Subscribe to This Feed

Neverquest banking trojan expands list of targets: Cyber Updates July 21st

By Kelli Tarala | July 21, 2014

trojan Source: www.gods.com

Researchers with Symantec found that the attackers operating the Neverquest banking trojan, also known as Snifula, have focused their efforts on banks in the U.S. and Japan since December 2013. The trojan is able to obtain banking login information from victims and can also steal digital certificates, among other capabilities.

Full Story:
http://news.softpedia.com/news/Neverquest-Banking-Trojan-Expands-List-of-Targets-451157.shtml

New Android ransomware locks device completely
Researchers at Lookout identified a new piece of Android ransomware dubbed ScarePakage that infects devices by posing as a legitimate app on third-party Android markets and then locks the device and demands a ransom. The ransomware uses a Java TimerTask to kill other processes and a wave lock mechanism to prevent the phone from entering sleep mode.

Full Story:
http://news.softpedia.com/news/New-Android-Ransomware-Locks-Device-Completely-451125.shtml

Government-grade stealth malware in hands of criminals
Sentinel Labs researchers reported that a piece of malware likely originating from a state-sponsored espionage campaign known as Gyges is being repurposed by cybercriminals to conceal and protect various pieces of malware and ransomware. Gyges contains several sophisticated features to avoid detection and prevent reverse-engineering and appears to have originated in Russia.

Full Story:
http://www.darkreading.com/government-grade-stealth-malware-in-hands-of-criminals/d/d-id/1297362

Microsoft’s Black Thursday: Xbox Live goes down as Xbox Studio canned
Microsoft reported that its Xbox Live gaming and entertainment service went offline for several hours July 17, leaving users unable to access the service during the outage.

Full Story:
http://www.theregister.co.uk/2014/07/17/xbox_live_problems/

DDoS attacks decrease in Q2 2014, compared to Q1
Arbor Networks reported that distributed denial of service (DDoS) attacks during the second quarter of 2014 decreased in terms of speeds and frequency compared to the previous quarter, with average DDoS attack size at 759.83 Mb/s, among other findings.

Full Story:
http://news.softpedia.com/news/Volumetric-DDoS-Attacks-Decrease-in-Q2-2014-Compared-to-Q1-451160.shtml

Disclaimer: The above information largely has been reproduced from the DHS Open Source Daily Report, a full version of which can be found at http://www.dhs.gov/files/programs/editorial_0542.shtm.  Enclave Security, LLC and its agents used their best efforts in collecting and preparing the information published herein. However, Enclave Security, LLC, does not assume, and hereby disclaims, any and all liability for any loss or damage caused by errors or omissions, whether such errors or omissions resulted from negligence, accident, or other causes.

Topics: Uncategorized | No Comments »

Gasp! 63% of businesses don’t encrypt credit cards Cyber Highlights July 18th

By Kelli Tarala | July 18, 2014

 

myparent Summer Vacation doesn’t mean good grammar takes a break.

Source: Grammarly Cards, Original text writing.com, Superman and Wonder Woman from DC Comics.

SecurityMetrics found in a study that 63.86 percent of businesses surveyed store unencrypted 16-digit payment cards on their systems, and 7 percent store magnetic stripe data, providing easy targets for fraud, among other findings.

Full Story:
Source: http://www.net-security.org/secworld.php?id=17135

Pushdo trojan outbreak: 11 THOUSAND systems infected in just 24 hours
Bitdefender researchers reported that a new campaign to spread the Pushdo botnet malware compromised over 11,000 systems within a 24-hour period, with the majority of infected users in Asia and some in the U.S., U.K., and France. The Pushdo botnet has previously been used in spam campaigns and to distribute malware such as Zeus and SpyEye.

Full Story:
http://www.theregister.co.uk/2014/07/17/pushdo_trojan_outbreak/

Cisco patches critical issue in wireless residential gateway products
Cisco released patches for several Cisco Wireless Residential Gateway products, closing a vulnerability that could allow attackers to use malicious HTTP requests to crash the Web server and inject commands or execute code with elevated privileges.

Full Story:
http://news.softpedia.com/news/Cisco-Patches-Critical-Issue-in-Wireless-Residential-Gateway-Products-451109.shtml

SQL injection risk in vBulletin receives prompt patch
vBulletin released a patch for its forum software which closes a SQL injection vulnerability that was identified and disclosed by Romanian Security Team.

Full Story:
http://news.softpedia.com/news/SQL-Injection-Risk-in-vBulletin-Receives-Prompt-Patch-451090.shtml

Critical vulnerabilities fixed in Drupal 7.29 and 6.32
The Drupal Security Team advised all users to update to versions to 7.29 or 6.32 in order to close vulnerabilities that could allow attackers to perform denial of service (DoS) attacks cross-site scripting (XSS) attacks.

Full Story:
http://news.softpedia.com/news/Critical-Vulnerabilities-Fixed-in-Drupal-7-29-and-6-32-451074.shtml

Five vulnerabilities fixed in Apache Web Server
The Apache Software Foundation released version 2.4.10-dev of its Apache Web Server, closing five vulnerabilities, including a buffer overflow vulnerability and several denial of service (DoS) vulnerabilities.

Full Story:
http://threatpost.com/five-vulnerabilities-fixed-in-apache-web-server/107278

Disclaimer: The above information largely has been reproduced from the DHS Open Source Daily Report, a full version of which can be found at http://www.dhs.gov/files/programs/editorial_0542.shtm.  Enclave Security, LLC and its agents used their best efforts in collecting and preparing the information published herein. However, Enclave Security, LLC, does not assume, and hereby disclaims, any and all liability for any loss or damage caused by errors or omissions, whether such errors or omissions resulted from negligence, accident, or other causes.

Topics: Uncategorized | No Comments »

Hot Java Patches: Cyber Updates for July 17th 2014

By Kelli Tarala | July 17, 2014

javalogo

Oracle patches 13 vulnerabilities, including 20 in Java
Oracle released its Critical Patch Update for July, which includes patches for 113 security vulnerabilities in various Oracle products, including 20 vulnerabilities in Java SE. The 20 vulnerabilities in Java can all be remotely exploited without authentication and users were advised to apply the updates as soon as possible.

Full Story:
http://www.securityweek.com/oracle-patches-113-vulnerabilities-including-20-java

vBulletin exploitable through SQL injection
Members of the Romanian Security Team group identified and reported an SQL injection vulnerability in vBulletin which could be used by attackers to gain access to a forum’s administration panel and databases. The group reported the vulnerability to the developers of vBulletin and stated that they would disclose the full details of the issue once a fix is released.

Full Story:
http://news.softpedia.com/news/vBulletin-Exploitable-Through-SQL-Injection-450894.shtml

OpenBSD downplays PRNG vulnerability in LibreSSL
A researcher with Opsmate reported finding a flaw in the pseudorandom number generator (PRNG) in LibreSSL for Linux. Representatives of the OpenBSD Project confirmed that the issue exists but stated that the now-fixed problem was unlikely to be exploitable in real world conditions.

Full Story:
http://www.securityweek.com/openbsd-downplays-prng-vulnerability-libressl

Disclaimer: The above information largely has been reproduced from the DHS Open Source Daily Report, a full version of which can be found at http://www.dhs.gov/files/programs/editorial_0542.shtm.  Enclave Security, LLC and its agents used their best efforts in collecting and preparing the information published herein. However, Enclave Security, LLC, does not assume, and hereby disclaims, any and all liability for any loss or damage caused by errors or omissions, whether such errors or omissions resulted from negligence, accident, or other causes.

Topics: Uncategorized | No Comments »

Microsoft NTLM problems still out there: Cyber Updates for July 16th

By Kelli Tarala | July 16, 2014

password_digita-100010084-gallery

Critical design flaw in Microsoft’s Active Directory could allow password change
Researchers with Aorato identified a flaw within Microsoft’s Active Directory which could allow attackers to change a victim’s password and use the new password to access a company’s network and enterprise functions. The vulnerability relies on the older NTLM authentication protocol to perform a “pass-the-hash” attack to gain access.

Full Story:
http://www.pcworld.com/article/2454103/critical-design-flaw-in-active-directory-could-allow-for-a-password-change.html

Amazon-based malware triples in 6 months
Solutionary released an analysis of Internet service providers (ISPs) and hosting providers hosting malware and found that Amazon was the top malware-hosting ISP, with a 250 per cent increase during the second quarter of 2014, among other findings.

Full Story:
http://www.net-security.org/malware_news.php?id=2808

Google’s Dropcam monitoring device open for video hijacking
Researchers with Synack found that the Google Dropcam home monitoring cameras contain vulnerabilities which could allow the camera’s video and sound content to be intercepted by attackers. The vulnerabilities stem from an old version of OpenSSL that is vulnerable to the Heartbleed flaw and other issues, and from an old version of BusyBox that contains exploitable flaws.

Full Story:
http://news.softpedia.com/news/Google-s-Dropcam-Monitoring-Device-Open-for-Video-Hijacking-450737.shtml

CNET attacked by Russian hackers, user database stolen
CBS Interactive confirmed that media Web site CNET was compromised after attackers claiming affiliation with the Russian hacker group W0rm stated that they were able to obtain databases containing usernames, emails, and encrypted passwords for over 1 million users. The attackers stated that they used a flaw in the site’s implementation of the Symfony PHP framework and claimed that the attack was performed for security demonstration purposes and the information would not be sold.

Full Story:
http://www.net-security.org/secworld.php?id=17117

Gameover ZeuS botnet pulls dripping stake, staggers back from the UNDEAD
Sophos researchers reported that a new variant of the GameOver Zeus trojan is being used to re-establish a botnet 6 weeks after an international law enforcement effort disrupted the original botnet used for banking credential theft and the distribution of the CryptoLocker ransomware.

Full Story:
http://www.theregister.co.uk/2014/07/14/gameover_zeus_botnet_back/

Disclaimer: The above information largely has been reproduced from the DHS Open Source Daily Report, a full version of which can be found at http://www.dhs.gov/files/programs/editorial_0542.shtm.  Enclave Security, LLC and its agents used their best efforts in collecting and preparing the information published herein. However, Enclave Security, LLC, does not assume, and hereby disclaims, any and all liability for any loss or damage caused by errors or omissions, whether such errors or omissions resulted from negligence, accident, or other causes.

Topics: DHS Infrastructure Reports | No Comments »

ATTACK of the Windows ZOMBIES on point-of-sale terminals: July 9th

By Kelli Tarala | July 9, 2014

zombies-at-window

http://www.redbeacon.com/hg/7-ways-fortify-your-home-zombie-apocalypse/

ATTACK of the Windows ZOMBIES on point-of-sale terminals
Researchers with IntelCrawler identified and infiltrated a Windows botnet known as @-Brt that can be used in brute force attacks against point-of-sale (POS) systems and their associated networks. The botnet targets Remote Desktop Protocol (RDP) servers with weak or default passwords in order to grant attackers the access needed to plant payment card data stealing malware.

Full Story:
http://www.theregister.co.uk/2014/07/09/botnet_brute_forces_pos/

Facebook helps shut down crypto-currency mining botnet
A joint effort by Facebook, security groups, and Greek law enforcement agencies shut down a Litecoin-mining botnet known as Lecpetex that had infected around 250,000 computers in several countries. The malware for the botnet spread through a social media spam campaign that compromised Facebook accounts and spread the malware disguised as an image file.

Full Story:
http://news.softpedia.com/news/Facebook-Helps-Shut-Down-Crypto-Currency-Mining-Botnet-450068.shtml

Microsoft releases critical Internet Explorer fix in Patch Tuesday update
Microsoft released its monthly Patch Tuesday round of updates July 8, which included six updates, two of which were rated as critical.

Full Story:
http://www.v3.co.uk/v3-uk/news/2354331/microsoft-releases-critical-internet-explorer-fix-in-patch-tuesday-update

Fake Google digital certificates issued by Indian organization
Google stated July 8 that it identified and blocked unauthorized digital certificates issued by India’s National Informatics Center that could have been used to compromise users of the Chrome and Internet Explorer browsers.

Full Story:
http://www.securityweek.com/fake-google-digital-certificates-issued-indian-organization

FireEye fixes vulnerabilities in FireEye Operating System (FEOS)
FireEye released an update for its FireEye Operating System (FEOS), closing several security issues, including five OpenSSL vulnerabilities.

Full Story:
http://www.securityweek.com/fireeye-fixes-security-vulnerabilities-fireeye-operating-system-feos

Adware company linked to development & distribution of Mevade malware
Trend Micro researchers published a research paper which stated that iBario. Ltd, an Israeli company with ties to Ukraine, is believed to be involved in the creation and distribution of the Mevade malware that has infected millions of computers worldwide. The researchers believe that the InstallBrain installer created by iBario has been used to install Mevade onto victims’ computers.

Full Story:
http://www.securityweek.com/adware-company-linked-development-and-distribution-mevade-malware

Android’s phone wiping fails to delete personal data
Researchers with Avast reported the results of a study where the researchers bought 20 used Android phones and were able to recover former users’ personal data, including photos, emails, and contacts, after the Android factory reset function was used. The researchers reported that users could compromise their personal information when selling used devices because the Android factory reset only clears devices at the application layer.

Full Story:
http://www.cnet.com/news/android-phone-wiping-fails-to-delete-personal-data/

Disclaimer: The above information largely has been reproduced from the DHS Open Source Daily Report, a full version of which can be found at http://www.dhs.gov/files/programs/editorial_0542.shtm.  Enclave Security, LLC and its agents used their best efforts in collecting and preparing the information published herein. However, Enclave Security, LLC, does not assume, and hereby disclaims, any and all liability for any loss or damage caused by errors or omissions, whether such errors or omissions resulted from negligence, accident, or other causes.

Topics: Uncategorized | No Comments »


« Previous Entries