End-of-Day report
Timeframe: Freitag 24-05-2019 18:00 - Montag 27-05-2019 18:00
Handler: Dimitri Robl
Co-Handler: Robert Waldner
News
Joomla and WordPress Found Harboring Malicious Redirect Code
New .htaccess injector threat on Joomla and WordPress websites redirects to malicious websites.
https://threatpost.com/joomla-and-wordpress-malicious-redirect-code/145068/
Serious Security: Don-t let your SQL server attack you with ransomware
Tales from the honeypot: this time a MySQL-based attack. Old tricks still work, because were still making old mistakes - heres what to do.
https://nakedsecurity.sophos.com/2019/05/25/serious-security-dont-let-your-sql-server-attack-you-with-ransomware/
Alles Fake: sendlein.net, reipel.net, kleimer.net und lieberg24.com
Die verlockenden Technik-Angebote bei sendlein.net, reipel.net, kleimer.net oder lieberg24.com sind leider zu schön, um wahr zu sein! Es handelt sich um betrügerische Shops, die nicht liefern. Sie verlieren Ihr Geld und geben Kreditkartendaten preis, die für Online-Einkäufe verwendet werden könnten!
https://www.watchlist-internet.at/news/alles-fake-sendleinnet-reipelnet-kleimernet-und-lieberg24com/
Intense scanning activity detected for BlueKeep RDP flaw
A threat actor hidden behind Tor nodes is scanning for Windows systems vulnerable to BlueKeep flaw.
https://www.zdnet.com/article/intense-scanning-activity-detected-for-bluekeep-rdp-flaw/#ftag=RSSbaffb68
Vulnerabilities
BlackBerry Powered by Android Security Bulletin - May 2019
BlackBerry has released a security update to address multiple vulnerabilities in BlackBerry powered by Android smartphones. ... This advisory is in response to the Android Security Bulletin (May) and addresses issues in that bulletin that affect BlackBerry powered by Android smartphones
http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000057037
New unpatched macOS Gatekeeper Bypass Published Online
Details have been released for an unpatched vulnerability in macOS 10.14.5 (Mojave) and below that allows a hacker to execute arbitrary code without user interaction.
https://www.bleepingcomputer.com/news/security/new-unpatched-macos-gatekeeper-bypass-published-online/
Fortinet schließt mehrere Sicherheitslücken in FortiOS und Co.
Das SSL-VPN-Webportal von FortiOS war über mehrere Wege angreifbar - aus der Ferne und teils ohne Authentifizierung. Der Hersteller rät zum Update.
https://heise.de/-4432813
Security updates for Monday
Security updates have been issued by Debian (curl, jackson-databind, minissdpd, php5, thunderbird, wireshark, and wpa), Fedora (curl, drupal7, firefox, kernel, libmediainfo, mediaconch, mediainfo, mod_http2, mupdf, rust, and singularity), openSUSE (containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork), Oracle (firefox and libvirt), Scientific Linux (firefox and libvirt), and SUSE (bluez, curl, gnutls, java-1_7_1-ibm, libu2f-host, libvirt, python3, screen, and xen).
https://lwn.net/Articles/789523/
SSA-932041: Vulnerability in Radiography and Mobile X-ray Products from Siemens Healthineers
https://cert-portal.siemens.com/productcert/txt/ssa-932041.txt
SSA-832947: Vulnerability in Laboratory Diagnostics Products from Siemens Healthineers
https://cert-portal.siemens.com/productcert/txt/ssa-832947.txt
SSA-433987: Vulnerability in Radiation Oncology Products from Siemens Healthineers
https://cert-portal.siemens.com/productcert/txt/ssa-433987.txt
SSA-406175: Vulnerability in Siemens Healthineers Software Products
https://cert-portal.siemens.com/productcert/txt/ssa-406175.txt
SSA-166360: Vulnerability in Advanced Therapy Products from Siemens Healthineers
https://cert-portal.siemens.com/productcert/txt/ssa-166360.txt
SSA-616199: Vulnerability in Point of Care Diagnostics Products from Siemens Healthineers - Blood Gas
https://cert-portal.siemens.com/productcert/txt/ssa-616199.txt
IBM Security Bulletin: IBM QRadar WinCollect Agent Does Not Verify TLS Syslog Certificate (CVE-2019-4264)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-wincollect-agent-does-not-verify-tls-syslog-certificate-cve-2019-4264/
IBM Security Bulletin: Security vulnerability affects the Report Builder shipped with Jazz Reporting Service (CVE-2019-4184)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerability-affects-the-report-builder-shipped-with-jazz-reporting-service-cve-2019-4184/
GNU Binutils vulnerability CVE-2019-9070
https://support.f5.com/csp/article/K13534168