December 9, SecurityWeek – (International) Yahoo pays out $10,000 bounty for critical mail flaw. A security researcher from Finland-based software company Klikki Oy discovered a critical flaw in Yahoo! Mail that could allow attackers to steal a user’s emails and create a worm that spreads by attaching itself to outgoing emails. The researcher found the flaw is related to code inserted into an email when a victim uses the “Share files from cloud providers” attachment option to attach files from their cloud storage accounts, and reported that the code is executed as soon as the email is opened. Source
December 9, SecurityWeek – (International) Most external PowerShell scripts are malicious: Symantec. Symantec researchers reported that more than 95 percent of scripts using PowerShell were found to be malicious after the Symantec Blue Coat Malware Analysis sandbox observed 49,127 PowerShell scripts submitted in 2016 and analyzed 4,782 samples that represent a total of 111 malware families abusing the PowerShell command line. The researchers reported that attackers leverage PowerShell scripts due to the flexibility of the framework, and found that attackers use the scripts post-compromise to download additional payloads. Source
December 8, SecurityWeek – (International) Petya variant Goldeneye emerges. BleepingComputer security researchers warned that a new variant of the Petya ransomware, dubbed Goldeneye was recently spotted and leverages resume-themed spam emails for distribution. The emails include two malicious documents containing macros, which once enabled, launch and save embedded base64 strings into an executable file in the temp folder, which is executed to start encrypting the files on a device. Source
Above Reprinted from the USDHS Daily Open Source Infrastructure Report