June 29, Softpedia – (International) Symantec products affected by multiple “as bad as it gets” vulnerabilities. A security researcher from Google’s Project Zero initiative discovered several vulnerabilities in Symantec’s security products including buffer overflow flaws, memory corruption flaws, and a high-severity flaw that does not require user interaction, affects default configuration, and allows the software to run on the highest privilege levels possible due to a vulnerable code in ASPack. Attackers could exploit the vulnerabilities by sending an email with a malicious file or embed a malicious link inside the email, among other methods. Source
June 28, Softpedia – (International) Alpine Linux 3.4.1 released with Linux Kernel 4.4.14 LTS, latest security fixes. Alpine Linux project released its Alpine Linux 3.4.1 operating system (OS) which included security updates in its kernel packages and in its core components, as well as other improvements to several other applications within its systems. Source
June 28, Softpedia – (International) LevelDropper Android app infected with autorooting malware. Lookout researchers identified the LevelDropper app in the Google Play Store which hides malware capable of rooting the user’s device in order to install unwanted applications. Researchers also found two privilege escalation exploits and supporting package files such as busybox and SuperSU, which also have the ability to root the device. Source
Above Reprinted from the USDHS Daily Open Source Infrastructure Report
June 29, Dark Reading - Hackers Pilfer $10 Million From Ukraine Bank. Reports allege criminals used SWIFT to transfer money, have compromised several Ukraine, Russia banks. An unidentified bank in the Ukraine was allegedly hacked and $10 million stolen via the SWIFT network, says International Business Times quoting the Information Systems Audit and Control Association (ISACA). Source