September 28, SecurityWeek – (International) High severity DoS flaw patched in BIND. The Internet Systems Consortium released updates for the Domain Name System (DNS) software BIND addressing two vulnerabilities, including a high severity denial-of-service (DoS) flaw affecting all servers that can receive request packets from any source, which can be exploited using maliciously crafted DNS request packets. The updates also resolved a medium severity DoS flaw that can cause a targeted server to terminate due to an error. Source
September 28, SecurityWeek – (International) Locky ransomware drops offline mode. Security researchers reported that the Locky ransomware adopted new methods after a BleepingComputer researcher spotted the malware appending the .ODIN extension to encrypted files, instead of the .zepto extension, and researchers from Avira found the ransomware switched back to the use of a command and control (C&C) server and dropped the use of an offline mode. The updated Locky version is still distributed via spam email campaigns that contain malicious code in the file attachments, which infects a system in order to deliver a ransom note. Source
September 27, U.S. Department of Justice – (International) American living in Australia charged in securities fraud case involving scheme to fraudulently inflate by nearly $100 million the cost of Santa Monica software company being purchased by Computer Sciences Corp. A former executive at Commonwealth Bank of Australia (CBA) was charged September 26 after he and several co-conspirators in Australia and the U.S. allegedly defrauded Computer Sciences Corporation (CSC) out of $98 million by inflating revenues for ServiceMesh, Inc., a Santa Monica, Californa-based cloud computer management software company that CSC planned to purchase from 2013 – 2014. The charges also allege that CBA employees received more than $630,000 in undisclosed kickbacks from a senior executive of ServiceMesh, Inc. involved in the scheme. Source
Above Reprinted from the USDHS Daily Open Source Infrastructure Report