September 15, SecurityWeek – (International) 6.6 million users affected by ClixSense breach. ClixSense confirmed that the details of over 6.6 million users were stolen after hackers gained access to the company’s database server after accessing an old server still connected to the database. ClixSense reported the vulnerable server has been shut down and restored user balances, forum, and account names, and reset user passwords, among other measures. Source
September 14, Softpedia – (International) Sixth Linux DDoS trojan discovered in the last 30 days. Dr. Web security researchers discovered a trojan affecting Linux machines via the Shellshock vulnerability that launches 25 child processes that carry out a distributed denial-of-service (DDoS) attack on a targeted device when the attacker in control of the trojan botnet issues an attack command. Researchers stated the trojan can start Transmission Control Protocol (TCP) floods, User Datagram Protocol (UDP) floods, and Hypertext Transfer Protocol (HTTP) floods, as well as update itself, terminate its process, and delete itself, among other capabilities. Source
September 14, SecurityWeek – (International) Apple patches 7 flaws with release of iOS 10. Apple Inc., released version 10 of its operating system (iOS), Xcode version 8, and watchOS version 3 patching a total of seven vulnerabilities, including a flaw in iOS that can be exploited by a man-in-the-middle (MitM) attacker to prevent a device from receiving updates, an information disclosure vulnerability in iOS and watchOS that can be exploited by malicious applications to access an user’s location data, and a flaw in Xcode that could allow a local attacker to execute arbitrary code or crash an application, among other flaws. Source
Above reprinted from the USDHS Daily Open Source Infrastructure Report