Tageszusammenfassung - 14.03.2019

End-of-Day report

Timeframe: Mittwoch 13-03-2019 18:00 - Donnerstag 14-03-2019 18:00 Handler: Stephan Richter Co-Handler: n/a


Sicherheitslücke: Schadcode per Wordpress-Kommentar

Gleich mehrere Sicherheitslücken kombinierte ein Sicherheitsforscher, um Schadcode in Wordpress ausführen zu können. Die Wordpress-Standardeinstellungen und ein angemeldeter Administrator reichten als Voraussetzung.


GlitchPOS Malware Appears to Steal Credit-Card Numbers

A new malware targeting point of sale systems, GlitchPOS, has been spotted on a crimeware forum.


Further attack surface of Wordpress PHAR injection

In August 2018, Sam Thomas presented a new vulnerability of Wordpress at Black Hat USA 2018. The PHP object injection vulnerability is not new, but the way attacker can trigger this error is worth mentioning. In this article, I will go over the detail of this exploit and inspect further impact of this vulnerability to the Wordpress community. A list of more than 300 Wordpress plugins that could be used to exploit this bug is also included.


Jetzt updaten: Cisco patcht gegen eine von zwei Remote-Attacken

Zwei Cisco-Produkte sind aus der Ferne angreifbar. Updates gibt es aber wohl nur für Common Services Platform Collector - das IP-Telefon SPA514G ist zu alt.


Viele Intel-Rechner brauchen wieder BIOS-Updates

Gleich 17 neue Firmware-Sicherheitslücken meldet Intel, die sich allerdings auf mehrere Systeme verteilen und nur lokal am Rechner nutzbar sind.


Multiple Security Flaws Discovered in Visitor Management Systems

Vulnerabilities discovered by IBM security researchers in five different visitor management systems could be abused for data exfiltration or for access to the underlying machines.


Netflix-Phishing-Mail im Umlauf

Netflix Nutzer/innen aufgepasst: Momentan sind wieder Phishing-Mails im Umlauf. Betrüger/innen fordern Sie im Namen von Netflix auf, Ihre Kontoinformationen zu überprüfen. Klicken Sie auf den Button in der E-Mail, werden Sie auf eine betrügerische Seite weitergeleitet. Folgen Sie den Anweisungen, erspähen Kriminelle Ihre Zugangs- und Kreditkartendaten.


Magecart Isn't Just a Security Problem; It's Also a Business Problem

Magecart is more than just a security problem-it's also a business problem. When threat actors breached British Airways in September resulting in the compromise of thousands of customers- credit cards, the world got a look at what the fallout of a modern security breach looks like. Immediately afterward, a law firm launched a £500 million[...]


New BitLocker attack puts laptops storing sensitive data at risk

New Zealand security researcher details never-before-seen attack for recovering BitLocker keys.



Gemalto Sentinel UltraPro

This advisory includes mitigations for an uncontrolled search path element in Gemaltos Sentinel UltraPro encryption keys.



This advisory includes mitigations for a path traversal vulnerability in PEPPERL+FUCHS WirelessHART-Gateways network products.


Video - Critical - Remote Code Execution - SA-CONTRIB-2019-037

Project: Video Date: 2019-March-13 Security risk: Critical 19-25 AC:None/A:Admin/CI:All/II:All/E:Theoretical/TD:All Vulnerability: Remote Code Execution Description: This module provides a field where editors can add videos to their content and this module offers functionality to transcode these videos to different sizes and formats.The module doesnt sufficiently sanitize some user input on administrative forms.


Security updates for Thursday

Security updates have been issued by Arch Linux (chromium), Debian (libsdl1.2 and libsdl2), Fedora (firefox), Gentoo (bind, glibc, openssl, oracle-jdk-bin, webkit-gtk, and xrootd), Mageia (kernel), openSUSE (freerdp, mariadb, and obs-service-tar_scm), Oracle (openssl), Red Hat (kernel, kernel-rt, openstack-ceilometer, openstack-octavia, and tomcat), Scientific Linux (cockpit, openssl, and tomcat), and SUSE (java-1_7_1-ibm and mariadb).


BlackBerry powered by Android Security Bulletin - March 2019


Ruby on Rails: Mehrere Schwachstellen


IBM Security Bulletin: IBM® Db2® is vulnerable to privilege escalation via loading libraries from an untrusted path (CVE-2019-4094).


IBM Security Bulletin: Security vulnerability in the IBM HTTP Server (CVE-2018-17199)


IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Cloud Transformation Advisor


IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Tivoli Netcool Configuration Manager (CVE-2018-3180, CVE-2018-3139)
