End-of-Day report
Timeframe: Montag 24-06-2019 18:00 - Dienstag 25-06-2019 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
News
Using Whitelisting to Remediate an RCE Vulnerability (CVE-2019-2729) in Oracle WebLogic
Oracle WebLogic has recently disclosed and patched remote-code-execution (RCE) vulnerabilities in its software, many of which were due to insecure deserialization. Oracle addressed the most recent vulnerability, CVE-2019-2729, in an out-of-band security patch on June 18, 2019. CVE-2019-2729 was assigned a CVSS score of 9.8, making it a critical vulnerability.
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/fYmCaoi4AE8/
Thunderbird 60.7.2: Mozilla fixt potenziell gefährliche Lückenkombination
Das Mozilla Entwickler-Team hat vergangene Woche zwei Sicherheitslücken in Thunderbird behoben, die zuvor in Firefox aktiv ausgenutzt worden war.
https://heise.de/-4454671
Side-Channel Attacks: OpenSSH erhält Schutz vor Spectre, RAMBleed und Co.
Die temporäre Verschlüsselung im RAM soll mit OpenSSH genutzte Keys künftig vor Seitenkanalangriffen schützen.
https://heise.de/-4455055
Phishing-Versuch gegen free-Kund/innen der Advanzia Bank S.A.
Konsument/innen finden eine E-Mail in ihrem Posteingang, in der sie über die Notwendigkeit einer Datenbestätigung informiert werden, um die free-Kreditkarte weiter nutzen zu können. Die Nachricht erweckt den Eindruck, von der Advanzia Bank S.A. zu stammen, doch sie wird von Kriminellen verschickt. Dem Link darf nicht gefolgt werden, denn es handelt sich um einen Phishing-Versuch!
https://www.watchlist-internet.at/news/phishing-versuch-gegen-free-kundinnen-der-advanzia-bank-sa/
New Mac malware abuses recently disclosed Gatekeeper zero-day
Researchers find new OSX/Linker malware abusing still-unpatched macOS Gatekeeper bypass.
https://www.zdnet.com/article/new-mac-malware-abuses-recently-disclosed-gatekeeper-zero-day/
Vulnerabilities
TYPO3 9.5.8 and 8.7.27 security releases published
We are announcing the release of the following TYPO3 updates: TYPO3 9.5.8 LTS TYPO3 8.7.27 LTS All versions are security releases and contain important security fixes
https://typo3.org/article/typo3-958-and-8727-security-releases-published/
TYPO3-EXT-SA-2019-014: Multiple vulnerabilities in extension "phpMyAdmin" (phpmyadmin)
CVE: CVE-2019-11768 and CVE-2019-12616 * PMASA-2019-3: SQL injection in Designer feature * PMASA-2019-4: CSRF vulnerability in login form
https://typo3.org/security/advisory/typo3-ext-sa-2019-014/
Kubernetes CVE-2019-11246 Incomplete Fix Arbitrary File Overwrite Vulnerability
Kubernetes is prone to a vulnerability that may allow attackers to overwrite arbitrary files. Successful exploits may allow an attacker to write arbitrary files in the context of the user running the affected application. Versions prior to kubernetes 1.12.9, 1.13.6, and 1.14.2 are vulnerable.
https://www.securityfocus.com/bid/108866/discuss
Security updates for Tuesday
Security updates have been issued by CentOS (python), Debian (bzip2, libvirt, python2.7, python3.4, rdesktop, and thunderbird), Fedora (thunderbird and tomcat), openSUSE (aubio, docker, enigmail, GraphicsMagick, and python-Jinja2), SUSE (kernel, libvirt, postgresql96, and tomcat), and Ubuntu (ceph, firefox, imagemagick, libmysofa, linux, linux-hwe, neutron, and policykit-desktop-privileges).
https://lwn.net/Articles/792006/
Alpine Linux Docker image vulnerability CVE-2019-5021
https://support.f5.com/csp/article/K25551452
QEMU: Mehrere Schwachstellen
http://www.cert-bund.de/advisoryshort/CB-K19-0541