- La banda se infiltró en más de cien instituciones financieras de más de 40 países y podría haber robado más de 1.000 millones de euros.
El líder de la banda criminal que está detrás de los ataques de malware Carbanak y Cobalt contra más de cien instituciones financieras de todo el mundo ha sido arrestado en Alicante, España, tras una compleja investigación llevada a cabo por la Policía Nacional española, con el apoyo de Europol, el FBI, las autoridades rumanas, bielorrusas, taiwanesas y empresas privadas de ciberseguridad.
Desde el año 2013, este grupo ha atracado a bancos, sistemas de pago electrónico e instituciones financieras de todo el mundo, utilizando malware que ellos mismos habían diseñado (Carbanak y Cobalt).
Las operaciones delictivas habrían afectado a bancos de más de 40 países y provocado pérdidas acumuladas de más de mil millones de euros para el sector financiero.
La banda, que operaba desde el 2013, diseñó y usó los softwares Anunak, Carbanak y Cobalt para lograr el dinero. Los delincuentes utilizaban campañas de phishing dirigidas (spear phishing) a trabajadores de bancos, a los que sometían a una investigación previa. Gracias a mensajes de correo enviadas a sus cuentas profesionales, la banda conseguía introducir el programa malicioso, que no era detectado por los antivirus, en los ordenadores de estos empleados y desde allí lograba controlar toda la red interna y hacía pasar las transacciones delictivas como habituales.
Más información:
Red Hat Enterprise Linux: An update for rh-ruby22-ruby is now available for Red Hat Software Collections.Red Hat Product Security has rated this update as having a security impact ofImportant. A Common Vulnerability Scoring System (CVSS) base score, which givesa detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. CVE-2009-5147, CVE-2015-7551, CVE-2017-0898, CVE-2017-0899, CVE-2017-0900, CVE-2017-0901, CVE-2017-0902, CVE-2017-0903,
More info:
http://rhn.redhat.com/errata/RHSA-2018-0583.html
by Marina Glancy. Paypal IPN callback script should only send error emails to admin after request origin was verified, otherwise admin email can be spammedSeverity/Risk:SeriousVersions affected:3.4 to 3.4.1, 3.3 to 3.3.4, 3.2 to 3.2.7, 3.1 to 3.1.10 and earlier unsupported versionsVersions fixed:3.4.2, 3.3.5, 3.2.8 and 3.1.11Reported by:Brendan CoxCVE identifier:CVE-2018-1081Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-61392Tracker
More info:
https://moodle.org/mod/forum/discuss.php?d=367938&parent=1483858
Red Hat Enterprise Linux: An update for rh-ruby24-ruby is now available for Red Hat Software Collections.Red Hat Product Security has rated this update as having a security impact ofImportant. A Common Vulnerability Scoring System (CVSS) base score, which givesa detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. CVE-2017-17405, CVE-2017-17790
More info:
http://rhn.redhat.com/errata/RHSA-2018-0584.html
Red Hat Enterprise Linux: An update for rh-mysql56-mysql is now available for Red Hat SoftwareCollections.Red Hat Product Security has rated this update as having a security impact ofImportant. A Common Vulnerability Scoring System (CVSS) base score, which givesa detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. CVE-2018-2562, CVE-2018-2573, CVE-2018-2583, CVE-2018-2590, CVE-2018-2591, CVE-2018-2612, CVE-2018-2622, CVE-2018-2640,
More info:
http://rhn.redhat.com/errata/RHSA-2018-0587.html
Red Hat Enterprise Linux: An update for rh-ruby23-ruby is now available for Red Hat Software Collections.Red Hat Product Security has rated this update as having a security impact ofImportant. A Common Vulnerability Scoring System (CVSS) base score, which givesa detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. CVE-2017-0898, CVE-2017-0899, CVE-2017-0900, CVE-2017-0901, CVE-2017-0902, CVE-2017-0903, CVE-2017-10784, CVE-2017-14033,
More info:
http://rhn.redhat.com/errata/RHSA-2018-0585.html
Red Hat Enterprise Linux: An update for rh-maven35-slf4j is now available for Red Hat SoftwareCollections.Red Hat Product Security has rated this update as having a security impact ofImportant. A Common Vulnerability Scoring System (CVSS) base score, which givesa detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. CVE-2018-8088
More info:
http://rhn.redhat.com/errata/RHSA-2018-0582.html
Red Hat Enterprise Linux: An update for rh-mysql57-mysql is now available for Red Hat SoftwareCollections.Red Hat Product Security has rated this update as having a security impact ofImportant. A Common Vulnerability Scoring System (CVSS) base score, which givesa detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. CVE-2018-2565, CVE-2018-2573, CVE-2018-2576, CVE-2018-2583, CVE-2018-2586, CVE-2018-2590, CVE-2018-2600, CVE-2018-2612,
More info:
http://rhn.redhat.com/errata/RHSA-2018-0586.html
by Marina Glancy. If a user account using OAuth2 authentication method was once confirmed but later suspended, user could still login to the siteSeverity/Risk:MinorVersions affected:3.4 to 3.4.1, 3.3 to 3.3.4Versions fixed:3.4.2 and 3.3.5Reported by:Helen FosterCVE identifier:CVE-2018-1082Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-60101Tracker issue:MDL-60101 Suspended users with OAuth 2 authentication method can still log in to the
More info:
https://moodle.org/mod/forum/discuss.php?d=367939&parent=1483859
