July 14, IDG News Service – (International) Juniper patches high-risk flaws in Junos OS. Juniper Networks fixed several vulnerabilities in the Junos operating system (OS) used on its networking and security appliances, including an information leak in the J-Web interface, vulnerabilities that could lead to denial of service conditions, a potential kernel crash, a potential memory buffer (mbuf) leak, a crypto vulnerability, and an issue with SRX Series devices. Source
July 14, Softpedia – (International) Microsoft discovers new version of Troldesh ransomware. Microsoft Malware Protection Center researchers discovered a new version of the Troldesh ransomware, also known as Encoder.858 and Shade Ransomware, that contains new modifications including a dedicated payment portal where users can get information on how to pay the ransom, utilization of a Tor Web site, and two new extensions, “.da_vinci_code” and “.magic_software_syndicate,” which are added to the end of encrypted files. Source
July 14, Softpedia – (International) Huge spam wave drops Locky variant that can work without an internet connection. F-Secure researchers examined a July 12 campaign utilizing the Locky ransomware where the group sent out 120,000 spam email messages every 2 hours in 2 instances of activity. Avira researchers also found that a new Locky variant works in “offline mode,” making it harder to block. Source
July 13, IDG News Service – (International) Three popular Drupal modules patch site-takeover flaws. Drupal, a content management system, worked with three third-party module maintainers, RESTWS, Coder, or Webform Multiple File Upload, to address critical vulnerabilities that could allow attackers to take control of Web sites, including a flaw that allows attackers to execute rogue Hypertext Preprocessor (PHP) code Web servers that host Drupal Web sites with the modules, as well as flaws that could lead to remote code execution (RCE). Source
July 13, Softpedia – (International) Ransomware permanently deletes your files then has the nerve to ask for money. Cisco Talos researchers discovered a new piece of ransomware dubbed Ranscam that deletes the victim’s files after infecting the computer, and removes core Microsoft Windows executables responsible for the System Restore feature, hard drive shadow copies, and several registry keys associated with booting into Safe Mode, among other modifications. Once the removal is complete, the ransomware shows its ransom note and falsely informs the victim that their files are encrypted and moved into a hidden partition. Source
Above Reprinted from the USDHS Daily Open Source Infrastructure Report