July 5, SecurityWeek – (International) Information-collecting Android keyboard tops 50 million installs. Security researchers from Pentest Limited discovered a third-party keyboard application for Android dubbed “Flash Keyboard” was allegedly seen conducting malicious activity by communication with servers in several countries and sending personal data including the device manufacturer and model number, International Mobile Station Equipment Identity (IEMI), Android version, user email address, mobile networks, and GPS co-ordinates to a remote server. The application engages in deceptive behavior, which Google prohibits. Source
July 5, Softpedia – (International) New malware uses Tor to open backdoor on Mac OS X systems. Security researchers from Bitdefender discovered a new malware family named Backdoor.MAC.Eleanor on Mac operating system (OS) X can open a backdoor via the Tor hidden service, Hypertext Preprocessor (PHP) Web service, and a Pastebin client. The backdoor can allow cyber criminals to navigate and interact with local fire system, launch reverse shells to execute root commands, and launch and execute several scripts including PHP, PERL, Python, Ruby, Java, and C. Source
Above Reprinted from the USDHS Daily Open Source Infrastructure Report
July 6, Dark Reading – US-CERT Issues Alert Over Severe Security Bugs In Symantec, Norton Products. US-CERT this week warned users to immediately patch their Symantec and Norton antivirus software in the wake of revelations of severe vulnerabilities that could allow an attacker to remotely control victim machines. The vulnerabilities, which were uncovered by Google's Tavis Ormandy, affect some 24 products in Windows, OS X, and Linux environments. Source