July 1, Softpedia – (International) Google finds 16 bugs, 2 zero-days, in Windows kernel font handling. Microsoft released patches for its Windows kernel that fixed 16 flaws after security researchers from Project Zero discovered that Windows executes all font processing operations in the kernel’s ring-0 with the highest level of permissions, allowing attackers to have direct access to the entire operating system (OS). Source
July 1, Softpedia – (International) Free decrypter available for Unlock92 ransomware. An independent security researcher created a decrypter tool for the ransomware, Unlock92 after security researchers from Malwarebytes discovered the new ransomware can encrypt victims’ files with a symmetric and Advanced Encryption Standard encryption (AES) and generate a 64-character hexadecimal password for each target. Source
July 1, SecurityWeek – (International) Foxit patches RCE flaws in Reader, PhantomPDF. Foxit Software released updates for its Reader and PhantomPDF products running version 7.3.4.311 and earlier Windows versions, that addressed more than a dozen vulnerabilities including out-of-bounds read, heap buffer overflows, stack buffer overflow, user-after-free, and uninitialized pointer issues that could have been exploited remotely to expose sensitive information, crash the application, and execute arbitrary code. Source
June 30, SecurityWeek – (International) Hackers can exploit LibreOffice flaw with RTF files. LibreOffice 5.1.4 was released June 30 after security researchers from Cisco Talos discovered that the Rich Text Format (RTF) parser in LibreOffice was susceptible to a flaw that could allow an attacker to execute arbitrary code using specially crafted RTF files by tricking the victim into opening a malicious RTF file sent via email. Source
Above Reprinted from the USDHS Daily Open Source Infrastructure Report