November 1, Help Net Security – (International) Google warns of actively exploited Windows zero-day. Google disclosed a Microsoft Windows zero-day local privilege escalation vulnerability in the Windows kernel that could allow attackers to escape the sandbox. Google researchers warned that the flaw is being actively exploited in the wild. Source
October 31, SecurityWeek – (International) Nymaim starts using PowerShell to download payload. Verint security researchers discovered the Nymaim malware dropper received updates and is now delivered via spear-phishing emails carrying Macro-enabled Microsoft Word documents, uses PowerShell to download a first-stage payload, includes more effective obfuscation methods, and abuses MaxMind to avoid detection by security software. If the MaxMind query response includes a string of interest, such as the names of security vendors, the first stage Nymaim payload is not downloaded. Source
October 31, IDG News Service – (International) Joomla websites attacked en masse using recently patched exploits. Sucuri security researchers discovered that malicious actors were exploiting two critical vulnerabilities patched in Joomla 3.6.4 to create accounts with elevated privileges on Websites built with the Joomla content management system, even in cases where registration is disabled. Sucuri researchers reported that nearly every Joomla Website on its network was impacted and between October 26 and October 28, there were roughly 28,000 attacks. Source
Above Reprinted from the USDHS Daily Open Source Infrastructure Report