[CERT-daily] Tageszusammenfassung - 03.05.2019

Fri May 3 18:41:10 CEST 2019

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 02-05-2019 18:00 − Freitag 03-05-2019 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Decryptor for MegaLocker and NamPoHyu Virus Ransomware Released ∗∗∗
---------------------------------------------
Emsisoft has released a decryptor for the MegaLocker and NamPoHyu Virus ransomware that has been targeting exposed Samba servers. Victims can now use this decryptor to recover their files for free. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/decryptor-for-megalocker-and-nampohyu-virus-ransomware-released/


∗∗∗ Informal Expert Group on EU Member States Incident Response Development ∗∗∗
---------------------------------------------
ENISA launches this Call for Participation to invite experts to participate in its expert group.
---------------------------------------------
https://www.enisa.europa.eu/news/enisa-news/informal-e-xpert-group-on-eu-ms-incident-response-development


∗∗∗ 2019: The Return of Retefe ∗∗∗
---------------------------------------------
Retefe is a banking Trojan that historically has routed online banking traffic intended for targeted banks through a proxy instead of the web injects more typical of other bankers. [...] Although Retefe only appeared infrequently in 2018, the banker returned to more regular attacks on Swiss and German victims in April of 2019 with both a Windows and macOS version. Retefes return to the landscape was marked by several noteworthy changes: [...]
---------------------------------------------
https://www.proofpoint.com/us/threat-insight/post/2019-return-retefe


∗∗∗ Abus Funkalarmanlage: Sicherheitslücke erlaubt Klonen von RFID-Schlüsseln ∗∗∗
---------------------------------------------
Erst vergangene Woche enthüllten Sicherheitsforscher drei Sicherheitslücken in Abus Secvest Alarmanlagen. Nun folgt eine weitere.
---------------------------------------------
https://heise.de/-4412282


∗∗∗ D-Link schützt DNS-320 und weitere NAS mit Updates gegen Cr1ptTor-Ransomware ∗∗∗
---------------------------------------------
Die Netzwerkspeicher DNS-320L, DNS-325 und DNS-327L waren anfällig für Angriffe durch den Verschlüsselungstrojaner Cr1ptor. Firmware-Updates sollen das ändern.
---------------------------------------------
https://heise.de/-4412656


∗∗∗ Vulnerabilities Found in Over 100 Jenkins Plugins ∗∗∗
---------------------------------------------
A researcher has discovered vulnerabilities in more than 100 plugins designed for the Jenkins open source software development automation server and many of them have yet to be patched. read more
---------------------------------------------
https://www.securityweek.com/vulnerabilities-found-over-100-jenkins-plugins


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Orpak SiteOmat ∗∗∗
---------------------------------------------
This advisory includes mitigations for use of hard-coded credentials, cross-site scripting, SQL injection, missing encryption of sensitive data, code injection, and stack-based buffer overflow vulnerabilities reported in Orpak’s SiteOmat, software for fuel station management.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-19-122-01


∗∗∗ GE Communicator ∗∗∗
---------------------------------------------
This advisory includes mitigations for uncontrolled search path, use of hard-coded credentials, and improper access control vulnerabilities reported in GEs Communicator software.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-19-122-02


∗∗∗ Sierra Wireless AirLink ALEOS ∗∗∗
---------------------------------------------
This advisory includes mitigations for OS command injection, use of hard-coded credentials, unrestricted upload of file with dangerous type, cross-site scripting, cross-site request forgery, information exposure, and missing encryption of sensitive data vulnerabilities reported in the Sierra Wireless AirLink ALEOS products.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-19-122-03


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (linux-4.9 and otrs2), Fedora (gradle, java-1.8.0-openjdk, jetty, kernel, ruby, and runc), openSUSE (dovecot23, jasper, libsoup, ntfs-3g_ntfsprogs, and webkit2gtk3), SUSE (openssl), and Ubuntu (python-gnupg).
---------------------------------------------
https://lwn.net/Articles/787413/


∗∗∗ IBM Security Bulletin: Vyatta 5600 vRouter Software Patches – Releases 1801-w and 1801-y ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vyatta-5600-vrouter-software-patches-releases-1801-w-and-1801-y/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affects IBM Storwize V7000 Unified ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affects-ibm-storwize-v7000-unified-4/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily