Symantec ha descubierto un nuevo grupo de atacantes que se dirige de forma agresiva a las empresas y organizaciones de salud con el fin de realizar espionaje corporativo.
Denominado Orangeworm, este grupo carga malware en dispositivos que alojan software empleado para controlar máquinas de rayos X, Resonancia Magnética Nuclear (RMN), así como dispositivos utilizados para ayudar a los pacientes a completar los formularios de consentimiento para procedimientos médicos.
El informe publicado por Symantec, revela que Orangeworm ha estado operando desde el año 2015 y su objetivo principal son las corporaciones internacionales con sede en Europa, Asia y Estados Unidos, enfocadas principalmente en el sector médico.
El ataque ocurre de la siguiente manera: una vez los atacantes acceden a la red de las víctimas, cargan un troyano llamado Kwampirs, que se encarga de abrir una puerta trasera en los ordenadores comprometidos, permitiendo acceder remotamente a ellos y robar los datos confidenciales de las organizaciones que los atacantes han estudiado previa y cuidadosamente.
Más información:
SEGU-INFO
MySQL vulnerabilities CVE-2018-2805, CVE-2018-2810, CVE-2018-2812, CVE-2018-2813, and CVE-2018-2816. Security Advisory. ...
More info:
https://support.f5.com/csp/article/K27992001
Red Hat Enterprise Linux: An update for librelp is now available for Red Hat Enterprise Linux 7.Red Hat Product Security has rated this update as having a security impact ofCritical. A Common Vulnerability Scoring System (CVSS) base score, which gives adetailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. CVE-2018-1000140
More info:
http://rhn.redhat.com/errata/RHSA-2018-1223.html
MySQL vulnerabilities CVE-2018-2817, CVE-2018-2818, CVE-2018-2819, CVE-2018-2839, and CVE-2018-2846. Security Advisory. ...
More info:
https://support.f5.com/csp/article/K03551138
Red Hat Enterprise Linux: An update for PackageKit is now available for Red Hat Enterprise Linux 7.Red Hat Product Security has rated this update as having a security impact ofModerate. A Common Vulnerability Scoring System (CVSS) base score, which gives adetailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. CVE-2018-1106
More info:
http://rhn.redhat.com/errata/RHSA-2018-1224.html
Red Hat Enterprise Linux: An update for kernel is now available for Red Hat Enterprise Linux 7.2 AdvancedUpdate Support, Red Hat Enterprise Linux 7.2 Telco Extended Update Support, andRed Hat Enterprise Linux 7.2 Update Services for SAP Solutions.Red Hat Product Security has rated this update as having a security impact ofImportant. A Common Vulnerability Scoring System (CVSS) base score, which givesa detailed severity rating, is available for each vulnerability from the CVElink(s) in the
More info:
http://rhn.redhat.com/errata/RHSA-2018-1216.html
Red Hat Enterprise Linux: An update for librelp is now available for Red Hat Enterprise Linux 6.Red Hat Product Security has rated this update as having a security impact ofCritical. A Common Vulnerability Scoring System (CVSS) base score, which gives adetailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. CVE-2018-1000140
More info:
http://rhn.redhat.com/errata/RHSA-2018-1225.html
Multiple MySQL vulnerabilities. Security Advisory. Security Advisory Description. CVE-2018-2776 Vulnerability in the MySQL ...
More info:
https://support.f5.com/csp/article/K71231825
MySQL vulnerabilities CVE-2018-2755, CVE-2018-2758, CVE-2018-2759, CVE-2018-2761, and CVE-2018-2762. Security Advisory. ...
More info:
https://support.f5.com/csp/article/K02212309
This update doesnt fix a vulnerability in linux-tools, but providessupport for building Linux kernel modules with the retpolinemitigation for CVE-2017-5715 (Spectre variant 2).
More info:
https://www.debian.org/security/2018/dsa-4179
