February 9, Securityweek – (International) DDoS malware for Linux distributed via SSH brute force attacks. FireEye researchers reported February 9 that a campaign utilizing Secure Shell (SSH) brute force attacks to install a distributed denial of service (DDoS) XOR.DDoS malware, first discovered by Malware Must Die in September 2014, has executed nearly 1 million login attempts between November 2014 and the end of January. Source
February 9, Securityweek – (National) Tax fraud prompts Intuit to temporarily suspend state e-filing. Financial software developer Intuit paused State income tax e-filings made through the company’s TurboTax services February 5 and restored services February 6 after suspected fraudulent filings using stolen identities appeared in returns from 19 States. Source
February 6, Securityweek – (International) Zero-day flaw in WordPress plugin used to inject malware into sites. WordPress patched a zero-day flaw in its FancyBox plugin after Sucuri researchers noted the vulnerability could allow attackers to inject malware or scripts into Web sites, after numerous users complained of malicious “iframe” injections on their sites. Source
February 6, Securityweek – (International) Adobe Flash Player security update fixes 18 vulnerabilities. Adobe released updates that patch a total of 18 Flash Player vulnerabilities, including fixes for use-after-free flaws and two types of confusion vulnerabilities. Source