September 30, SecurityWeek – (International) Tofsee malware distribution switched from exploit kit to spam. Security researchers from Cisco Talos reported that attackers stopped distributing the Tofsee ransomware via the RIG exploit kit (EK), and began leveraging spam email campaigns to deliver the malware downloaders, which instruct victims to download and open the ZIP archive attached to the message that contains an obfuscated JavaScript file with a WScript downloader, which runs an executable from a remote server controlled by the attacker. Researchers stated the malware allows hackers to conduct cryptocurrency mining, carry out distributed denial-of-service (DDoS) attacks, and send spam, among other malicious actions. Source
September 30, SecurityWeek – (International) Cisco forgets to remove testing interface from security appliance. Cisco inadvertently introduced a critical vulnerability in both its physical and virtual Email Security Appliances (ESA) running IronPort and AsyncOS software that could allow a remote attacker to gain control of the affected device with root privileges due to an internal testing and debugging interface that attacks can connect to without authorization. Cisco advised users to reboot their devices using the reboot command from the command-line interface in order to disable the internal testing and debugging interface. Source
Above Reprinted from the USDHS Daily Open Source Infrastructure Report