August 11, SecurityWeek – (International) Linux flaw allows attackers to hijack web connections. Researchers from the University of California at Riverside and the U.S. Army Research Laboratory discovered a vulnerability affecting the Transmission Control Protocol (TCP) specification implemented in Linux kernel could be leveraged to intercept TCP-based connections between two hosts on the Internet, to track users’ activity, terminate connections, and inject arbitrary data into a connection after an off-path attacker deduced the sequence numbers that identify TCP data packets exchanged between hosts using the Internet Protocol (IP) addresses of the targeted communicating devices. Developers of various Linux distributors were working to fix the security hole. Source
August 10, Softpedia – (International) Chrome, Firefox, and IE browser hijacker distributed via legitimate software. Intel McAfee security researchers discovered recent versions of the Bing.vc malware were being delivered to Google Chrome, Mozilla Firefox, and Microsoft’s Internet Explorer via legitimate-looking applications distributed by Lavians Inc., in order to take over the Website’s homepage and insert ads into visited sites, and redirect all users to Bing.vc in an attempt to sell victims an expensive utility to fix the browser hijacking problem. Researchers stated users must remove the registry keys or use an automated PC clean-up utility, as well as clean the shortcuts for each browser in order clear the malware from an infected app. Source
August 10, SecurityWeek – (International) Secure Boot vulnerability exposes Windows devices to attacks. Two researchers, dubbed MY123 and Slipstream discovered the new type of Secure Boot policy introduced in the Microsoft Windows 10 Anniversary Update, v1607, can be exploited to bypass the security feature and install rootkits and bootkits on Windows devices after finding that the new supplemental policies are loaded by the boot manager without being properly checked and can be used to enable “test-signing,” a feature that allows an attacker to bypass Secure Boot and load the malware once it is activated. Researchers stated the attack can only be carried out by an attacker with admin privileges or physical access to the targeted device and Microsoft was working to release a patch for the issue. Source
Above Reprinted from the USDHS Daily Open Source Infrastructure Report