July 4, Softpedia – (International) Flaws in free SSL tool allowed attackers to get SSL certificates for any domain. StartCom released a new version of its StartEncrypt Linux tool after a security researcher from CompuTest discovered the product had several design and implementation flaws that could allow an attacker to extract signatures from any Web site that enables its users to upload files including GitHub and Dropbox. In addition, an attacker could obtain Secure Sockets Layer (SSL) certificates for other domains. Source
July 4, Softpedia – (International) Free decrypter available for download for MIRCOP ransomware. A security researcher created a decrypter tool that can recover files locked by the MIRCOP ransomware without paying the ransomware fee after an independent researcher and security researchers from Trend Micro revealed the presence of the new ransomware family at the end of June. Source
July 4, Softpedia – (International) New Adwind RAT campaign with zero AV detection targets businesses in Denmark. Security researchers from Heimdal Security discovered a spam email campaign was targeting Danish companies after finding that the spam emails came with malicious file attachments named “Doc-[Number].jar” that were not detected by antivirus engines, even if the attachments carried Adwind Remote Access Trojan (RAT). Researchers believe the campaign may target other international countries as the emails were written in English. Source
July 4, Softpedia – (International) Malware spread via Facebook makes 10,000 victims in 48 hours. Security researchers from Kaspersky Lab reported that from June 24 – June 27, cyber criminals were using Facebook spam messages to distribute malware to user accounts and allegedly selling Facebook “likes” and “shares” via botnet of infected devices by informing users about mentions in comments and convincing them to access a link that would secretly download a trojan on the user’s computer, as well as secretly install an extension in the user’s Google Chrome Web browser. Facebook blocked the technique and Google removed the extension from its Chrome Web Store. Source
July 4, SecurityWeek – (International) Critical vulnerability breaks Android full disk encryption. An independent Israeli security researcher discovered that Qualcomm Secure Execution Environment (QSEE) was plagued with a critical elevation of privilege (EoP) flaw that affects 57 percent of Android devices, which could allow an attacker to bypass the Full Disk Encryption (FDE) security feature previously implemented in Android 5.0 Lollipop. The flaw could allow a compromised, privileged application, with access to QSEECOM, to execute arbitrary code in the TrustZone content. Source
July 4, SecurityWeek – (International) Spam campaign distributing Locky variant Zepto ransomware. Security researchers from Cisco Talos warned customers that the Zepto ransomware, a variant of the Locky ransomware, was found distributing over 4,000 spam emails June 27, and distributing as many as 137,731 emails in 4 days via an attached .zip archive that contains a malicious JavaScript. Researchers reported that the campaign contained a total of 3,305 unique samples that convinced targets to open the spam emails by using various subject lines and sender profiles including “CEO” and VP of Sales.” Source
July 4, Softpedia – (International) HawkEye keylogger users employ hacked emails accounts to receive stolen data. Security researchers from Trustwave discovered a spam email campaign was using the HawkEye keylogger to allow attackers to collect emails, browsers, and File Transfer Protocol (FTP) settings and passwords by delivering malicious Rich Text Format (RTF) documents disguised as Microsoft Word files to victims, and allowing the hijacked accounts to reroute all messages received from a victim’s email address to the attacker’s personal inbox. Source
July 4, IDG News Service – (National) Second man pleads guilty to hacking entertainment celebs. The U.S. District Court for the Central District of California reported that an Illinois resident pleaded guilty for his involvement in a phishing scheme where he gained access to several female celebrities and non-celebrities’ usernames, passwords, and personal information including private photographs and videos after he sent them emails disguised as security accounts of Internet service providers. The culprit accessed at least 300 Apple iCloud and Google Gmail accounts. Source
July 4, SecurityWeek – (International) Firmware zero-day allows hackers to disable security features. A security researcher discovered a zero-day firmware vulnerability in the Unified Extensible Firmware Interface (UEFI), which is installed on all Lenovo ThinkPad series laptops, after identifying that the flaw exists in the System Management Mode (SMM) code of Lenovo’s UEFI and can be exploited for several malicious actions including disabling the Secure Boot feature, disabling UEFI write protections, and bypassing Windows 10 Enterprise security features. Lenovo is investigating the incident. Source
July 3, Softpedia – (International) Satana ransomware encrypts your boot record and prevents your PC from starting. Security researchers from Malwarebytes reported that the new ransomware dubbed Satana encrypts files using the same method as other ransomware families, but attaches its email address to each file, encrypting the Master Boot Record (MBR) and replaces it with its own. Once a user restarts their computer, the MBR boot code will load and lock the user out of the computer while Santa’s ransom note displays on the screen. Source
July 4, SecurityWeek – (International) Unpatched flaws plague Sierra Wireless Industrial Gateways. An independent security researcher reported that the Sierra Wireless AirLink Raven XE and XT modems were plagued with several flaws including a lack of anti-Cross-Site Request Forgery (CSRF) tokens in AceManager that could allow an attacker to perform arbitrary actions if they convince victims to open a malicious link. In addition, the product was plagued with a flaw that pertained to the existence of a default account that could allow an attacker, with access to the network, log into the device’s Web administration interface, among other flaws. Source
Above Reprinted from the USDHS Daily Open Source Infrastructure Report