October 13, SecurityWeek – (International) Attackers actively exploit recently patched BIND flaw. The Internet Systems Consortium (ISC) reported that it learned a high severity denial-of-service (DoS) vulnerability patched in the Domain Name Server (DNS) software BIND was exploited in the wild to crash servers after Infobyte security researchers published a proof-of-concept (PoC) code and Metasploit module demonstrating the attack. Source
October12, SecurityWeek – (International) Cerber 4.0 fuels new wave of ransomware attacks. Trend Micro security researchers reported that the latest variant of the Cerber ransomware, dubbed Cerber 4.0 was being dropped by the RIG, Neutrino, and Magnitude exploit kits (EK) in malvertising campaigns. Researchers also found Cerber 4.0 uses a randomly generated file extension, and has shifted from a Hypertext Markup Language (HTML) ransom note to an HTML Application (HTA) format. Source
Above Reprinted from the USDHS Daily Open Source Infrastructure Report