Rewterz

Rewterz Threat Advisory – Apache Tomcat SETTINGS Denial of Service Vulnerability

March 26, 2019
Rewterz

Rewterz Threat Alert – Operation ShadowHammer – ASUS Live Update Utility Attacked in a Supply Chain Attack

March 26, 2019

Rewterz Threat Alert – FASTCash ISO 8583-Specific Windows Malware Identified

Severity

Medium

Analysis Summary

FASTCash’s capability to manipulate AIX servers running a bank’s switch application to intercept financial request messages and reply with fraudulent but legitimate-looking affirmative response messages to enable extensive ATM cash outs. The newly identified malware provides FASTCash the additional capability to intercept and manipulate financial messages processed on a Windows server.

Impact

Fraudulent Transactions

Indicators of Compromise

Filename vspmvc.dll
Malware Hash (MD5/SHA1/SH256) A2B1A45A242CEE03FAB0BEDB2E460587

Remediation

  • Block threat indicators at your respective control.
  • Require two factor authentication for any user to access the switch application server.
  • Maintain situational awareness of the latest threats.

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.