A critical security patch has been released for all IE versions prior to Edge. This is a vulnerability that can infect user simply by browsing to a malicious site. Users should patch whether they use IE as their primary browser or not as IE is used by a number of other applications.
According to Qualys, this vulnerability is already being exploited in the wild.
There is significant disagreement as to whether the AshleyMadison.com user database which was being held for ransom (the ransom being the site be shut down) was leaked in the last 48 hours.
Continue reading AshleyMadison User Database Leaked (Or Not)
Interesting take by Krebs on the failings of a startup called Secure Channels Inc. Yet another company that was very reluctant to share their source code for review, but very willing to promote that their product was unbreakable.
I’m looking forward to similar discussions on other security/encryption products such as Symphony’s secure messaging platform, which, while much less boastful, hasn’t opened up their technology either. Fortunately for us, the NYS Department of Financial Services is at least looking into them.
A bit late for getting general availability, but Google has finally begun rolling out the Stagefright patches to their Nexus devices. It was reported that T-Mobile and Sprint released theirs in the last week and that Samsung had released them for specific devices as well.
Phishing/Malware email campaigns have taken to new tactics to try to avoid detection by various malware analysis tools such as Fireeye and their ilk. This latest tactic is to embed different document types inside another one. While the last few weeks it was embedding things inside of word docs. Today we have begun to see evidence of word docs embedded in PDFs.
Check out: link 1 which embeds link 2 (and at VirusTotal)
RSA today released a research report detailing their finds on what they are dubbing Terracotta. It is a series of VPN networks which do carry some significant legitimate VPN traffic to allow users inside of China to subvert the Great Firewall. However, it appears that various APT groups are also utilizing the service. Apparently calls to 1.8800free.info and 2.8800free.info are an indicator that a site has been compromised. However at this date it is difficult to find IP information for the domain or hosts on it.
Continue reading Terracotta: legitimate VPN or APT source
The RIG crimeware kit received a major upgrade in the last few weeks. Infecting about 27,000 victims a day, the new kit is partially utilizing vulnerabilities in Flash made public with the HackingTeam document exposures.
RIG itself needed to be updated after its source code was released by a disgruntled reseller of of toolkit. The new kit is targeting 3 vulnerabilities. CVE-2015-5122 for Adobe Flash, CVE-2014-6332 for Windows OLE and CVE-2013-2551 and attack on IE 6 through IE 10.
Continue reading New RIG 3.0 Malware infected over a million users in last 6 weeks
Hackers used Yahoo’s Ad network to infect an unknown (to the public) number of users over a 7 day period. The attack started July 28th and targeted a number of Yahoo’s heavily trafficked sports, news and finance websites.
The attack was first uncovered by Malwarebytes. Once users visited one of the pages that was sending out the malware banners, the Windows machines were automatically infected. Infected machines were either held for ransom by the attackers or silently directed to other sites which paid the hackers for additional traffic.
It is believed that the attackers were using Flash exploits uncovered with the release of HackingTeam’s data. Once again, if you can live without Flash, you should.