Subscribe to This Feed

RadEditor web editor vulnerable to XSS attacks: October 1st CyberSecurity Highlights

By Kelli Tarala | October 1, 2014

radA researcher identified and reported a cross-site scripting (XSS) vulnerability in the RadEditor text editor used in several Microsoft products that could allow attackers to inject malicious script and obtain private data. The vulnerability was closed by Telerik September 24.

Full Story:
http://threatpost.com/radeditor-web-editor-vulnerable-to-xss-attacks

Variant of Upatre malware dropper seen in bank emails
A security researcher reported finding a new variant of the Upatre malware dropper attached to emails purporting to be from financial institutions. The new variant is distributed as a download through a link in the malicious emails and has a low VirusTotal detection rate.

Full Story:
http://news.softpedia.com/news/Variant-of-Upatre-Malware-Dropper-Seen-In-Bank-Emails-460463.shtml

Apple patches Shellshock bug in OS X
Apple released a security update for its OS X operating system that closes two remotely exploitable vulnerabilities in the GNU Bash UNIX shell known as Shellshock.

Full Story:
http://www.net-security.org/secworld.php?id=17430

‘Shellshock’ attacks could already top 1 billion
Incapsula researchers reported that the company’s Web application firewall deflected over 217,000 attempted exploitations of the Shellshock vulnerability in GNU Bash during the 4 days after the vulnerability was disclosed and estimated that the total number of attacks attempting to exploit the flaw could reach 1 billion.

Full Story:
http://www.securityweek.com/shellshock-attacks-could-already-top-1-billion-report

Seller of StealthGenie mobile spyware app indicted and arrested
The CEO of InvoCode was arrested September 27 in Los Angeles for allegedly selling and advertising the StealthGenie mobile spyware. The Pakistani national allegedly worked with others to develop and market the spyware that is compatible with major mobile operating systems such as Android, Blackberry, and iOS.

Full Story:
http://news.softpedia.com/news/Seller-of-StealthGenie-Mobile-Spyware-App-Indicted-And-Arrested-460448.shtml

Signed CryptoWall delivered via malvertising campaign on top-ranked websites
Researchers with Barracuda Labs identified a variant of the CryptoWall ransomware signed with a valid digital certificate from DigiCert and spread through malicious ads on the Zedo ad network to several popular Web sites. As of September 29, the CryptoWall variant was detected by 12 of 55 security solutions on VirusTotal.

Full Story:
http://news.softpedia.com/news/CryptoWall-Delivered-Via-Malvertising-Campaign-on-Top-Ranked-Websites-460375.shtml

All CloudFlare customers benefit from Universal SS
CloudFlare announced September 29 that it was providing all customers with SSL certificates under its Universal SSL service to enhance security.

Full Story:
http://news.softpedia.com/news/All-CloudFlare-Customers-Benefit-from-Universal-SSL-460374.shtml

New data breaches hit Supervalu, Albertson’s
Supervalu officials reported a second incident September 29 where hackers installed a different piece of malware on the company’s computer system that potentially captured customers’ payment card information from the payment processing systems of four Cub Foods stores in Minnesota and several Albertson’s grocery stores across the U.S. between August and September.

Full Story:
http://www.securityweek.com/new-data-breaches-hit-supervalu-albertsons

Disclaimer: The above information largely has been reproduced from the DHS Open Source Daily Report, a full version of which can be found at http://www.dhs.gov/files/programs/editorial_0542.shtm.  Enclave Security, LLC and its agents used their best efforts in collecting and preparing the information published herein. However, Enclave Security, LLC, does not assume, and hereby disclaims, any and all liability for any loss or damage caused by errors or omissions, whether such errors or omissions resulted from negligence, accident, or other causes.

Topics: DHS Infrastructure Reports | No Comments »

Critical signature forgery flaw found in Mozilla NSS crypto library: Cyber Updates September 29th

By Kelli Tarala | September 29, 2014

berserk-shieldSource:  http://www.intelsecurity.com

Mozilla released an update for its products and Google updated Chrome and Chrome OS to address the “BERserk” vulnerability exposed by two independent researchers from Intel Security Advanced Threat Research Team and INRIA Paris-Rocquencourt who found that the Mozilla Network Security Services (NSS) cryptographic library can be exploited for signature forgery acts. The hackers can leverage the flaw in the parsing of ASN.1 encoded messages which use Basic Encoding Rules (BER) by exploiting the fact that the length of a field in BER can be made to use many bytes of data.

Full Story:
http://www.securityweek.com/critical-signature-forgery-flaw-found-mozilla-nss-crypto-library

Bash bug “Shellshock” is as large as issue as Heartbleed
A researcher found a security vulnerability in the GNU Bourne Again Shell (Bash) command interpreter named Shellshock available through versions 1.14 and 4.3 and used in several Unix-based operating systems such as Linux and Mac OS X that poses the risk of remote code execution and can be executed in many ways by applications. A patch was issued for the vulnerability CVE-2014-6271 but remained incomplete, and a second vulnerability, CVE-2014-7169, that was issued as a result remains unpatched.

Full Story:
http://news.softpedia.com/news/Bash-Bug-Shellshock-Is-As-Large-An-Issue-As-Heartbleed-459913.shtml

More trouble for jQuery as second compromise reported
JQuery, an open source JavaScript library, worked to mitigate a second compromise after its site’s homepage was defaced. Representatives announced that the Web site was taken down and cleaned of infected files and that the company is working on re-securing its servers, and working to address vulnerabilities.

Full Story:
http://threatpost.com/more-trouble-for-jquery-as-second-compromise-reported/108510

SMB employees targeted with fake termination emails: Bitdefender
Researchers at Bitdefender warned employees and IT administrators of small and medium-sized businesses about a rash of fake emails claiming false termination that is designed to distribute information-stealing malware using an ARJ file archiver. Once the attached file is decompressed and executed, the malware opens a clean rich text format (RTF) document which connects to attackers who execute instructions to the victim.

Full Story:
http://www.securityweek.com/smb-employees-targeted-fake-termination-emails-bitdefender

Jimmy John’s confirms data breach at 216 shops, including in Longmont, Broomfield
Jimmy John’s Gourmet Sandwiches officials confirmed September 24 that stolen credentials were used by an undisclosed party to remotely log into the point-of-sale systems of about 216 of the company’s stores nationwide between June 16 and September 5. Officials reported that breach affected transactions in which payment cards were swiped at the stores, and has since been contained.

Full Story:
http://www.dailycamera.com/boulder-business/ci_26596775/jimmy-johns-confirms-data-breach-at-216-shops

Apple yanks buggy iOS 8 update
Apple pulled its iOS 8.0.1 update and is working on a patch after reports that the update was cutting off cell service and making the Touch ID fingerprint sensor inoperable.

Full Story:
http://www.networkworld.com/article/2687496/smartphones/apple-yanks-ios-8-update.html

Disclaimer: The above information largely has been reproduced from the DHS Open Source Daily Report, a full version of which can be found at http://www.dhs.gov/files/programs/editorial_0542.shtm.  Enclave Security, LLC and its agents used their best efforts in collecting and preparing the information published herein. However, Enclave Security, LLC, does not assume, and hereby disclaims, any and all liability for any loss or damage caused by errors or omissions, whether such errors or omissions resulted from negligence, accident, or other causes.

Topics: Uncategorized | No Comments »

Tiny Banker, a Banker for Money: DHS Cyber Updates September 25th 2014

By Kelli Tarala | September 25, 2014

trojan_piggybank-100437500-primary_idge Source: ShutterStock

New Tinba banking trojan variant is stealthier, uses public key signing
Researchers from Trusteer analyzed an updated variant of the Tiny Banker (also known as Tinba) financial malware and discovered that the authors added a domain generation algorithm (DGA) and fitted it with user-mode rootkit capabilities and a verification process to make sure that messages are sent from an authentic bot master.

Full Story:
http://news.softpedia.com/news/New-Tinba-Banking-Trojan-Variant-Is-Stealthier-Uses-Public-Key-Signing-459834.shtml

Digital currency tech chief pleads guilty in fraud
A former Liberty Reserve executive pleaded guilty in a New York federal court September 23 for his role in running an unlicensed online banking company that laundered over $6 billion from more than 1 million individuals from 17 countries, including more than 200,000 people in the U.S, between 2006 and 2013. The executive was one of seven individuals charged in what is believed to be the largest money laundering prosecution in history.

Full Story:
http://www.securityweek.com/digital-currency-tech-chief-pleads-guilty-fraud

Federal regulators force shutdown of fake bitcoin-mining operation
A federal court in Missouri ordered Kansas-based Butterfly Labs to temporarily cease operations after the Federal Trade Commission alleged that the company marketed its computers as able to generate the Bitcoin virtual currency, but failed to deliver the equipment, bilking more than 20,000 customers out of tens of millions of dollars.

 

Full Story:
http://www.nextgov.com/mobile/2014/09/federal-regulators-force-shutdown-fake-bitcoin-mining-operation/94871/

Mozilla to part ways to SHA-1
Mozilla asked Certificate Authorities and Web sites to upgrade certificates to SHA-256, SHA-384, or SHA-512 after experts reported that SHA-1 will be practical for collision attacks by 2018. Mozilla will release warnings to update certificates on versions of Firefox in early 2015.

Full Story:
http://threatpost.com/mozilla-latest-to-part-ways-with-sha-1/108495

Fiberlink wipes one smartphone or tablet every three minutes
Researchers at Fiberlink examined 130,000 devices managed by MaaS360 and found that one mobile device is wiped every 3 minutes. The study also determined that in 2013 businesses, on average, cleared 10 percent to 20 percent of their entire device populations yearly.

Full Story:
http://www.networkworld.com/article/2687065/mdm-mam/fiberlink-wipes-one-smartphone-or-tablet-every-three-minutes.html

Mitigations for Spike DDoS toolkit-powered attacks
Akamai Technologies released an advisory alerting enterprises of the Spike distributed denial of service (DDoS) toolkit that runs on a Windows system and can launch infrastructure-based and application-based DDoS payloads including SYN flood, UDP flood, GET flood, and Domain Name system (DNS) query floods. The toolkit can be mitigated be implementing access control lists (ACLs).

Full Story:
http://www.net-security.org/secworld.php?id=17406

Apple’s new iPhone 6 vulnerable to last year’s TouchID fingerprint hack
Lookout researchers found that a vulnerability that could allow access into Apple’s iPhone 6 and 6 Plus models through their TouchID fingerprint sensors remained unpatched. Scammers can unlock the devices by creating a fake fingerprint, the same flaw that was found in the iPhone 5S model in 2013.

Full Story:
http://www.theregister.co.uk/2014/09/23/

Disclaimer: The above information largely has been reproduced from the DHS Open Source Daily Report, a full version of which can be found at http://www.dhs.gov/files/programs/editorial_0542.shtm.  Enclave Security, LLC and its agents used their best efforts in collecting and preparing the information published herein. However, Enclave Security, LLC, does not assume, and hereby disclaims, any and all liability for any loss or damage caused by errors or omissions, whether such errors or omissions resulted from negligence, accident, or other causes.

Topics: Uncategorized | No Comments »

jQuery.com compromised via drive-by download: Cyber Security Highlights September 24th

By Kelli Tarala | September 24, 2014

jquery Source: www.jquery.com

jQuery.com compromised to serve malware via drive-by download
RiskIQ researchers found and reported that jQuery.com, the official Web site of the cross-platform JavaScript library of the same name, was compromised and redirected its visitors to a site hosting the RIG exploit kit and delivered information-stealing malware. The attack was discovered September 18 and the site’s administrators removed the malicious script.

Full Story:
http://www.net-security.org/malware_news.php?id=2869

DDoS attackers turn fire on ISPs and gaming servers
NSFOCUS researchers determined gaming hosts and Internet service Providers (ISP) have been the focus for distributed denial of service (DDoS) attacks in 2014, rising in the first half to 10 percent and nearly 15 percent of attacks respectively.

Full Story:
http://www.networkworld.com/article/2687127/security/ddos-attackers-turn-fire-on-isps-and-gaming-servers.html

Kyle and Stan malvertising network nine times bigger than first reported
Researchers found nearly 6,500 malicious domains are involved in the Kyle and Stan malvertising network and over 31,000 connections were made to the domains, nine times larger than originally reported by Cisco. The campaign is unique in its ability to infect Windows and Mac OS X software differently and can drop ads on larger Web sites.

Full Story:
http://threatpost.com/kyle-and-stan-malvertising-network-nine-times-bigger-than-first-reported

Serious vulnerabilities found in wireless thermostats
Researchers found that UK-based Heatmiser Wi-Fi thermostats contain at least nine vulnerabilities that can be controlled remotely by forwarding port 80 for Web control and port 8068 for mobile apps. Heatmiser announced that it is looking into the findings and recommended customers close port 80 on their thermostats.

Full Story:
http://www.securityweek.com/serious-vulnerabilities-found-wireless-thermostats

Wells Fargo advisors admits failing to maintain controls and producing altered document.
Wells Fargo Advisors LLC agreed to pay a $5 million penalty September 22 to settle U.S. Securities and Exchange Commission (SEC) charges claiming that the company failed to maintain adequate controls to prevent insider trading. The agreement was reached after the SEC charged a former Wells Fargo broker for trading on nonpublic information obtained from a client ahead of that customer being acquired by a private equity firm.

Full Story:
http://www.sec.gov/News/PressRelease/Detail/PressRelease/1370543012047

Disclaimer: The above information largely has been reproduced from the DHS Open Source Daily Report, a full version of which can be found at http://www.dhs.gov/files/programs/editorial_0542.shtm.  Enclave Security, LLC and its agents used their best efforts in collecting and preparing the information published herein. However, Enclave Security, LLC, does not assume, and hereby disclaims, any and all liability for any loss or damage caused by errors or omissions, whether such errors or omissions resulted from negligence, accident, or other causes.

Topics: DHS Infrastructure Reports | No Comments »

Apple fixes numerous vulnerabilities: Cyber Highlights September 22nd, 2014

By Kelli Tarala | September 22, 2014

os-x-10-9-5-update Source: http://cdn.osxdaily.com/

 

Apple fixes numerous vulnerabilities with release of Mac OS X 10.9.5
Apple released the latest version of its OS X operating system September 18, which addresses over 40 vulnerabilities that could lead to information disclosure, arbitrary code execution, privilege escalation, and other issues. Apple also released security updates for its OS X Server, Apple TV, Xcode development platform, and Safari Web browser.

Full Story:
http://www.securityweek.com/apple-fixes-numerous-vulnerabilities-release-mac-os-x-1095

Dyre trojan caught in the cookie jar.
An analysis by Adallom researchers found that a new variant of the Dyre banking trojan is targeting login credentials for large banks and corporate accounts. The new variant is capable of stealing client certificates and browser cookies, potentially acquiring the same account persistence for attackers as that held by legitimate users.

Full Story:
http://threatpost.com/dyre-trojan-caught-in-the-cookie-jar/108373

Malicious advertisements distributed by DoubleClick, Zedo networks
Researchers at Malwarebytes found that the DoubleClick and Zedo advertisement networks have been delivering malicious ads to several popular Web sites including Last.fm, The Times of Israel, and The Jerusalem Post. The malicious ads redirect users to a page hosting the Nuclear exploit kit which then attempts to drop the Zemot malware used by attackers to download additional malicious components.

Full Story:
http://www.networkworld.com/article/2686393/malicious-advertisements-distributed-by-doubleclick-zedo-networks.html

Home Depot breach bigger than Target at 56 million cards
Home Depot officials reported September 18 that 56 million payment cards were likely compromised when attackers used custom-built malware to breach the networks of stores in the U.S. and Canada between April and September 8 when the breach was detected. Costs associated with the breach are estimated to total $62 million to date.

Full Story:
http://www.reuters.com/article/2014/09/18/us-home-depot-dataprotection-idUSKBN0HD2J420140918

Disclaimer: The above information largely has been reproduced from the DHS Open Source Daily Report, a full version of which can be found at http://www.dhs.gov/files/programs/editorial_0542.shtm.  Enclave Security, LLC and its agents used their best efforts in collecting and preparing the information published herein. However, Enclave Security, LLC, does not assume, and hereby disclaims, any and all liability for any loss or damage caused by errors or omissions, whether such errors or omissions resulted from negligence, accident, or other causes.

Topics: Uncategorized | No Comments »


« Previous Entries