Tageszusammenfassung - 25.02.2019

End-of-Day report

Timeframe: Freitag 22-02-2019 18:00 - Montag 25-02-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter

News

Sicherheitslücken: PDF-Signaturen fälschen leicht gemacht

Signaturen von PDF-Dateien sind offenbar nicht besonders sicher: Einem Forscherteam der Uni Bochum gelang es, die Signaturprüfung in nahezu allen PDF-Programmen auszutricksen.

https://www.golem.de/news/sicherheitsluecken-pdf-signaturen-faelschen-leicht-gemacht-1902-139589-rss.html

---

How to Use an Audit Log to Practice WordPress Forensics

User accountability, improved security & forensics, adhering to compliance and easy troubleshooting are just a few of the benefits of keeping an activity log on your WordPress site.

https://www.htbridge.com/blog/benefits-activity-logs-wordpress-site.html

---

Geldwäsche durch Bewerbung bei nebenverdienst-jobs.de

Über diverse Job-Plattformen und Inseratsseiten locken Kriminelle Konsument/innen auf nebenverdienst-jobs.de. Job-Suchenden werden hier monatliche Überweisungen für das Eröffnen und Zurverfügungstellen eines Bankkontos versprochen. Interessent/innen dürfen sich keinesfalls bewerben, denn es handelt sich um eine Methode der Geldwäsche, durch die sich Konsument/innen unter Umständen strafbar machen.

https://www.watchlist-internet.at/news/geldwaesche-durch-bewerbung-bei-nebenverdienst-jobsde/

---

New browser attack lets hackers run bad code even after users leave a web page

MarioNet attack lets hackers create botnets from users browsers.

https://www.zdnet.com/article/new-browser-attack-lets-hackers-run-bad-code-even-after-users-leave-a-web-page/#ftag=RSSbaffb68

Vulnerabilities

SSA-844562: Multiple Vulnerabilities in Licensing Software for WinCC OA

Multiple vulnerabilities have been identified in the WibuKey Digital Rights Management (DRM) solution, which affect WinCC OA. Siemens recommends users to apply the updates to WibuKey Digital Rights Management (DRM) provided by WIBU SYSTEMS AG.

https://cert-portal.siemens.com/productcert/txt/ssa-844562.txt

---

Security updates for Monday

Security updates have been issued by Arch Linux (msmtp and python-mysql-connector), Debian (freedink-dfarc, rssh, sox, and waagent), Fedora (docker-latest, java-1.8.0-openjdk, koji, pagure, poppler, and spice), openSUSE (ansible, GraphicsMagick, mosquitto, pspp, spread-sheet-widget, and python-python-gnupg), Red Hat (chromium-browser), Slackware (file), SUSE (kernel, python-Django, qemu, and thunderbird), and Ubuntu (bind9).

https://lwn.net/Articles/780692/

---

SA-CORE-2019-003 Notice of increased risk and Additional exploit path - PSA-2019-02-22

[...] This Public Service Announcement is a follow-up to SA-CORE-2019-003. This is not an announcement of a new vulnerability. If you have not updated your site as described in SA-CORE-2019-003 you should do that now. There are public exploits now available for this SA.

https://www.drupal.org/psa-2019-02-22

---

PHP: Mehrere Schwachstellen

http://www.cert-bund.de/advisoryshort/CB-K19-0166

---

IBM Security Bulletin: BigFix deployments with internet-facing relays that are not configured as authenticating are prone to security threats (CVE-2019-4061)

https://www.ibm.com/blogs/psirt/ibm-security-bulletin-bigfix-deployments-with-internet-facing-relays-that-are-not-configured-as-authenticating-are-prone-to-security-threats-cve-2019-4061/

---

IBM Security Bulletin: Multiple vulnerabilities affect IBM Cloud Object Storage SDK Java (Feb 2019)

https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-affect-ibm-cloud-object-storage-sdk-java-feb-2019/

---

IBM Security Bulletin: Financial Transaction Manager for Corporate Payment Services for Multi-Platform v2.1.1 is affected by a potential directory listing of internal product files vulnerability (CVE-2018-2026)

https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction-manager-for-corporate-payment-services-for-multi-platform-v2-1-1-is-affected-by-a-potential-directory-listing-of-internal-product-files-vulnerability-cve/

---

IBM Security Bulletin: Financial Transaction Manager for Corporate Payment Services for Multi-Platform v2.1.1 is affected by a potential SQL Injection vulnerability CVE-2018-1819

https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction-manager-for-corporate-payment-services-for-multi-platform-v2-1-1-is-affected-by-a-potential-sql-injection-vulnerability-cve-2018-1819/

---

IBM Security Bulletin: Financial Transaction Manager for Corporate Payment Services 2.1.1: Information Leakage in configuration listing (CVE-2018-1670)

https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction-manager-for-corporate-payment-services-2-1-1-information-leakage-in-configuration-listing-cve-2018-1670/

---

IBM Security Bulletin: Vulnerability in Apache Tomcat affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( CVE-2018-11784)

https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-apache-tomcat-affects-ibm-san-volume-controller-ibm-storwize-ibm-spectrum-virtualize-and-ibm-flashsystem-products-cve-2018-11784/

---

IBM Security Bulletin: Vulnerability in OpenSLP affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( CVE-2017-17833)

https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-openslp-affects-ibm-san-volume-controller-ibm-storwize-ibm-spectrum-virtualize-and-ibm-flashsystem-products-cve-2017-17833/

---

IBM Security Bulletin: Vulnerability in Service Assistant affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (CVE-2018-1775)

https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-service-assistant-affects-ibm-san-volume-controller-ibm-storwize-ibm-spectrum-virtualize-and-ibm-flashsystem-products-cve-2018-1775/

---

IBM Security Bulletin: Multiple vulnerabilities in the Linux kernel affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-the-linux-kernel-affect-ibm-san-volume-controller-ibm-storwize-ibm-spectrum-virtualize-and-ibm-flashsystem-products/

---

IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-san-volume-controller-ibm-storwize-ibm-spectrum-virtualize-and-ibm-flashsystem-products/

---

IBM Security Bulletin: Vulnerability in DHCP affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (CVE-2018-5732)

https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-dhcp-affects-ibm-san-volume-controller-ibm-storwize-ibm-spectrum-virtualize-and-ibm-flashsystem-products-cve-2018-5732/