End-of-Day report
Timeframe: Montag 18-02-2019 18:00 - Dienstag 19-02-2019 18:00
Handler: Dimitri Robl
Co-Handler: Stephan Richter
News
Hackers Use Compromised Banks as Starting Points for Phishing Attacks
Cybercriminals attacking banks and financial organizations use their foothold in a compromised infrastructure to gain access to similar targets in other regions or countries.
https://www.bleepingcomputer.com/news/security/hackers-use-compromised-banks-as-starting-points-for-phishing-attacks/
No More Ransom to the Rescue: New Decryption Tool Released for Latest Version of GandCrab ransomware
The wait for the victims of GandCrab is over: a new decryption tool has been released today for free on the No More Ransom depository for the latest strand of GandCrab, one of the world-s most prolific ransomware to date. This tool was developed by the Romanian Police in close collaboration with the internet security company Bitdefender and Europol, together with the support of law enforcement authorities from Austria, Belgium, Cyprus, France, Germany, Italy, the Netherlands, UK, Canada [...]
https://www.europol.europa.eu/newsroom/news/no-more-ransom-to-rescue-new-decryption-tool-released-for-latest-version-of-gandcrab-ransomware
SHA-2-Patch für Windows 7 und Windows Server 2008/R2 kommt im März
Microsoft plant ein Update für Windows 7/Server 2008 (R2). Es soll das Betriebssystem für die Erkennung SHA-2 signierter Updates fit machen.
http://heise.de/-4312194
Criminal hacking hits Managed Service Providers: Reasons and responses
Recent news articles show that MSPs are now being targeted by criminals, and for a variety of nefarious reasons. Why is this happening, and what should MSPs do about it?
https://www.welivesecurity.com/2019/02/19/criminal-hacking-hits-managed-service-providers-reasons-responses/
Rietspoof malware spreads via Facebook Messenger and Skype spam
Avast researchers spot new malware spreading via instant messaging clients.
https://www.zdnet.com/article/rietspoof-malware-spreads-via-facebook-messenger-and-skype-spam/
Vulnerabilities
Security updates for Tuesday
Security updates have been issued by Debian (chromium, rdesktop, rssh, systemd, and uriparser), Fedora (bouncycastle, eclipse-jgit, eclipse-linuxtools, jackson-annotations, jackson-bom, jackson-core, jackson-databind, jackson-dataformat-xml, jackson-dataformats-binary, jackson-dataformats-text, jackson-datatype-jdk8, jackson-datatype-joda, jackson-datatypes-collections, jackson-jaxrs-providers, jackson-module-jsonSchema, jackson-modules-base, jackson-parent, moby-engine, and subversion), [...]
https://lwn.net/Articles/780245/
Critical Release - PSA-2019-02-19
Date: 2019-February-19Security risk: Highly critical 20-25 AC:None/A:None/CI:All/II:All/E:Theoretical/TD:UncommonVulnerability: Critical ReleaseDescription: There will be a security release of 8.5.x and 8.6.x on February 20th 2019 between 1PM to 5PM America/New York (1800 to 2200 UTC). (To see this in your local timezone, refer to the Drupal Core Calendar) . The risk on this is currently rated at 20/25 (Highly critical) AC:None/A:None/CI:All/II:All/E:Theoretical/TD:Uncommon.
https://www.drupal.org/psa-2019-02-19
Vuln: SolarWinds Orion Network Performance Monitor (NPM) CVE-2019-8917 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/107061
Red Hat JBoss Enterprise Application Platform: Mehrere Schwachstellen
http://www.cert-bund.de/advisoryshort/CB-K19-0150
IBM Security Bulletin: Directory traversal vulnerability in IBM Robotic Process Automation with Automation Anywhere (CVE-2018-2006)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-directory-traversal-vulnerability-in-ibm-robotic-process-automation-with-automation-anywhere-cve-2018-2006/
IBM Security Bulletin: This Power System update is being released to address CVE-2018-8931
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-this-power-system-update-is-being-released-to-address-cve-2018-8931/
IBM Security Bulletin: IBM Cloud Transformation Advisor is affected by a CVE-2018-1901 vulnerability
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-transformation-advisor-is-affected-by-a-cve-2018-1901-vulnerability/
IBM Security Bulletin: A vulnerability in Apache Struts affects the IBM FlashSystem 840 and 900
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-apache-struts-affects-the-ibm-flashsystem-840-and-900/
IBM Security Bulletin: A vulnerability in Apache Struts affects the IBM FlashSystem V840
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-apache-struts-affects-the-ibm-flashsystem-v840/