October 20, SecurityWeek – (International) Lexmark patches critical flaw in printer management tool. Lexmark International, Inc. released an update for its Markvision Enterprise printer management software after security researchers from Digital Defense Inc. (DDI) found the software was plagued with a vulnerability in the Apache Flex BlazeDS that can be exploited to read arbitrary files via specially crafted Action Message Format (AMF) messages and retrieve the file storing the admin credentials, as well as an issue that allows attackers to upload arbitrary files and execute code with elevated privileges, among other vulnerabilities. Users are advised to change the admin password after installation, as the encrypted password stored in the text file is not updated after installation. Source
October 20, SecurityWeek – (International) Windows zero-day exploited by “FruityArmor” APT group. Security researchers from Kaspersky Lab discovered that a zero-day remote code execution vulnerability patched by Microsoft in its October 2016 security bulletin was being leveraged in attacks carried out by an advanced persistent threat (APT) group, dubbed “FruityArmor” for privilege escalation on an affected system. Researchers found that the FruityArmor APT’s attack platform is built around Microsoft PowerShell and abuses Windows Management Instrumentation (WMI) for persistence in order to make it difficult to detect on a system. Source
October 19, SecurityWeek – (International) Skype calls expose user keystrokes: Researchers. Researchers from the University of California Irvine (UCI) and two Italian universities found that Microsoft Skype users typing on their laptop or desktop during a Skype call are vulnerable to a keyboard acoustic eavesdropping attack, as the Voice-over-IP (VoIP) software receives acoustic emanations of keystrokes during a Skype conversation and sends them to other users participating in the VoIP call, thereby allowing an attacker to reconstruct the user’s input, including potentially confidential information such as passwords. Source
Above Reprinted from the USDHS Daily Open Source Infrastructure Report
October 21, CNBC - Internet traffic firm Dyn warns of new attack, earlier assault impacted many.
Internet traffic company Dyn on Friday warned of another cyber attack after earlier in the day websites and services across the East Coast were shut down. Many prominent websites including Amazon, Twitter, Spotify and CNBC.com were shut down for two hours Friday morning by a denial of service attack. Source