End-of-Day report
Timeframe: Mittwoch 03-04-2019 18:00 - Donnerstag 04-04-2019 18:00
Handler: Dimitri Robl
Co-Handler: Robert Waldner
News
Betrügerische Phishing-Mails sollen Willhaben-Login stehlen
Kriminelle geben sich als die Kleinanzeigenplattform Willhaben aus und versenden wahllos Phishing-Nachrichten. Willhaben-Nutzer/innen, die die Nachricht in ihrem Posteingang finden, werden über die erfolgreiche Veröffentlichung einer Anzeige für ein Apple Iphone Xs Max informiert. Betroffene dürfen den gefälschten Links in der Nachricht nicht folgen und keine Login-Daten eingeben, ansonsten verlieren sie ihr Willhaben-Konto an Kriminelle.
https://www.watchlist-internet.at/news/betruegerische-phishing-mails-sollen-willhaben-login-stehlen/
Vulnerabilities
FortiGuard/FortiOS: Unprivileged, authenticated user can change the routing settings
An external control of system vulnerability in FortiOS may allow an authenticated, regular user to change the routing settings of the device via connecting to the ZebOS component.
https://fortiguard.com/psirt/FG-IR-18-230
HPESBHF03912 rev.1 - Certain HPE Servers with a UEFI-based BIOS, Multiple Local Vulnerabilities
Security vulnerabilities in UEFI Open Source (EDK2)-based BIOS firmware may allow escalation of privilege, information disclosure or denial of service. Vendors are releasing firmware updates to mitigate these vulnerabilities.
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03912en_us
Security updates for Thursday
Security updates have been issued by Debian (apache2, golang, and putty), Gentoo (xen), and SUSE (clamav, SM3.1, and SMS3.1).
https://lwn.net/Articles/784917/
Cisco Small Business RV320 and RV325 Routers Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-info
Cisco Small Business RV320 and RV325 Routers Command Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-inject
Cisco Small Business RV320 and RV325 Routers Weak Credential Encryption Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190404-rv-weak-encrypt
Cisco Small Business RV320 and RV325 Routers Online Help Reflected Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190404-rv-xss
IBM Security Bulletin: IBM API Connect Developer Portal is by Cross Site Scripting(XSS) in Drupal core (CVE-2019-6341)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-developer-portal-is-by-cross-site-scriptingxss-in-drupal-core-cve-2019-6341/
IBM Security Bulletin: IBM API Connect Developer Portal is affected by multiple PHP vulnerabilities (CVE-2019-9641 CVE-2019-9637 CVE-2019-9639 CVE-2019-9638)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-developer-portal-is-affected-by-multiple-php-vulnerabilities-cve-2019-9641-cve-2019-9637-cve-2019-9639-cve-2019-9638/
IBM Security Bulletin: IBM API Connect Developer Portal is affected by a cross site scripting vulnerability in Drupal
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-developer-portal-is-affected-by-a-cross-site-scripting-vulnerability-in-drupal/
IBM Security Bulletin: API Connect V2018 is impacted by vulnerability in the Kubernetes API server (CVE-2019-1002100)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-api-connect-v2018-is-impacted-by-vulnerability-in-the-kubernetes-api-server-cve-2019-1002100/
IBM Security Bulletin: Spoofing vulnerability in IBM Business Automation Workflow (CVE-2019-4045)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-spoofing-vulnerability-in-ibm-business-automation-workflow-cve-2019-4045/
IBM Security Bulletin: Cross-site request forgery vulnerability in IBM Business Automation Workflow (CVE-2018-2000)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-cross-site-request-forgery-vulnerability-in-ibm-business-automation-workflow-cve-2018-2000/
IBM Security Bulletin: Information leakage in IBM Business Automation Workflow (CVE-2018-1999)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-information-leakage-in-ibm-business-automation-workflow-cve-2018-1999/
IBM Security Bulletin: Denial of service vulnerability in IBM Business Automation Workflow (CVE-2018-1997)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-denial-of-service-vulnerability-in-ibm-business-automation-workflow-cve-2018-1997/
IBM Security Bulletin: API Connect V2018 is impacted by sensitive information disclosure (CVE-2019-4051)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-api-connect-v2018-is-impacted-by-sensitive-information-disclosure-cve-2019-4051/
IBM Security Bulletin: External Service invocation in IBM Business Space affects IBM Business Automation Workflow and IBM Business Process Manager family products (CVE-2018-1885)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-external-service-invocation-in-ibm-business-space-affects-ibm-business-automation-workflow-and-ibm-business-process-manager-family-products-cve-2018-1885/