[CERT-daily] Tageszusammenfassung - 19.02.2019

Tue Feb 19 18:07:14 CET 2019

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 18-02-2019 18:00 − Dienstag 19-02-2019 18:00
Handler:     Dimitri Robl
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Hackers Use Compromised Banks as Starting Points for Phishing Attacks ∗∗∗
---------------------------------------------
Cybercriminals attacking banks and financial organizations use their foothold in a compromised infrastructure to gain access to similar targets in other regions or countries.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/hackers-use-compromised-banks-as-starting-points-for-phishing-attacks/


∗∗∗ No More Ransom to the Rescue: New Decryption Tool Released for Latest Version of GandCrab ransomware ∗∗∗
---------------------------------------------
The wait for the victims of GandCrab is over: a new decryption tool has been released today for free on the No More Ransom depository for the latest strand of GandCrab, one of the world’s most prolific ransomware to date. This tool was developed by the Romanian Police in close collaboration with the internet security company Bitdefender and Europol, together with the support of law enforcement authorities from Austria, Belgium, Cyprus, France, Germany, Italy, the Netherlands, UK, Canada [...]
---------------------------------------------
https://www.europol.europa.eu/newsroom/news/no-more-ransom-to-rescue-new-decryption-tool-released-for-latest-version-of-gandcrab-ransomware


∗∗∗ SHA-2-Patch für Windows 7 und Windows Server 2008/R2 kommt im März ∗∗∗
---------------------------------------------
Microsoft plant ein Update für Windows 7/Server 2008 (R2). Es soll das Betriebssystem für die Erkennung SHA-2 signierter Updates fit machen.
---------------------------------------------
http://heise.de/-4312194


∗∗∗ Criminal hacking hits Managed Service Providers: Reasons and responses ∗∗∗
---------------------------------------------
Recent news articles show that MSPs are now being targeted by criminals, and for a variety of nefarious reasons. Why is this happening, and what should MSPs do about it?
---------------------------------------------
https://www.welivesecurity.com/2019/02/19/criminal-hacking-hits-managed-service-providers-reasons-responses/


∗∗∗ Rietspoof malware spreads via Facebook Messenger and Skype spam ∗∗∗
---------------------------------------------
Avast researchers spot new malware spreading via instant messaging clients.
---------------------------------------------
https://www.zdnet.com/article/rietspoof-malware-spreads-via-facebook-messenger-and-skype-spam/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (chromium, rdesktop, rssh, systemd, and uriparser), Fedora (bouncycastle, eclipse-jgit, eclipse-linuxtools, jackson-annotations, jackson-bom, jackson-core, jackson-databind, jackson-dataformat-xml, jackson-dataformats-binary, jackson-dataformats-text, jackson-datatype-jdk8, jackson-datatype-joda, jackson-datatypes-collections, jackson-jaxrs-providers, jackson-module-jsonSchema, jackson-modules-base, jackson-parent, moby-engine, and subversion), [...]
---------------------------------------------
https://lwn.net/Articles/780245/


∗∗∗ Critical Release - PSA-2019-02-19 ∗∗∗
---------------------------------------------
Date: 2019-February-19Security risk: Highly critical 20∕25 AC:None/A:None/CI:All/II:All/E:Theoretical/TD:UncommonVulnerability: Critical ReleaseDescription: There will be a security release of 8.5.x and 8.6.x on February 20th 2019 between 1PM to 5PM America/New York (1800 to 2200 UTC). (To see this in your local timezone, refer to the Drupal Core Calendar) . The risk on this is currently rated at 20/25 (Highly critical) AC:None/A:None/CI:All/II:All/E:Theoretical/TD:Uncommon.
---------------------------------------------
https://www.drupal.org/psa-2019-02-19


∗∗∗ Vuln: SolarWinds Orion Network Performance Monitor (NPM) CVE-2019-8917 Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.securityfocus.com/bid/107061


∗∗∗ Red Hat JBoss Enterprise Application Platform: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-0150


∗∗∗ IBM Security Bulletin: Directory traversal vulnerability in IBM Robotic Process Automation with Automation Anywhere (CVE-2018-2006) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-directory-traversal-vulnerability-in-ibm-robotic-process-automation-with-automation-anywhere-cve-2018-2006/


∗∗∗ IBM Security Bulletin: This Power System update is being released to address CVE-2018-8931 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-this-power-system-update-is-being-released-to-address-cve-2018-8931/


∗∗∗ IBM Security Bulletin: IBM Cloud Transformation Advisor is affected by a CVE-2018-1901 vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-transformation-advisor-is-affected-by-a-cve-2018-1901-vulnerability/


∗∗∗ IBM Security Bulletin: A vulnerability in Apache Struts affects the IBM FlashSystem 840 and 900 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-apache-struts-affects-the-ibm-flashsystem-840-and-900/


∗∗∗ IBM Security Bulletin: A vulnerability in Apache Struts affects the IBM FlashSystem V840 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-apache-struts-affects-the-ibm-flashsystem-v840/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily