Tageszusammenfassung - 25.07.2018

End-of-Day report

Timeframe: Dienstag 24-07-2018 18:00 - Mittwoch 25-07-2018 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner

News

Bitdefender Releases Decryption Tool for Older Version of LockCrypt Ransomware

Romanian antivirus firm Bitdefender released yesterday a decryption tool that can recover files encrypted by an older version of the LockCrypt ransomware, the one that locks files with the .1btc extension.

https://www.bleepingcomputer.com/news/security/bitdefender-releases-decryption-tool-for-older-version-of-lockcrypt-ransomware/

VB2017 paper and update: Browser attack points still abused by banking trojans

At VB2017, ESET researchers Peter Kálnai and Michal Poslu-ný looked at how banking malware interacts with browsers. Today we publish their paper, share the video of their presentation, and also publish a guest blog post from Peter, in which he summarises the recent developments in this space.

https://www.virusbulletin.com:443/blog/2018/07/vb2017-paper-and-update-browser-attack-points-still-abused-banking-trojans/

Anmeldung auf Probenheld.de ist nicht empfehlenswert

Gehäuft gehen Beschwerden zu probenheld.de bei uns ein. Die betroffenen Personen berichten von nicht bestellten Produktzusendungen und Rechnungen für Produktproben, die als gratis ausgewiesen waren. Wir empfehlen InteressentInnen sich nicht bei probenheld.de anzumelden, denn der Anbieter verstößt gegen gesetzliche Vorgaben und ist nicht als vertrauenswürdig einzustufen. Erhaltene Rechnungen, Mahnungen oder Inkassoschreiben sollten nicht bezahlt werden.

https://www.watchlist-internet.at/news/anmeldung-auf-probenheldde-ist-nicht-empfehlenswert/

DHS Warns of Impending Cyber-Attacks on ERP Systems

the US Department of Homeland Security (DHS) has issued an alert warning of increased activity from nation-state hackers, criminal groups, and hacktivists against Enterprise Resource Planning (ERP) systems. The warning is based on a joint report published two days ago by threat intelligence firms Digital Shadows and Onapsis.

https://www.bleepingcomputer.com/news/security/dhs-warns-of-impending-cyber-attacks-on-erp-systems/

Vulnerabilities

Apache Tomcat: Wichtige Updates schließen Sicherheitslücken

Neue Versionen der 7er-, 8er- und 9er-Reihe des Anwendungsservers Apache Tomcat bringen unter anderem zwei dringliche Security-Fixes mit.

http://heise.de/-4119967

Security updates for Wednesday

Security updates have been issued by Debian (ant, evolution-data-server, libarchive-zip-perl, mailman, resiprocate, slurm-llnl, and sympa), Mageia (firmware, kernel, microcode, and wesnoth), openSUSE (Chromium), Oracle (openslp and thunderbird), Red Hat (java-1.7.0-oracle, java-1.8.0-oracle, kernel, qemu-kvm-rhev, and thunderbird), SUSE (kernel, nautilus, and xen), and Ubuntu (ant and clamav).

https://lwn.net/Articles/760803/

Cisco CallManager Express Unauthorized Access Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-cme1

Red Hat JBoss Data Virtualization: Eine Schwachstelle ermöglicht einen Clickjacking-Angriff

https://adv-archiv.dfn-cert.de/adv/2018-1457/

Security Advisory - Buffer Overflow Vulnerability on Several Products

http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180725-01-dos-en

IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM® Db2®

http://www-01.ibm.com/support/docview.wss?uid=ibm10713455

IBM Security Bulletin: A vulnerability in OpenSSL affect IBM® SDK for Node.js- in IBM Cloud (CVE-2018-0739)

http://www-01.ibm.com/support/docview.wss?uid=swg22016251

IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Tivoli Netcool Configuration Manager (CVE-2017-10356).

http://www.ibm.com/support/docview.wss?uid=swg22016354