September 27, SecurityWeek – (International) Russian cyberspies use “Komplex” trojan to target OS X systems. Palo Alto Networks discovered an Apple Mac operating system (OS) X trojan, dubbed Komplex establishes contact with its command and control (C&C) server after infecting a device in order to collect system information, and allows an attacker to execute arbitrary commands and download files to the affected machine. The researchers stated Komplex has reportedly been used by a Russian cyber espionage group known as Sofacy to target the U.S. government, the World Anti-Doping Agency (WADA), and the German parliament. Source
September 26, SecurityWeek – (International) Microsoft removes Windows Journal due to security flaws. Microsoft removed the Windows Journal application available in Windows versions from XP Tablet PC edition through Windows 10 after researchers discovered about a dozen denial-of-service (DoS) flaws, remote code execution vulnerabilities, and a heap overflow issue discovered by a Fortinet researcher which could cause the application to crash. Microsoft advised customers to switch to OneNote. Source
September 26, SecurityWeek – (International) OpenSSL patch for low severity issue creates critical flaw. OpenSSL released version 1.1.0b after it was discovered that a low severity denial-of-service (DoS) patched in OpenSSL 1.1.0a created a critical use-after-free vulnerability associated with large message sizes which could lead to arbitrary code execution or cause a system to crash. OpenSSL developers also released version 1.0.2j resolving a missing certificate revocation list (CRL) sanity check flaw in version 1.0.2i. Source
September 26, SecurityWeek – (International) New MarsJoke ransomware targets government agencies. Proofpoint security researchers reported a new ransomware variant, dubbed MarsJoke was primarily targeting State and local government agencies, as well as primary and secondary educational institutions via spam email campaigns fueled by the Kelihos botnet that mimic the style of CTB-Locker and changes the victim’s desktop background before displaying a ransom message in several different languages. Proofpoint researchers also found the malware was targeting healthcare, telecommunications, and insurance companies, among others, in smaller numbers. Source
September 26, U.S. Securities and Exchange Commission – (National) SEC charges CEO and boiler room operator with fraud. The U.S. Securities and Exchange Commission charged September 26 the former chief executive officer (CEO) of Sanomedics Inc. and Fun Cool Free Inc., and a boiler room operator for their roles in a penny stock scheme that defrauded several hundred investors nationwide out of approximately $20 million after boiler-room agents hired by the pair pressured senior citizens and others to invest in the former CEO’s 2 companies by claiming the investors’ funds would be used for research and development, while the money was used for personal expenses and to pay the boiler-room agents. Officials stated the duo agreed to be barred from subsequent penny stock offerings, and the former executive agreed to be barred from operating as an officer or director of a public business. Source
Above Reprinted from the USDHS Daily Open Source Infrastructure Report