End-of-Day report
Timeframe: Dienstag 30-04-2019 18:00 - Donnerstag 02-05-2019 18:00
Handler: Stephan Richter
Co-Handler: n/a
News
Phishing-Mail hat es auf Ihr Willhaben-Konto abgesehen
Erneut sind Phishing-Mails Krimineller im Umlauf. Die Mails erwecken den Anschein, von der Kleinanzeigenplattform Willhaben zu stammen und informieren über die Veröffentlichung einer Verkaufsanzeige für eine Samsung Waschmaschine. Empfänger/innen dürfen den Links in der Nachricht nicht folgen und keine Daten eingeben, ansonsten verlieren sie ihr Willhaben-Konto.
https://www.watchlist-internet.at/news/phishing-mail-hat-es-auf-ihr-willhaben-konto-abgesehen/
JavaScript card sniffing attacks spread to other e-commerce platforms
OpenCart, OSCommerce, WooCommerce, Shopify are also being targeted.
https://www.zdnet.com/article/javascript-card-sniffer-attacks-spread-to-other-e-commerce-platforms/
50,000 enterprise firms running SAP software vulnerable to attack
9 out of 10 SAP production systems are believed to be vulnerable to new exploits.
https://www.zdnet.com/article/50000-enterprise-firms-running-sap-software-vulnerable-to-attack/
Vulnerabilities
Sicherheitslücke: Treiberinstallation auf Dell-Laptops angreifbar
Eine auf Dell-Laptops vorinstallierte Windows-Software zur Installation von Treibern öffnet einen lokalen HTTP-Server. Ein Netzwerkangreifer kann das missbrauchen, um Schadsoftware zu installieren.
https://www.golem.de/news/sicherheitsluecke-treiberinstallation-auf-dell-laptops-angreifbar-1905-140995-rss.html
Rockwell Automation CompactLogix 5370
This advisory includes mitigations for uncontrolled resource consumption and stack-based buffer overflow vulnerabilities reported in Rockwell Automation-s CompactLogix 5370 controllers.
https://ics-cert.us-cert.gov/advisories/ICSA-19-120-01
Citrix SD-WAN Security Update
An information disclosure vulnerability has been identified in the Citrix SD-WAN Appliance. This vulnerability could allow an unauthenticated attacker to perform a man-in-the-middle attack against management traffic.
https://support.citrix.com/article/CTX247735
Jetzt patchen: Cisco schließt Lücken in zahlreichen Produkten
Es ist mal wieder so weit: Netzwerkausrüster Cisco hat zahlreiche Aktualisierungen veröffentlicht. Eine der gepatchten Lücken gilt als kritisch.
https://heise.de/-4411599
Security updates for Wednesday
Security updates have been issued by Fedora (libmediainfo, php-horde-horde, and php-horde-turba), SUSE (hostinfo, supportutils, libjpeg-turbo, and openssl), and Ubuntu (dovecot, libpng1.6, and memcached).
https://lwn.net/Articles/787232/
Security updates for Thursday
Security updates have been issued by Debian (proftpd-dfsg and signing-party), Fedora (php-horde-horde and php-horde-turba), and Ubuntu (php5).
https://lwn.net/Articles/787299/
Many Vulnerabilities Found in Wireless Presentation Devices
Researchers at Tenable have discovered a total of 15 vulnerabilities across eight wireless presentation systems, including flaws that can be exploited to remotely hack devices. read more
https://www.securityweek.com/many-vulnerabilities-found-wireless-presentation-devices
Vuln: Microsoft Visual Studio asm Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/108122
Vuln: Apache Archiva CVE-2019-0214 Arbitrary File Write Vulnerability
http://www.securityfocus.com/bid/108124
IBM Security Advisories
https://www.ibm.com/blogs/psirt/
Appliance mode vulnerability CVE-2019-6614
https://support.f5.com/csp/article/K46524395
CGNAT/PPTP vulnerability CVE-2019-6611
https://support.f5.com/csp/article/K47527163
DNS vulnerability CVE-2019-6612
https://support.f5.com/csp/article/K24401914
Appliance mode tmsh vulnerability CVE-2019-6615
https://support.f5.com/csp/article/K87659521
Appliance mode tmsh vulnerability CVE-2019-6616
https://support.f5.com/csp/article/K82814400
SNMP vulnerability CVE-2019-6613
https://support.f5.com/csp/article/K27400151
BIG-IP Resource Administrator vulnerability CVE-2019-6618
https://support.f5.com/csp/article/K07702240
BIG-IP Resource Administrator vulnerability CVE-2019-6617
https://support.f5.com/csp/article/K38941195
HTTP/2 ALPN vulnerability CVE-2019-6619
https://support.f5.com/csp/article/K94563344
NodeJS vulnerability CVE-2018-12120
https://support.f5.com/csp/article/K37111863