[CERT-daily] Tageszusammenfassung - 19.04.2019

Daily end-of-shift report team at cert.at
Fri Apr 19 18:10:24 CEST 2019 

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 18-04-2019 18:00 − Freitag 19-04-2019 18:00
Handler:     Alexander Riepl
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Wipro Intruders Targeted Other Major IT Firms ∗∗∗
---------------------------------------------
The criminals responsible for launching phishing campaigns that netted dozens of employees and more than 100 computer systems last month at Wipro, Indias third-largest IT outsourcing firm, also appear to have targeted a number of other competing providers, including Infosys and Cognizant -- two other large technology consulting companies, new evidence suggests.
---------------------------------------------
https://krebsonsecurity.com/2019/04/wipro-intruders-targeted-other-major-it-firms/


∗∗∗ Threat Source (April 18): New attacks distribute Formbook, LokiBot ∗∗∗
---------------------------------------------
Newsletter compiled by Jonathan Munshaw.Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week.
---------------------------------------------
https://blog.talosintelligence.com/2019/04/threat-source-april-18-new-attacks.html


∗∗∗ DNS Hijacking Abuses Trust In Core Internet Service ∗∗∗
---------------------------------------------
Authors: Danny Adamitis, David Maynor, Warren Mercer, Matthew Olney and Paul Rascagneres.Update 4/18: A correction has been made to our research based on feedback from Packet Clearing House, we thank them for their assistancePrefaceThis blog post discusses the technical details of a state-sponsored attack manipulating DNS systems. While this incident is limited to targeting primarily national security organizations in the Middle East and North Africa, and we do not want to overstate the [...]
---------------------------------------------
https://blog.talosintelligence.com/2019/04/seaturtle.html


∗∗∗ What did Ransomware do in March? ∗∗∗
---------------------------------------------
According to the monitoring of 360 Brain of Safety, the overall attack trend of Ransomware in March is relatively stable. There is no new large-scale...The post What did Ransomware do in March? appeared first on 360 Total Security Blog.
---------------------------------------------
https://blog.360totalsecurity.com/en/what-did-ransomware-do-in-march/


∗∗∗ Daily Emotet IoCs and Notes for 04/17-18/19 ∗∗∗
---------------------------------------------
Emotet Malware Document links/IOCs for 04/17-18/19 as of 04/19/19 02:00 EDTNotes and Credits now at the bottom Follow us on twitter @cryptolaemus1 for more updates.Epoch 1 Document/Downloader links seen for [...]
---------------------------------------------
https://paste.cryptolaemus.com/emotet/2019/04/18/18-emotet-malware-IoCs_04-17-18-19.html



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Fedora (atomic-reactor and osbs-client), openSUSE (libqt5-qtbase, lxc, tar, wget, and xmltooling), Scientific Linux (java-1.8.0-openjdk and java-11-openjdk), SUSE (php5), and Ubuntu (znc).
---------------------------------------------
https://lwn.net/Articles/786299/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cognos TM1 (CVE-2018-3180, CVE-2018-12547) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-cognos-tm1-cve-2018-3180-cve-2018-12547/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cognos Insight (CVE-2018-3180, CVE-2018-12547) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-cognos-insight-cve-2018-3180-cve-2018-12547/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

More information about the Daily mailing list