End-of-Day report
Timeframe: Donnerstag 02-05-2019 18:00 - Freitag 03-05-2019 18:00
Handler: Stephan Richter
Co-Handler: n/a
News
Decryptor for MegaLocker and NamPoHyu Virus Ransomware Released
Emsisoft has released a decryptor for the MegaLocker and NamPoHyu Virus ransomware that has been targeting exposed Samba servers. Victims can now use this decryptor to recover their files for free. [...]
https://www.bleepingcomputer.com/news/security/decryptor-for-megalocker-and-nampohyu-virus-ransomware-released/
Informal Expert Group on EU Member States Incident Response Development
ENISA launches this Call for Participation to invite experts to participate in its expert group.
https://www.enisa.europa.eu/news/enisa-news/informal-e-xpert-group-on-eu-ms-incident-response-development
2019: The Return of Retefe
Retefe is a banking Trojan that historically has routed online banking traffic intended for targeted banks through a proxy instead of the web injects more typical of other bankers. [...] Although Retefe only appeared infrequently in 2018, the banker returned to more regular attacks on Swiss and German victims in April of 2019 with both a Windows and macOS version. Retefes return to the landscape was marked by several noteworthy changes: [...]
https://www.proofpoint.com/us/threat-insight/post/2019-return-retefe
Abus Funkalarmanlage: Sicherheitslücke erlaubt Klonen von RFID-Schlüsseln
Erst vergangene Woche enthüllten Sicherheitsforscher drei Sicherheitslücken in Abus Secvest Alarmanlagen. Nun folgt eine weitere.
https://heise.de/-4412282
D-Link schützt DNS-320 und weitere NAS mit Updates gegen Cr1ptTor-Ransomware
Die Netzwerkspeicher DNS-320L, DNS-325 und DNS-327L waren anfällig für Angriffe durch den Verschlüsselungstrojaner Cr1ptor. Firmware-Updates sollen das ändern.
https://heise.de/-4412656
Vulnerabilities Found in Over 100 Jenkins Plugins
A researcher has discovered vulnerabilities in more than 100 plugins designed for the Jenkins open source software development automation server and many of them have yet to be patched. read more
https://www.securityweek.com/vulnerabilities-found-over-100-jenkins-plugins
Vulnerabilities
Orpak SiteOmat
This advisory includes mitigations for use of hard-coded credentials, cross-site scripting, SQL injection, missing encryption of sensitive data, code injection, and stack-based buffer overflow vulnerabilities reported in Orpak-s SiteOmat, software for fuel station management.
https://ics-cert.us-cert.gov/advisories/ICSA-19-122-01
GE Communicator
This advisory includes mitigations for uncontrolled search path, use of hard-coded credentials, and improper access control vulnerabilities reported in GEs Communicator software.
https://ics-cert.us-cert.gov/advisories/ICSA-19-122-02
Sierra Wireless AirLink ALEOS
This advisory includes mitigations for OS command injection, use of hard-coded credentials, unrestricted upload of file with dangerous type, cross-site scripting, cross-site request forgery, information exposure, and missing encryption of sensitive data vulnerabilities reported in the Sierra Wireless AirLink ALEOS products.
https://ics-cert.us-cert.gov/advisories/ICSA-19-122-03
Security updates for Friday
Security updates have been issued by Debian (linux-4.9 and otrs2), Fedora (gradle, java-1.8.0-openjdk, jetty, kernel, ruby, and runc), openSUSE (dovecot23, jasper, libsoup, ntfs-3g_ntfsprogs, and webkit2gtk3), SUSE (openssl), and Ubuntu (python-gnupg).
https://lwn.net/Articles/787413/
IBM Security Bulletin: Vyatta 5600 vRouter Software Patches - Releases 1801-w and 1801-y
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vyatta-5600-vrouter-software-patches-releases-1801-w-and-1801-y/
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affects IBM Storwize V7000 Unified
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affects-ibm-storwize-v7000-unified-4/