End-of-Day report
Timeframe: Freitag 12-04-2019 18:00 - Montag 15-04-2019 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
News
Hackers could read non-corporate Outlook.com, Hotmail for six months
Hackers and Microsoft seem to disagree on key details of the hack.
https://arstechnica.com/?p=1491071
Sicherheitslücken und mangelnder Datenschutz: Microsoft patzt bei Office 365
Viele Unternehmen sind bereits auf Office 365 umgestiegen. Doch Microsoft schlampt beim Datenschutz und hält sich nicht an Sicherheitsstandards.
http://heise.de/-4398584
Vulnerability Spotlight: Multiple vulnerabilities in Shimo VPNs helper tool
Discovered by Tyler Bohan of Cisco Talos.OverviewCisco Talos is disclosing a series of vulnerabilities found in the Shimo VPN Helper Tool. Shimo VPN is a popular VPN client for MacOS that can be used to connect multiple VPN accounts to one application. These specific vulnerabilities were found in the "helper tool", a feature that Shimo VPN uses to accomplish some of its privileged work.These vulnerabilities are being released without a patch, per our disclosure policy, after [...]
https://blog.talosintelligence.com/2019/04/vulnerability-spotlight-multiple.html
Tic Toc Pwned
We were recently tipped off that the Australian Tic Toc Track watch was almost undoubtedly just a version of the Gator kids GPS tracking watch. That's the tracker watch which leaked real time kids position data to anyone, it also allowed anyone to silently listen to children through the watch. Creepy! It all started with [...]
https://www.pentestpartners.com/security-blog/tic-toc-pwned/
Vulnerabilities
Security updates for Monday
Security updates have been issued by Debian (graphicsmagick, jasper, and libssh2), Fedora (kernel, kernel-headers, kernel-tools, nodejs-simple-markdown, and php), openSUSE (netpbm and xen), and SUSE (audiofile, firefox, java-1_7_0-openjdk, libvirt, openssh, and systemd).
https://lwn.net/Articles/786031/
Security Advisory - Digital Signature Verification Bypass Vulnerability in Some Huawei Routers
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190320-01-ar-en
IBM Security Bulletin: Vulnerability CVE-2019-3880 in Samba affects IBM i
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-cve-2019-3880-in-samba-affects-ibm-i/
IBM Security Bulletin: Security vulnerabilities in IBM SDK for Node.js might affect the configuration editor used by IBM Business Automation Workflow and IBM Business Process Manager (BPM)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilities-in-ibm-sdk-for-node-js-might-affect-the-configuration-editor-used-by-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm/
IBM Security Bulletin: A vulnerability in IBM WebSphere Application Server affects IBM Spectrum Scale packaged in IBM Elastic Storage Server (CVE-2018-10237)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ibm-websphere-application-server-affects-ibm-spectrum-scale-packaged-in-ibm-elastic-storage-server-cve-2018-10237/
IBM Security Bulletin: IBM Algo Credit Manager Is Affected by a Denial of Service Vulnerability in WebSphere Liberty
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-algo-credit-manager-is-affected-by-a-denial-of-service-vulnerability-in-websphere-liberty/
IBM Security Bulletin: A vulnerability in IBM Java SDK affects IBM Spectrum Scale packaged in IBM Elastic Storage Server (CVE-2018-3180)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ibm-java-sdk-affects-ibm-spectrum-scale-packaged-in-ibm-elastic-storage-server-cve-2018-3180/