End-of-Day report
Timeframe: Freitag 03-05-2019 18:00 - Montag 06-05-2019 18:00
Handler: Dimitri Robl
Co-Handler: Stephan Richter
News
Cronjob Backdoors
Attackers commonly rely on backdoors to easily gain reentry and maintain control over a website. They also use PHP functions to further deepen the level of their backdoors. A good example of this is the shell_exec function which allows plain shell commands to be run directly through the web application, providing attackers with an increased level of control over the environment.
https://blog.sucuri.net/2019/05/cronjob-backdoors.html
WLAN-Presenter-Systeme mit kritischen Sicherheitslücken
WLAN-Gateways, die in vielen Meeting-Räumen das kabellose Anzeigen von Folien ermöglichen, lassen sich kapern und mit Schadcode verseuchen.
https://heise.de/-4413258
Erpressungswelle zielt auf öffentliche Git-Repositorys
Seit einigen Tagen haben Erpresser zahlreiche Repositorys bei GitHub, GitLab und BitBucket gelöscht und fordern Bitcoins für die Wiederherstellung.
https://heise.de/-4413576
Betrügerische Job-Angebote verführen zur Geldwäsche
Auf der Suche nach dem neuen Job stoßen Konsument/innen häufig auf betrügerische Angebote, bei denen die Aufgabe aus der Weiterleitung von Geldbeträgen besteht. Nicht immer ist dies bereits in der entsprechenden Jobausschreibung erkennbar. So geschehen auch auf der von Kriminellen übernommenen Website bulldozer-sprachschule.at, wo Bewerber/innen zur Geldwäsche aufgefordert wurden.
https://www.watchlist-internet.at/news/betruegerische-job-angebote-verfuehren-zur-geldwaesche/
Vulnerabilities
High-Severity PrinterLogic Flaws Enable Remote Code Execution
The three flaws enable an unauthenticated attacker to launch remote code execution attacks on printers.
https://threatpost.com/printerlogic-remote-code-execution/144383/
Security updates for Monday
Security updates have been issued by Debian (jquery, librecad, and phpbb3), Fedora (bubblewrap, java-11-openjdk, libvirt, openssh, and pacemaker), Mageia (virtualbox), openSUSE (chromium, ImageMagick, and java-11-openjdk), and SUSE (openssl-1_1).
https://lwn.net/Articles/787599/
HPESBHF03769 rev.2 - HPE Integrated Lights-out 4 (iLO 4), and Moonshot Multiple Remote Vulnerabilities
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03769en_us
IBM Security Bulletin: IBM TRIRIGA is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data (CVE-2019-4208)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-tririga-is-vulnerable-to-an-xml-external-entity-injection-xxe-attack-when-processing-xml-data-cve-2019-4208/
IBM Security Bulletin: IBM TRIRIGA Application Platform may disclose sensitive information (CVE-2019-4207)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-tririga-application-platform-may-disclose-sensitive-information-cve-2019-4207/
IBM Security Bulletin: Vulnerability in Pivotal Spring Framework affects IBM TRIRIGA Application Platform (CVE-2018-15786)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-pivotal-spring-framework-affects-ibm-tririga-application-platform-cve-2018-15786/
IBM Security Bulletin: IBM TRIRIGA Application Platform could disclose sensitive information (CVE-2018-2008)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-tririga-application-platform-could-disclose-sensitive-information-cve-2018-2008/
IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Cloud App Management V2018
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-node-js-affect-ibm-cloud-app-management-v2018/
IBM Security Bulletin: IBM Cúram Social Program Management contains a cross-site request forgery vulnerability in the REST API (CVE-2018-2001)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-curam-social-program-management-contains-a-cross-site-request-forgery-vulnerability-in-the-rest-api-cve-2018-2001/
IBM Security Bulletin: Java Vulnerability Affects IBM Sterling Connect:Direct Browser User Interface (CVE-2018-1890, CVE-2018-3180)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-java-vulnerability-affects-ibm-sterling-connectdirect-browser-user-interface-cve-2018-1890-cve-2018-3180/
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Directory Server
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-security-directory-server-2/
IBM Security Bulletin: Multiple vulnerabilities in IBM® Runtime Environment Java- Version affect IBM Cloud Manager with OpenStack
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-runtime-environment-java-version-affect-ibm-cloud-manager-with-openstack/
IBM Security Bulletin: Vulnerabilities in GNU OpenSSL (1.0.2 series) affect IBM Netezza Analytics
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-gnu-openssl-1-0-2-series-affect-ibm-netezza-analytics/