July 28, SecurityWeek – (International) Many web attacks come from United States: Sucuri. Researchers at Sucuri analyzed metadata from 30 days of Web traffic and blocked requests from its firewall product and found that the Structured Query Language (SQL) injection, brute force, and other exploit attempts had various browser user agents, more than one-third of the attacks came from the U.S. followed by Indonesia and China, and that when it came to operating systems (OS) 45 percent of attacks came from Microsoft Windows. Source
July 28, Help Net Security – (International) Media-stealing Android app targets developers. Google removed the “HTML Source Code Viewer” app from its Google Play distribution service after Symantec researchers discovered the malicious app stole photos and videos from victims’ mobile devices by requesting permissions to access the device’s external storage. The app targeted all versions of Android after and including Gingerbread. Source
July 28, Softpedia – (International) Chrome, Firefox vulnerable to crashes via search suggestions. Nightwatch Cybersecurity researchers found that Google Chromium, Android, and Mozilla Firefox do not protect browser built-in search suggestions via an encrypted Hypertext Transfer Protocol Secure (HTTPS) channel, which could allow an attacker on the local channel to intercept search suggestion inquiries and answer before the search provider. Firefox, Chrome, and Android are working to address the issue. Source
July 26, Whitehouse.gov– (National) Presidential Policy Directive – United States Cyber Incident Coordination. The U.S. President’s administration released Presidential Policy Directive/PPD-41 July 26 detailing the U.S. Cyber Incident Coordination, which sets forth principles that govern the Federal Government’s response to cyber incidents and the designation of responsibility to certain Federal agencies, including the FBI and DHS. Source
July 27, SecurityWeek – (International) PayPal abused in banking trojan distribution campaign. Proofpoint security researchers discovered malicious actors were distributing the Chthonic banking trojan, a variant of the Zeus malware, via legitimate-looking PayPal emails to request money from users by sending money request messages claiming an illicit $100 transfer was made to the victim’s account which could be returned by clicking the malicious Goo.gl link that redirects the user to “katyaflash[.]com/pp.php,” where the malware is downloaded onto the device in the form of an obfuscated JavaScript file that connects to the command and control (C&C) server. Researchers discovered the malware was also downloading a previously undocumented second-stage payload dubbed AZORult. Source
Above Reprinted from the USDHS Daily Open Source Infrastructure Report