Rewterz Threat Advisory – Apache Tomcat SETTINGS Denial of Service Vulnerability
March 26, 2019Rewterz Threat Alert – Operation ShadowHammer – ASUS Live Update Utility Attacked in a Supply Chain Attack
March 26, 2019Rewterz Threat Advisory – Apache Tomcat SETTINGS Denial of Service Vulnerability
March 26, 2019Rewterz Threat Alert – Operation ShadowHammer – ASUS Live Update Utility Attacked in a Supply Chain Attack
March 26, 2019Severity
Medium
Analysis Summary
FASTCash’s capability to manipulate AIX servers running a bank’s switch application to intercept financial request messages and reply with fraudulent but legitimate-looking affirmative response messages to enable extensive ATM cash outs. The newly identified malware provides FASTCash the additional capability to intercept and manipulate financial messages processed on a Windows server.
Impact
Fraudulent Transactions
Indicators of Compromise
Filename | vspmvc.dll |
Malware Hash (MD5/SHA1/SH256) | A2B1A45A242CEE03FAB0BEDB2E460587 |
Remediation
- Block threat indicators at your respective control.
- Require two factor authentication for any user to access the switch application server.
- Maintain situational awareness of the latest threats.