August 14, Softpedia – (International) Sharp increase in malware utilizing SSL. Blue Coat released a report revealing that the number of malware samples employing secure sockets layer (SSL) increased from 500 samples per month to 29,000 over a 2 month period and the number of active command and control (C&C) servers that used SSL-protected connections to communicate with their bots increased from 1,000 servers in quarter 1 of 2015 to 200,000 servers in quarter 2 after the security firm analyzed the detections and infrastructure of common malware families known to implement SSL for protection, and cyber-criminal activity from January 2014 – December 2015. Source
August 14, Softpedia – (International) New FSS Rowhammer attack hijacks Linux VMs. Researchers from the Vrije University in the Netherlands discovered a new version of the Rowhammer attack, dubbed Flip Feng Shui (FSS) that works in conjunction with memory deduplication is capable of compromising the memory of shared Linux-based virtual machines (VMs) used for cloud hosting services and could allow an attacker to gain control of a victim’s accounts despite the absence of software vulnerabilities if the malicious attacker buys access to cloud services co-hosted with the victim. Researchers discovered the flaw is in the cryptographic software and stated the attack can be used in multiple other forms and applications in the software stack. Source
August 13, Softpedia – (International) New Windows trojan steals enterprise data and Microsoft Office files. Security researchers from Bleeping Computer discovered malicious actors were distributing a new type of infostealer trojan as a file, dubbed Aug_1st_java.exe that disguises itself as the process of the Google Chrome browser and targets 11 file types specific to enterprise environments, including extensions associated with Microsoft Office applications in order to gather information about the computer, including the username, version of Windows, and a list of currently installed applications, among other data, and then directs and uploads the files to its command and control (C&C) server via the Microsoft Message Queuing (MSMQ) protocol. Researchers also found that the infostealer trojan modifies the Windows Registry after installation in order to gain the ability to run automatically when the victim reboots their computer. Source
August 14, Softpedia – (International) ARMageddon cache attack on Android devices can monitor keystrokes, ARM TrustZone. Researchers from the Graz University of Technology in Austria discovered the first-ever cache attack affecting multi-core Advanced RISC Machines (ARM) central processing units (CPUs) used in hundreds of millions Android devices that could allow a third-party with no elevated privileges to extract small portions of data from a CPU cache using techniques like Prime+Probe, Flush+Reload, Evict+Reload, and Flush+Flush to monitor keystrokes, the ARM TrustZone, as well as tap and swipe gestures events sent to the CPU for processing in order to infer details about the data being processed. Google patched most of the issues in its March 2016 Android Security Bulletin. Source
August 15, Softpedia – (National) PoS malware found at 20 HEI Hotels properties. HEI Hotels & Resorts announced August 15 that it notified customers the weekend of August 13 about a security breach of its payment card processor that targeted 20 of its properties nationwide since December 2015 after unauthorized individuals installed malware on its point-of-sale (PoS) systems to capture sensitive data including payment card account number, card verification code, and card expiration date, among other details. The company disabled the malware and is working to reconfigure various network components and payment systems to enhance the security of its systems. Source
Above Reprinted from the USDHS Daily Open Source Infrastructure Report
August 15, Dark Reading - Android DroidJack Malware Spreading Via 'Over-The Top' Services.
RAT finding new ways to spread that work around carrier and phone defenses. In a sign that malware developers are keeping up the full-court press with ingenuity in obfuscating their attacks, the powerful Android DroidJack remote access tool (RAT) was shown today to employ a new means of distribution: via so-called over the top (OTT) carrier services. Source
August 15, Dark Reading - New Banking Malware Touts Zeus-Like Capabilities. Scylex malware built from scratch for financial theft, according to an ad in infamous underground forum. Financial institutions could be in for more trouble of the Zeus-like variety if a new malware kit being promoted in an underground forum is any indication. The new Scylex malware kit appears designed to enable financial crime on a large scale, a researcher from Heimdal Security of Denmark, said in an alert this week. Source