January 5, SecurityWeek – (International) FireCrypt ransomware packs DDoS code. The MalwareHunterTeam discovered that the FireCrypt ransomware is able to encrypt victims’ files, as well as launch a distributed denial-of-service (DDoS) attack against a Uniform Resource Locator (URL) hardcoded in the source code. The researchers found the URL FireCrypt targets cannot be modified using the ransomware’s builder, and reported that in order for the malware’s DDoS attack to cause significant damage, FireCrypt would have to infect thousands of devices simultaneously. Source
January 4, SecurityWeek – (International) Google patches 22 critical Android vulnerabilities. Google released its January 2017 Android Security Bulletin addressing a total of 95 vulnerabilities, including 23 flaws that impact various Android components and 72 bugs that affect drivers and other original design manufacturer (ODM) software, as well as Nexus and Pixel devices. The patches resolve a total of 22 critical vulnerabilities, including 21 elevation of privilege flaws in the Qualcomm bootloader, kernel file system, and Qualcomm video driver, among other components. Source
January 4, SecurityWeek – (International) MongoDB databases actively hijacked for extortion. A security researcher and co-founder of GDI Foundation found that a hacker, known as Harak1r1, is searching for vulnerable MongoDB databases exposed to the Internet and subsequently hijacks them to steal and replace the databases content with one called “Warning” before demanding a ransom in exchange for the data. The researcher reported that the malicious actor targets only those databases that contain important data, as companies are more likely to pay a high ransom to regain access to the content. Source
Above Reprinted from the USDHS Daily Open Source Infrastructure Report