End-of-Day report
Timeframe: Freitag 31-05-2019 18:00 - Montag 03-06-2019 18:00
Handler: Dimitri Robl
Co-Handler: Robert Waldner
News
Vorsicht: Offizielle Windows-10-Apps zeigen schädliche Werbung an
Der Konzern warnt Windows-Nutzer: Microsoft-Anwendungen leiten ihre Nutzer auf betrügerische Websites um.
https://futurezone.at/digital-life/vorsicht-offizielle-windows-10-apps-zeigen-schaedliche-werbung-an/400512964
Legacy app whitelist can be abused to bypass latest macOS security features, expert warns
Three words to ruin an Apple engineers day: Patrick Wardle disclosure Malware can bypass protections in macOS Mojave, and potentially access user data as well as the webcam and mic - by exploiting a hole in Apples legacy app support.
http://go.theregister.com/feed/www.theregister.co.uk/2019/06/03/macos_security_blocks_useless/
GandCrab ransomware operation says its shutting down
GandCrab crew says it made enough money and plans to retire within a month.
https://www.zdnet.com/article/gandcrab-ransomware-operation-says-its-shutting-down/
Vulnerabilities
VU#877837: Multiple vulnerabilities in Quest (Dell) Kace K1000 Appliance
CVE-2018-5404:The Dell Kace K1000 Appliance allows an authenticated,remote attacker with least privileges(User Console Only role)to potentially exploit multiple Blind SQL Injection vulnerabilities to retrieve sensitive information from the database or copy the entire database. (CWE-89) CVE-2018-5405:The Dell Kace K1000 Appliance allows an authenticated least privileged user with-User Console Only-rights to potentially inject arbitrary JavaScript code on the tickets page.
https://kb.cert.org/vuls/id/877837
Cisco IOS XR Software BGP MPLS-Based EVPN Denial of Service Vulnerability
A vulnerability in the Border Gateway Protocol (BGP) Multiprotocol Label Switching (MPLS)-based Ethernet VPN (EVPN) implementation of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-iosxr-evpn-dos
Sicherheitsupdate: Nvidia Geforce Experience angreifbar
Ein lokaler Angreifer könnte über Schwachstellen in Nvidia Geforce Experience Schadcode auf Computer schieben.
https://heise.de/-4437588
Security updates for Monday
Security updates have been issued by Arch Linux (curl, lib32-curl, lib32-libcurl-compat, lib32-libcurl-gnutls, libcurl-compat, libcurl-gnutls, and live-media), Debian (doxygen and php5), Fedora (cryptopp, drupal7-context, drupal7-ds, drupal7-module_filter, drupal7-path_breadcrumbs, drupal7-uuid, drupal7-views, drupal7-xmlsitemap, and sleuthkit), openSUSE (axis, chromium, containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork, curl, doxygen, GraphicsMagick, [...]
https://lwn.net/Articles/790174/
Vuln: Apache Hadoop CVE-2018-8029 Remote Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/108518
IBM Security Bulletin: Apache Tomcat as used in IBM QRadar SIEM is vulnerable to denial of service (CVE-2019-0199)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-apache-tomcat-as-used-in-ibm-qradar-siem-is-vulnerable-to-denial-of-service-cve-2019-0199/
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-content-collector-for-email/
IBM Security Bulletin: OpenSSL as used in IBM QRadar SIEM is vulnerable to a information disclosure (CVE-2018-5407)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-openssl-as-used-in-ibm-qradar-siem-is-vulnerable-to-a-information-disclosure-cve-2018-5407/
ASP.NET x-up-devcap-post-charset header security exposure
https://support.f5.com/csp/article/K54150332
HPESBMU03923 rev.1 - HPE Smart Update Manager (SUM), Local Unauthorized Elevation of Privilege
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03923en_us
HPESBMU03922 rev.1 - HPE Smart Update Manager (SUM), Remote Unauthorized Access
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03922en_us