June 26, Softpedia – (International) Uber bugs allowed hackers to gather details on rides, drivers, passengers. Security researchers from Integrity discovered 14 issues in Uber Technologies Inc.’s system that could be exploited to extract user details via the mobile app’s Help Section, obtain a driver’s and user’s universally unique identifier (UUID) and request private information such as names, pictures, location, car types, status, among other data, and use over 1,000 active promo codes that could have added $100 to each driver’s fair earnings, among other flaws. Source
June 25, Softpedia – (International) Bart ransomware locks files as individual password-protected ZIP archives. Security researchers from PhishMe, Proofpoint, and other firms reported that a new ransomware dubbed Bart was similar to the Locky ransomware and believe the ransomware was created by the same cyber-criminals as the distribution of the two ransomwares utilizes email spam campaigns to deliver a ZIP archive containing a malicious JavaScript (JS) file, which downloads RockLoader and the Bart ransomware. The Bart ransomware uses a different encryption method by placing each file in its ZIP archive file and securing the archive with a password. Source
June 24, SecurityWeek – (International) Severe vulnerabilities found in Meinberg NTP servers. Meinberg released firmware updates for several of its network time protocol (NTP) time servers after a security researcher found the devices were plagued with two stack-based buffer overflows and a weak access control issue that could allow an attacker to exploit the vulnerabilities to escalate the privileges to root. Source
June 24, SecurityWeek – (International) Flaw allowed hackers to deliver malicious images via PayPal. PayPal fixed a flaw in its Web site after a security researcher discovered the Uniform Resource Locator (URL) of payment pages set by users included a parameter named “image_url” that could be replaced with a URL pointing to an image hosted on a remote server, which could allow an attacker to use a third-party vendor’s PayPal payment page to deliver malicious images. Source
Above Reprinted from the USDHS Daily Open Source Infrastructure Report
June 28, Dark Reading - Attackers Wrapping New Tools In Old Malware To Target Medical Devices. Hospital equipment running old operating systems providing safe harbor for data theft, TrapX says. Medical devices running outdated operating systems like Windows XP and Windows 7 are giving attackers safe harbors within hospital networks for carrying out data theft in a nearly undetectable manner, a new report from TrapX Security warned this week. Source