July 20, SecurityWeek – (International) Oracle’s critical patch update for July contains record number of fixes. Oracle released its July Critical Patch Update (CPU) that addressed a total of 276 vulnerabilities in several of its products including 19 critical security flaws affecting the Oracle WebLogic Server component, the Hyperion Financial Reporting component, and the Oracle Health Sciences Clinical Development Center component, among other applications. The update also resolves 36 security flaws in applications specifically designed for the insurance, health, financial, and utility sectors, as well as 159 remote code execution (RCE) flaws that can be exploited without authentication. Source
July 20, Softpedia – (International) Free decrypter available for Bart ransomware. A security researcher for AVG released a free decrypter for the Bart ransomware that recovers files locked by the ransomware after discovering Bart uses one password for all files placed inside a password-protected ZIP archive. Source
July 19, SecurityWeek – (International) Petya ransomware gets encryption upgrade. A security researcher dubbed Hasherezade discovered the Petya ransomware no longer allows for easy data recovery after finding that the malware operators bundled Petya with Mischa, a failsafe designed to encrypt user files one at a time if Petya was unsuccessful in manipulating the Master Boot Record (MBR) to take over the boot process and encrypt the entire hard disk after a reboot. Source
July 19, IDG News Service – (International) Security software that uses ‘code hooking’ opens the door to hackers. Researchers from enSilo discovered 6 security vulnerabilities affecting over 15 different products, including antivirus programs from Kapersky Lab, Trend Micro, and Symantec, among others, using hooking to intercept, monitor, or modify potentially malicious behavior in applications and operating systems (OS), can be exploited by malicious attackers to easily bypass the anti-exploit mitigations provided by Microsoft Windows or third-party applications in order to exploit the vulnerabilities and inject malicious code into any process running on a victim’s device while remaining undetected . Source
July 19, Softpedia – (International) Gmail security filters can be bypassed just by splitting a word in two. Security researchers from SecureState discovered that an attacker can bypass Gmail’s security features responsible for detecting malicious macros in Microsoft Office document attachments by separating “trigger words” into two words or across a row of text after finding that the security filters failed to detect malicious macros in the script when an attacker split a sensitive term on two different lines of the exploit code. Source
July 19, SecurityWeek – (International) DoS vulnerability patched in BIND. The Internet Systems Consortium (ISC) released BIND versions 9.9.9-P2 and 9.10.4-P2 addressing a medium severity, remote code execution (RCE) vulnerability that could cause systems using the lightweight resolver protocol (lwresd) to resolve names to enter a denial-of-service (DoS) condition due to an error in the way the protocol was implemented after finding that the server can terminate when the lwresd is asked to resolve a query name that exceeds the maximum allowable length when combined with a search list entry. Source
July 20, Softpedia – (National) DDoS attack takes down U.S. Congress Web site for three days. A U.S. Library of Congress spokesperson reported that the U.S. Library of Congress, U.S. Copyright Office, and U.S. Congress Web sites were inaccessible July 17 – July 20 following a distributed denial-of-service (DDoS) attack involving a type of Domain Name System (DNS) attack that affected the infrastructure of the server hosting the Web sites. Officials reported the Web sites have recovered and no other U.S. Government portals appear to have been affected by the attack. Source
Above Reprinted from the USDHS Daily Open Source Infrastructure Report