August 16, Softpedia – (International) FalseCONNECT vulnerability affects software from Apple, Microsoft, Oracle, more. A security researcher discovered a flaw in how applications from several vendors respond to Hypertext Transfer Protocol (HTTP) CONNECT requests via HTTP/1.0 407 Proxy Authentication Required responses which could allow an attacker with a foothold in a compromised network and the ability to listen to proxy traffic to detect HTTP CONNECT requests sent to the local proxy and issue a 407 Proxy Authentication Required response where the user must input a password to access a specific service and then authenticate, thereby sending the response to the malicious actor. Researchers stated that WebKit-based clients including Google Chrome, Apple’s iTunes, and Google Drive, among others, are most vulnerable to the attack. Source
August 15, SecurityWeek – (International) Windows script files used to deliver Locky ransomware. Researchers from Trend Micro warned that a Locky ransomware variant was being delivered to targeted organizations using Microsoft Windows script (WSF) files in order to download any malware payload and to make detection more difficult, as WSF files are not engine-specific, contain more than one scripting language, and are not monitored by typical endpoint security solutions, thereby increasing the chances of bypassing sandboxes and blacklisting technologies. Researchers stated the cybercriminals were targeting companies and that the files delivering Locky were compressed in ZIP archives and attached to emails with business-related subject lines. Source
August 15, Softpedia – (International) 1.4 billion Android devices affected by Linux TCP flaw. Lookout security researchers reported that a security flaw in the Linux kernel’s implementation of the Transmission Control Protocol (TCP), which could allow a malicious actor to hijack unencrypted Web traffic or shutdown encrypted connections between two parties without a man-in-the-middle (MitM) position also affects 1.4 billion Android devices running versions 4.4 or higher, as the Android mobile operating system (OS) is built on a modified version of the Linux kernel. Researchers advised users to encrypt their traffic by employing a virtual private network (VPN), among other methods, to protect their devices. Source
August 15, SecurityWeek – (International) Flaw allows attackers to modify firmware on Rockwell PLCs. Cisco Talos researchers discovered a high severity flaw in Rockwell Automation, Inc.’s Allen Bradley MicroLogix 1400 programmable logic controllers (PLCs) where an undocumented Simple Network Management Protocol (SNMP) community string, dubbed “wheel” could be exploited to make unauthorized changes to a device, including replacing the original firmware with a malicious version. Rockwell Automation advised customers to use the RUN key switch setting to prevent unauthorized firmware updates and configuration changes. Source
Above Reprinted from the USDHS Daily Open Source Infrastructure Report
August 16, Dark Reading - 'Strong Connection' Between Files Leaked By ShadowBrokers & The Equation Group. Researchers from Kaspersky Lab, which exposed the so-called Equation Group two years ago, say several hundred of the hacking tools leaked online have ties to the nation-state gang. The team of researchers at Kaspersky Lab who initially exposed the so-called Equation Group in 2015 today confirmed that several hundred of the purported tools leaked online have ties to that sophisticated hacker group. Source