July 15, SecurityWeek – (International) New trojan helps attackers recruit insiders. Researchers at Gartner Research and Diskin Advanced Technologies found a new trojan dubbed “Delilah” that uses social engineering and extortion to recruit insiders by collecting personal information and capturing video from the targeted user’s webcam while instructing users to use virtual private networks (VPNs) and the Tor network in order to manipulate or blackmail the targeted individual. Source
July 15, SecurityWeek – (International) IE exploit added to Neutrino after experts public PoC. FireEye and Symantec researchers found that Neutrino exploit kit (EK) researchers use an Adobe Flash file to deliver exploits in order to profile a victim’s system to determine which exploit to use after researchers published a proof-of-concept (PoC) exploit on two remote code execution (RCE) vulnerabilities that were patched by Microsoft in May. Researchers determined that the exploit added to Neutrino is identical to the one published, except for the code that runs after initial control. Source
July 14, Softpedia – (International) CryptXXX devs provide free decryption keys for some ransomware versions. Bleeping Computer researchers released a category of users who could obtain a free decryption key by visiting the Tor-based payment sites of the CryptXXX ransomware after their files were encrypted by the ransomware using the “.crypz” and “.cryp1” file extensions at the end. Source
July 14, Softpedia – (International) Maxthon browser collects sensitive data even if users opt out. Maxthon is investigating after Exatel and Fidelis Cybersecurity researchers found that the Maxthon Web browser collects sensitive information and sends it to its servers, even if the user opts out of the option due to an issue in the current implementation of User Experience Improvement Program (UEIP) that lets the browser manufacturer collect analytical information about how users utilize their product. Source
July 15, SecurityWeek – (National) Hundreds of flaws found in Philips Healthcare product. Philips advised Xper Connect users to update their operating system (OS) to Microsoft Windows 2008-R2 and install Xper version 1.5 service pack 13 after Whitescope LLC and Synopsys researchers discovered 460 vulnerabilities in Philips Xper Information Management Connect, which include code injections, information exposure flaws, and resource management and numeric errors, among others, that can allow an attacker to compromise the system. Source
July 14, Threatpost – (International) Cisco patches DoS flaw in NCS 6000 routers. Cisco Systems released patches for two products addressing a Simple Network Management Protocol (SNMP) configuration management flaw in the Cisco ASR 5000 Series, prior to versions 19.4 and 20.1 that could allow a remote attacker to read and modify device configurations using the SNMP read-write community strings. The second patch addresses a critical flaw in Cisco IOS XR for the Cisco Network Convergence System series router found in the management of system timer resources which could allow an attacker to remotely crash the router by sending a number of Secure Shell (SSH), Secure Copy Protocol (SCP), and Secure File Transfer Protocol (SFTP) management connections to an affected device. Source
Above Reprinted from the USDHS Daily Open Source Infrastructure Report