End-of-Day report
Timeframe: Montag 13-05-2019 18:00 - Dienstag 14-05-2019 18:00
Handler: Robert Waldner
Co-Handler: n/a
News
Unklare Angebote zu Strafregisterauszug, Führungs- und Leumundszeugnis
Auf leumundszeugnis.at, strafregisterauszug.at, fuehrungszeugnis.at und amtsweg.info können Konsument/innen Online-Wegweiser bzw. E-Books erwerben, die beschreiben, wie gewisse Anträge bei den zuständigen Ämtern online gestellt werden können. Für zahlreiche Interessent/innen ist aber nicht klar erkennbar, dass nur Anleitungen und nicht die amtlichen Dokumente selbst angeboten werden.
https://www.watchlist-internet.at/news/unklare-angebote-zu-strafregisterauszug-fuehrungs-und-leumundszeugnis/
Vulnerabilities
Update WhatsApp now: Bug lets snoopers put spyware on your phone with just a call
WhatsApp has disclosed a serious vulnerability in the messaging app that gives snoops a way to remotely inject Israeli spyware on iPhone and Android devices simply by calling the target.
The bug, detailed in a Monday Facebook advisory for CVE-2019-3568, is a buffer overflow vulnerability within WhatsApp's VOIP function.
https://www.zdnet.com/article/update-whatsapp-now-bug-lets-snoopers-put-spyware-on-your-phone-with-just-a-call/
Adobe Releases Critical Patches for Flash, Acrobat Reader, and Media Encoder
Adobe today released its monthly software updates to patch a total of 87 security vulnerabilities in its Adobe Acrobat and Reader, Flash Player and Media Encoder, most of which could lead to arbitrary code execution attacks or worse. None of the flaws patched this month in Adobe products has been found exploited in the wild. Out of 87 total flaws, a whopping number of vulnerabilities (i.e.,
https://thehackernews.com/2019/05/adobe-software-updates.html
Apple Releases Multiple Security Updates
Original release date: May 14, 2019 Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates:watchOS 5.2.1Safari 12.1.1Apple TV Software 7.3tvOS 12.3iOS 12.3macOS Mojave 10.14.5,
https://www.us-cert.gov/ncas/current-activity/2019/05/14/Apple-Releases-Multiple-Security-Updates
Security updates for Tuesday
Security updates have been issued by CentOS (flatpak, ghostscript, and python-jinja2), Debian (cups-filters, imagemagick, qt4-x11, and samba), Fedora (httpd and wpa_supplicant), openSUSE (freeradius-server, nmap, python-Jinja2, signing-party, and webkit2gtk3), Red Hat (java-1.7.1-ibm and java-1.8.0-ibm), Scientific Linux (python-jinja2), SUSE (cf-cli, java-1_8_0-openjdk, and libxslt), and Ubuntu (isc-dhcp, openjdk-8, openjdk-lts, samba, and VCFtools).
https://lwn.net/Articles/788373/
Intel Desktop Firmware: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen
Intel Desktop Board products BIOS ist das BIOS welches mit Intel Motherboards ausgeliefert wird. Die Server Firmware stellt die Software-Grundbetriebskomponenten für Mainboards bereit.
Ein lokaler Angreifer kann eine Schwachstelle in Intel Desktop Firmware und Intel Server Firmware ausnutzen, um Sicherheitsvorkehrungen zu umgehen.
http://www.cert-bund.de/advisoryshort/CB-K19-0399
ASUS WebStorage abused to spy on users at the router level
ESET researcher Anton Cherepanov published a report detailing attack vectors related to WebStorage, ASUS's cloud storage service, on Tuesday. According to the team, the Plead malware may be being distributed through MiTM attacks taking place against ASUS software. Plead is a malware variant which specializes in data theft through a combination of the Plead backdoor and Drigo exfiltration tool.
https://www.zdnet.com/article/asus-webstorage-abused-to-spy-on-users-at-the-router-level/
Cisco Secure Boot Hardware Tampering Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190513-secureboot
Cisco IOS XE Software Web UI Command Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190513-webui
IBM Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect Liberty for Java for IBM Cloud January 2019 CPU
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-liberty-for-java-for-ibm-cloud-january-2019-cpu/
IBM Security Bulletin: Potential denial of service vulnerability in Liberty for Java for IBM Cloud (CVE-2019-4046)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-denial-of-service-vulnerability-in-liberty-for-java-for-ibm-cloud-cve-2019-4046/
IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Cloud App Management V2018
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-node-js-affect-ibm-cloud-app-management-v2018-2/
SSA-102144 (Last Update: 2019-05-14): Code Execution Vulnerability in LOGO! Soft Comfort
https://cert-portal.siemens.com/productcert/pdf/ssa-102144.pdf
SSA-542701 (Last Update: 2019-05-14): Vulnerabilities in SIEMENS LOGO!
https://cert-portal.siemens.com/productcert/pdf/ssa-542701.pdf
SSA-549547 (Last Update: 2019-05-14): Multiple Vulnerabilites in SCALANCE W1750D
https://cert-portal.siemens.com/productcert/pdf/ssa-549547.pdf
SSA-606525 (Last Update: 2019-05-14): Denial-of-Service Vulnerability in SINAMICS PERFECT HARMONY GH180 Ethernet Modbus Interface (G28)
https://cert-portal.siemens.com/productcert/pdf/ssa-606525.pdf
SSA-697412 (Last Update: 2019-05-14): Multiple Vulnerabilities in SIMATIC WinCC, SIMATIC WinCC Runtime, SIMATIC PCS 7, SIMATIC TIA Portal
https://cert-portal.siemens.com/productcert/pdf/ssa-697412.pdf
SSA-705517 (Last Update: 2019-05-14): Remote Code Execution Vulnerability in SIMATIC WinCC and SIMATIC PCS 7
https://cert-portal.siemens.com/productcert/pdf/ssa-705517.pdf
SSA-804486 (Last Update: 2019-05-14): Multiple Vulnerabilities in SIMATIC Panels and SIMATIC WinCC (TIA Portal)
https://cert-portal.siemens.com/productcert/pdf/ssa-804486.pdf
SSA-865156 (Last Update: 2019-05-14): Denial-of-Service Vulnerability in SINAMICS PERFECT HARMONY GH180 Fieldbus Network
https://cert-portal.siemens.com/productcert/pdf/ssa-865156.pdf
SSA-902727 (Last Update: 2019-05-14): Multiple Vulnerabilities in Licensing Software for SISHIP Automation Solutions
https://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdf
HPESBMU03935 rev.1 - HPE Unified OSS Console Software Products using Apache CouchDB, Remote Code Execution, Remote Escalation of Privilege
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03935en_us