End-of-Day report
Timeframe: Montag 29-04-2019 18:00 - Dienstag 30-04-2019 18:00
Handler: Dimitri Robl
Co-Handler: Robert Waldner
News
APT trends report Q1 2019
This is our latest summary of APT activity, based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports. It aims to highlight the significant events and findings that we feel people should be aware of.
https://securelist.com/apt-trends-report-q1-2019/90643/
Vorsicht vor Bestellungen auf cragoo.at und cragoo.de
Bei cragoo.de bzw. cragoo.at handelt es sich um einen Online-Shop der Firma TA Retail UG mit sehr breitem Sortiment. Es werden unter anderem Haushaltsgeräte, Technik, Autozubehör, Bauutensilien, Fahrräder, Möbel und Spielzeug angeboten. Doch Vorsicht: Uns erreichen laufend Meldungen verärgerter Konsument/innen, die einen Einkauf per Vorkasse bezahlt, aber keine Lieferung erhalten haben.
https://www.watchlist-internet.at/news/vorsicht-vor-bestellungen-auf-cragooat-und-cragoode/
Oracle Weblogic 0day
Several days ago, information about new Oracle Weblogic Server 0day vulnerability was published [... CVE-2019-2725].
...
One of the SISSDEN goals is to track such a vulnerabilities and answer following questions:
How big was the volume of scanning/exploitation?
Who is responsible for scanning/exploitation?
How was the exploitation executed?
https://sissden.eu/blog/oracle-weblogic-0day
Vulnerabilities
Vuln: ImageMagick Multiple Heap Buffer Overflow Vulnerabilities
ImageMagick is prone to multiple heap-based buffer-overflow vulnerabilities.
An attacker can exploit this issue to cause denial-of-service condition and obtain sensitive information.
http://www.securityfocus.com/bid/108102
Insufficient Privilege Validation in WooCommerce Checkout Manager
Due to the poor handling of a vulnerability disclosure, a new attack vector has appeared for the WooCommerce Checkout Manager WordPress plugin and is affecting over 60,000 sites. If you are using this plugin, we recommend that you update it to version 4.3 immediately.
https://blog.sucuri.net/2019/04/insufficient-privilege-validation-in-woocommerce-checkout-manager.html
Schwachstelle in Revive Adserver kann Schadcode-Auslieferung ermöglichen
Der Werbeanzeigen-Server Revive Adserver ist über zwei Schwachstellen angreifbar; eine davon gilt als kritisch. Version 4.2.0 ist abgesichert.
https://heise.de/-4410423
Forscher finden Schwachstellen in E-Mail-Signaturprüfung
Sicherheitsforscher der Fachhochschule Münster und der Ruhr-Universität Bochum haben Schwachstellen in den Implementierungen der weitverbreiteten E-Mail-Verschlüsselungsstandards S/MIME und OpenPGP gefunden
https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2019/Signaturfaelschungen-300419.html
Security updates for Tuesday
Security updates have been issued by CentOS (kernel, openwsman, and ovmf), Debian (gst-plugins-base1.0 and libvirt), Fedora (libX11, poppler, python-urllib3, samba, and wpewebkit), openSUSE (GraphicsMagick), SUSE (atftp, glibc, libssh2_org, and wpa_supplicant), and Ubuntu (wavpack).
https://lwn.net/Articles/787158/
Foxit Phantom PDF Suite: Mehrere Schwachstellen
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen im Foxit Reader und der Foxit Phantom PDF Suite ausnutzen, um beliebigen Programmcode mit Benutzerrechten auszuführen, einen Denial of Service Angriff durchzuführen oder vertrauliche Daten einzusehen.
http://www.cert-bund.de/advisoryshort/CB-K19-0359
IBM Security Bulletin: Multiple Security Vulnerabilities Affect IBM WebSphere Application Server for IBM Cloud Private VM Quickstarter
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vulnerabilities-affect-ibm-websphere-application-server-for-ibm-cloud-private-vm-quickstarter/
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Performance Tester
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-rational-performance-tester-3/
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for SAP Applications
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-content-collector-for-sap-applications-5/
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect ITCAM for SOA
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-itcam-for-soa-4/
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Service Tester
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-rational-service-tester-3/
IBM Security Bulletin: IBM Cloud Transformation Advisor is affected by a vulnerability in WebSphere Application Server Liberty (CVE-2018-1902)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-transformation-advisor-is-affected-by-a-vulnerability-in-websphere-application-server-liberty-cve-2018-1902/
IBM Security Bulletin: A vulnerability affects the IBM FlashSystem 840 and 900
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-affects-the-ibm-flashsystem-840-and-900/
IBM Security Bulletin: Security vulnerability affects Rational Engineering Lifecycle Manager
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerability-affects-rational-engineering-lifecycle-manager-2/
IBM Security Bulletin: Multiple vulnerabilities affect IBM Planning Analytics (CVE-2018-3180, CVE-2013-1624, CVE-2018-1933, CVE-2015-1832, CVE-2018-15494)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-affect-ibm-planning-analytics-cve-2018-3180-cve-2013-1624-cve-2018-1933-cve-2015-1832-cve-2018-15494/
HPESBHF03929 rev.1 - HPE Superdome Flex Server, Local Denial of Service, Disclosure of Information, and Escalation of Privilege
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03929en_us