80 Euro, 359,88 Euro bzw. 395,88 Euro. Für die Bezahlung der Rechnung gibt es keinen Grund.
https://www.watchlist-internet.at/news/video-abo-falle-streaming-plattformen/
Adobe discloses security breach impacting Magento Marketplace users
Security breach was detected last week and traced back to a vulnerability in the Magento Marketplace website.
https://www.zdnet.com/article/adobe-discloses-security-breach-impacting-magento-marketplace-users/
Vulnerabilities
BlackBerry Powered by Android Security Bulletin - November 2019
BlackBerry has released a security update to address multiple vulnerabilities in BlackBerry powered by Android smartphones. We recommend users update to the latest available software build.
http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000059568
DSA-4577 haproxy - security update
Tim Düsterhus discovered that haproxy, a TCP/HTTP reverse proxy, didnot properly sanitize HTTP headers when converting from HTTP/2 toHTTP/1. This would allow a remote user to perform CRLF injections.
https://www.debian.org/security/2019/dsa-4577
QNAP NAS: Hersteller fixt unter anderem kritische Schwachstelle in Photo Station
QTS-Updates beseitigen zahlreiche Angriffsmöglichkeiten aus der Ferne.
https://heise.de/-4598238
Security updates for (US) Thanksgiving
Security updates have been issued by Debian (haproxy and libvorbis), Fedora (mod_auth_mellon and xen), Oracle (389-ds-base, kernel, and tcpdump), SUSE (bsdtar, java-11-openjdk, java-1_7_0-openjdk, and libxml2), and Ubuntu (nss and python-psutil).
https://lwn.net/Articles/805777/
WordPress Plugin "WP Spell Check" vulnerable to cross-site request forgery
https://jvn.jp/en/jp/JVN26838191/
Security Bulletin: IBM Security QRadar Packet Capture is vulnerable to Using Components with Known Vulnerabilities
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-qradar-packet-capture-is-vulnerable-to-using-components-with-known-vulnerabilities/