Tageszusammenfassung - 08.05.2019

End-of-Day report

Timeframe: Dienstag 07-05-2019 18:00 - Mittwoch 08-05-2019 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter

News

Hacker gesucht: "Auch Zehnjährige verstehen, was ein sicheres Passwort ist"

Ab sofort werden im Rahmen der Cyber Security Challenge wieder die besten Hacker Österreichs gesucht.

https://futurezone.at/digital-life/hacker-gesucht-auch-zehnjaehrige-verstehen-was-ein-sicheres-passwort-ist/400488034

Biometric Authentication Overview, Advantages & Disadvantages [Updated 2019]

What is biometric authentication? Biometric authentication is simply the process of verifying your identity using your measurements or other unique characteristics of your body, then logging you in a service, an app, a device and so on. What-s complicated is the technology behind it, so let-s see how it works.

https://heimdalsecurity.com/blog/biometric-authentication/

Researchers- Evil Clippy cloaks malicious Office macros

A team of security researchers has exploited Microsoft-s patchy macro documentation to hide malicious code inside innocent-looking macros.

https://nakedsecurity.sophos.com/2019/05/08/researchers-cloak-malicious-office-macros-with-evil-clippy/

Unternehmen aufgepasst: Bewerbungen mit Schadsoftware in Umlauf

Generisch gehaltene Mails mit dem Betreff -Bewerbung für Ihre Stellenausschreibung- werden momentan von Kriminellen verbreitet. Die Nachrichten enthalten ein passwortgeschütztes und somit verschlüsseltes Word-Dokument. Das dazugehörige Passwort ist in der Mail zu finden. Empfänger/innen dürfen den Anhang nicht öffnen. Er enthält Schadsoftware!

https://www.watchlist-internet.at/news/unternehmen-aufgepasst-bewerbungen-mit-schadsoftware-in-umlauf/

Vulnerabilities

Cisco Elastic Services Controller REST API Authentication Bypass Vulnerability

A vulnerability in the REST API of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to bypass authentication on the REST API.The vulnerability is due to improper validation of API requests. An attacker could exploit this vulnerability by sending a crafted request to the REST API. A successful exploit could allow the attacker to execute arbitrary actions through the REST API with administrative privileges on an affected system.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190507-esc-authbypass

Security updates for Wednesday

Security updates have been issued by Arch Linux (dovecot, kernel, linux-zen, munin, nautilus, perl-email-address, and tcpreplay), Debian (atftp), Fedora (perl-YAML and teeworlds), Mageia (java-1.8.0-openjdk, ldb, libsolv, and putty/filezilla/wxgtk), openSUSE (freeradius-server, libjpeg-turbo, pacemaker, rubygem-actionpack-5_1, wpa_supplicant, and yubico-piv-tool), Red Hat (chromium-browser, container-tools:rhel8, edk2, firefox, flatpak, ghostscript, httpd:2.4, mod_auth_mellon, openwsman, [...]

https://lwn.net/Articles/787842/

IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Directory Server (Tivoli) & Rational Directory Administrator

https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-rational-directory-server-tivoli-rational-directory-administrator-9/

IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Installation Manager and IBM Packaging Utility

https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-installation-manager-and-ibm-packaging-utility-6/

IBM Security Bulletin: Session Management vulnerability affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-4072)

https://www.ibm.com/blogs/psirt/ibm-security-bulletin-session-management-vulnerability-affects-ibm-spectrum-control-formerly-tivoli-storage-productivity-center-cve-2019-4072/

IBM Security Bulletin: Potential CSV injection threat affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-4071)

https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-csv-injection-threat-affects-ibm-spectrum-control-formerly-tivoli-storage-productivity-center-cve-2019-4071/

IBM Security Bulletin: IBM Security Guardium is affected by a Spring Framework vulnerability

https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-guardium-is-affected-by-a-spring-framework-vulnerability/

IBM Security Bulletin: Potential denial of service in WebSphere Application Server affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2018-10237)

https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-denial-of-service-in-websphere-application-server-affects-ibm-spectrum-control-formerly-tivoli-storage-productivity-center-cve-2018-10237/

IBM Security Bulletin: IBM MQ Advanced Cloud Pak is vulnerable to a buffer overflow in the curl command (CVE-2018-16842)

https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-advanced-cloud-pak-is-vulnerable-to-a-buffer-overflow-in-the-curl-command-cve-2018-16842/

IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Host On-Demand

https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-host-on-demand-3/

IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cognos Planning

https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-cognos-planning/

IBM Security Bulletin: Security vulnerabilities have been identified in IBM Java Runtime and the microcode shipped with the DS8000 Hardware Management Console (HMC)

https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilities-have-been-identified-in-ibm-java-runtime-and-the-microcode-shipped-with-the-ds8000-hardware-management-console-hmc/