End-of-Day report
Timeframe: Montag 11-02-2019 18:00 - Dienstag 12-02-2019 18:00
Handler: Stephan Richter
Co-Handler: n/a
News
New Offensive USB Cable Allows Remote Attacks over WiFi
Like a scene from a James Bond or Mission Impossible movie, a new offensive USB cable plugged into a computer could allow attackers to execute commands over WiFi as if they were using the computers keyboard.
https://www.bleepingcomputer.com/news/security/new-offensive-usb-cable-allows-remote-attacks-over-wifi/
Runc: Sicherheitslücke ermöglicht Übernahme von Container-Host
Eine Sicherheitslücke ermöglicht es, dass Software aus einem Container ausbricht. Die Ausführungsumgebung Runc, mit der Container gestartet werden, kann überschrieben und so der Host übernommen werden. Docker und viele andere Lösungen sind verwundbar.
https://www.golem.de/news/runc-sicherheitsluecke-ermoeglicht-uebernahme-von-container-host-1902-139332-rss.html
Prozessor-Sicherheit: Intels sichere Software-Enklave SGX wurde geknackt
Die Forscher hinter Meltdown und Spectre können Intel Software Guard Extensions missbrauchen, um Schadcode vor dem Administrator des Systems zu verstecken.
http://heise.de/-4306965
Presseaussendung: Watchlist Internet warnt vor Identitätsdiebstahl mit Ausweiskopien
Die Watchlist Internet (www.watchlist-internet.at), Österreichs zentrale Informationsplattform zu Internet-Betrug und Online-Fallen, warnt vor vermehrtem Betrug mit Ausweiskopien. Kriminelle nutzen diesen Identitätsdiebstahl immer häufiger, um Straftaten in fremdem Namen zu begehen. Die Watchlist erklärt, wie Konsumenten dennoch Ausweiskopien bei seriösen Geschäften versenden können, ohne Betrügern in die Falle zu gehen.
https://www.watchlist-internet.at/presse/12022019-presseaussendung-watchlist-internet-warnt-vor-identitaetsdiebstahl-mit-ausweiskopien/
In eine Shopping-Falle getappt? Hier gibt-s nützliche Tipps!
Im Internet werben unzählige Shops, die angebliche Markenware zu sehr günstigen Preisen anbieten, um Kund/innen. Trotz .at- oder .de-Domains haben die Websites Ihren Sitz etwa in China. Die versendeten Waren sind gefälscht, qualitativ minderwertig und werden häufig vom Zoll beschlagnahmt. Zusätzlich gelangen Kriminelle an Kreditkartendaten ihrer Opfer.
https://www.watchlist-internet.at/news/in-eine-shopping-falle-getappt-hier-gibts-nuetzliche-tipps/
WordPress plugin flaw lets you take over entire sites
Vulnerability found in social sharing plugin named "Simple Social Buttons," installed on more than 40,000 WordPress sites.
https://www.zdnet.com/article/wordpress-plugin-flaw-lets-you-take-over-entire-sites/
Vulnerabilities
Security Bulletins Posted
Adobe has published security bulletins for Adobe Flash Player (APSB19-06), Adobe ColdFusion (APSB19-10), Adobe Acrobat and Reader (APSB19-07) and Adobe Creative Cloud Desktop Application (APSB19-11). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin.
https://blogs.adobe.com/psirt/?p=1705
Cisco Network Assurance Engine CLI Access with Default Password Vulnerability
A vulnerability in the management web interface of Cisco Network Assurance Engine (NAE) could allow an unauthenticated, local attacker to gain unauthorized access or cause a Denial of Service (DoS) condition on the server. The vulnerability is due to a fault in the password management system of NAE. An attacker could exploit this vulnerability by authenticating with the default administrator password via the CLI of an affected server.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190212-nae-dos
Joomla 3.9.3 Release
Joomla 3.9.3 is now available. This is a security fix release for the 3.x series of Joomla which addresses 6 security vulnerabilities and contains 30 bug fixes and improvements.
https://www.joomla.org/announcements/release-news/5756-joomla-3-9-3-release.html
Security updates for Tuesday
Security updates have been issued by Arch Linux (chromium, dovecot, firefox, and spice), Debian (curl, php5, rssh, and wordpress), Fedora (curl, ghostscript, mingw-libconfuse, and radvd), openSUSE (java-11-openjdk and python-urllib3), Red Hat (chromium-browser and kernel), and SUSE (etcd and kernel).
https://lwn.net/Articles/779543/
SAP Security Patch Day 2019
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943
ZDI-19-178: Cisco WebEx Recorder and Player asplayback Out-Of-Bounds Read Information Disclosure Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-19-178/
Linux kernel vulnerability CVE-2018-17972
https://support.f5.com/csp/article/K27673650
Siemens Security Advisories
https://new.siemens.com/global/en/products/services/cert.html#SecurityPublications
https://cert-portal.siemens.com/productcert/txt/ssa-505225.txt
https://cert-portal.siemens.com/productcert/txt/ssa-760124.txt
https://cert-portal.siemens.com/productcert/txt/ssa-104088.txt
https://cert-portal.siemens.com/productcert/txt/ssa-275839.txt
https://cert-portal.siemens.com/productcert/txt/ssa-284673.txt
https://cert-portal.siemens.com/productcert/txt/ssa-346262.txt
https://cert-portal.siemens.com/productcert/txt/ssa-179516.txt
https://cert-portal.siemens.com/productcert/txt/ssa-168644.txt
https://cert-portal.siemens.com/productcert/txt/ssa-268644.txt
https://cert-portal.siemens.com/productcert/txt/ssa-347726.txt
https://cert-portal.siemens.com/productcert/txt/ssb-439005.txt
https://cert-portal.siemens.com/productcert/txt/ssa-377318.txt
https://cert-portal.siemens.com/productcert/txt/ssa-579309.txt
https://cert-portal.siemens.com/productcert/txt/ssa-635129.txt
https://cert-portal.siemens.com/productcert/txt/ssa-845879.txt
https://cert-portal.siemens.com/productcert/txt/ssa-254686.txt
IBM Security Bulletin: A Security Vulnerability affects IBM Cloud Private Cloud Foundry (CVE-2018-15761)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-security-vulnerability-affects-ibm-cloud-private-cloud-foundry-cve-2018-15761/
IBM Security Bulletin: Multiple Vulnerabilities in Apache Tomcat affects IBM UrbanCode Deploy (CVE-2018-11784)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-apache-tomcat-affects-ibm-urbancode-deploy-cve-2018-11784/
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Netcool Agile Service Manager
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-netcool-agile-service-manager-2/
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Privileged Identity Manager
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-security-privileged-identity-manager/
IBM Security Bulletin: IBM Security Privileged Identity Manager is affected by multiple vulnerabilities(CVE-2016-10009, CVE-2016-6515, CVE-2016-6210, CVE-2017-6464, CVE-2017-6463)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-privileged-identity-manager-is-affected-by-multiple-vulnerabilitiescve-2016-10009-cve-2016-6515-cve-2016-6210-cve-2017-6464-cve-2017-6463/
IBM Security Bulletin: IBM Security Privileged Identity Manager is affected by multiple IBM WebSphere Application Server vulnerabilities(CVE-2017-1137, CVE-2018-1567, CVE-2017-1194)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-privileged-identity-manager-is-affected-by-multiple-ibm-websphere-application-server-vulnerabilitiescve-2017-1137-cve-2018-1567-cve-2017-1194/