March 13, Softpedia – (International) Google leaks Whois data for over 282,000 protected domains. Cisco Systems’ Talos researchers reported to Google that private information such as names, physical and email addresses, and phone numbers belonging to 282,867 domains registered through Google Apps’ registrar, eNom, were leaked for nearly two years due to a software defect that did not extend the company’s unlisted registration service, potentially exposing them to spam, spear-phishing attacks, or identity theft. Source
March 13, Softpedia – (International) TeslaCrypt ransomware encrypts files of over 20 games. Security researchers at Bromium discovered that crypto-ransomware dubbed TeslaCrypt has targeted a total of 185 extensions in over 20 popular games with drive-by attacks through Adobe Flash Player and Internet Explorer exploits dropped by the Angler exploit kit. The malware apparently attempts to pass as the more infamous CryptoLocker, but researchers stated that the two variants only share 8 percent similarity. Source
March 13, Securityweek – (International) Adobe fixes critical Flash Player vulnerabilities. Adobe released security updates patching 11 critical flaws, including memory corruption vulnerabilities and type confusions that attackers could leverage for remote code execution to take control of affected systems. Source
March 12, Securityweek – (International) Google fixes privilege escalation vulnerabilities in Android 5.1 Lollipop. Google released fixes in Android 5.1 Lollipop for two serious vulnerabilities in previous versions that could have allowed attackers to use integer overflows leading to heap memory corruptions to gain elevated privileges or cause denial-of-service (DoS) attacks on targeted systems. Source
March 12, The Register – (International) Forget viruses: Evil USB drive ‘fries laptops with a power surge’. A Russian security researcher revealed a vulnerability with USB sticks which could potentially overload and damage a PC’s sensitive inner electronics by using an inverted direct current to direct current (DC-DC) converter and some capacitors through a foreign Web site, causing the USB to malfunction. Source