[CERT-daily] Tageszusammenfassung - 25.07.2018

Daily end-of-shift report team at cert.at
Wed Jul 25 18:04:33 CEST 2018


=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 24-07-2018 18:00 − Mittwoch 25-07-2018 18:00
Handler:     Stephan Richter
Co-Handler:  Robert Waldner

=====================
=       News        =
=====================

∗∗∗ Bitdefender Releases Decryption Tool for Older Version of LockCrypt Ransomware ∗∗∗
---------------------------------------------
Romanian antivirus firm Bitdefender released yesterday a decryption tool that can recover files encrypted by an older version of the LockCrypt ransomware, the one that locks files with the .1btc extension.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/bitdefender-releases-decryption-tool-for-older-version-of-lockcrypt-ransomware/


∗∗∗ VB2017 paper and update: Browser attack points still abused by banking trojans ∗∗∗
---------------------------------------------
At VB2017, ESET researchers Peter Kálnai and Michal Poslušný looked at how banking malware interacts with browsers. Today we publish their paper, share the video of their presentation, and also publish a guest blog post from Peter, in which he summarises the recent developments in this space.
---------------------------------------------
https://www.virusbulletin.com:443/blog/2018/07/vb2017-paper-and-update-browser-attack-points-still-abused-banking-trojans/


∗∗∗ Anmeldung auf Probenheld.de ist nicht empfehlenswert ∗∗∗
---------------------------------------------
Gehäuft gehen Beschwerden zu probenheld.de bei uns ein. Die betroffenen Personen berichten von nicht bestellten Produktzusendungen und Rechnungen für Produktproben, die als gratis ausgewiesen waren. Wir empfehlen InteressentInnen sich nicht bei probenheld.de anzumelden, denn der Anbieter verstößt gegen gesetzliche Vorgaben und ist nicht als vertrauenswürdig einzustufen. Erhaltene Rechnungen, Mahnungen oder Inkassoschreiben sollten nicht bezahlt werden.
---------------------------------------------
https://www.watchlist-internet.at/news/anmeldung-auf-probenheldde-ist-nicht-empfehlenswert/


∗∗∗ DHS Warns of Impending Cyber-Attacks on ERP Systems ∗∗∗
---------------------------------------------
the US Department of Homeland Security (DHS) has issued an alert warning of increased activity from nation-state hackers, criminal groups, and hacktivists against Enterprise Resource Planning (ERP) systems.
The warning is based on a joint report published two days ago by threat intelligence firms Digital Shadows and Onapsis.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/dhs-warns-of-impending-cyber-attacks-on-erp-systems/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Apache Tomcat: Wichtige Updates schließen Sicherheitslücken ∗∗∗
---------------------------------------------
Neue Versionen der 7er-, 8er- und 9er-Reihe des Anwendungsservers Apache Tomcat bringen unter anderem zwei dringliche Security-Fixes mit.
---------------------------------------------
http://heise.de/-4119967


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (ant, evolution-data-server, libarchive-zip-perl, mailman, resiprocate, slurm-llnl, and sympa), Mageia (firmware, kernel, microcode, and wesnoth), openSUSE (Chromium), Oracle (openslp and thunderbird), Red Hat (java-1.7.0-oracle, java-1.8.0-oracle, kernel, qemu-kvm-rhev, and thunderbird), SUSE (kernel, nautilus, and xen), and Ubuntu (ant and clamav).
---------------------------------------------
https://lwn.net/Articles/760803/


∗∗∗ Cisco CallManager Express Unauthorized Access Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-cme1


∗∗∗ Red Hat JBoss Data Virtualization: Eine Schwachstelle ermöglicht einen Clickjacking-Angriff ∗∗∗
---------------------------------------------
https://adv-archiv.dfn-cert.de/adv/2018-1457/


∗∗∗ Security Advisory - Buffer Overflow Vulnerability on Several Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180725-01-dos-en


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM® Db2® ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=ibm10713455


∗∗∗ IBM Security Bulletin: A vulnerability in OpenSSL affect IBM® SDK for Node.js™ in IBM Cloud (CVE-2018-0739) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22016251


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Tivoli Netcool Configuration Manager (CVE-2017-10356). ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22016354


∗∗∗ BIG-IP APM per-request policy object vulnerability CVE-2018-5536 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K27391542


∗∗∗ TMM vulnerability CVE-2018-5530 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K45611803


∗∗∗ BIG-IP ASM vulnerability CVE-2018-5539 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K75432956


∗∗∗ HTTPS monitor vulnerability CVE-2018-5542 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K05112543


∗∗∗ TMM vulnerability CVE-2018-5537 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K94105051


∗∗∗ DNS Express vulnerability CVE-2018-5538 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K45435121

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list