April 8, Softpedia – (International) Stored XSS glitch in WP-Super-Cache may affect over 1 million WordPress sites. Security researchers from Sucuri discovered a cross-site-scripting (XSS) vulnerability in WP-Super-Cache plug-in versions prior to 1.4.4 for WordPress sites that could allow attackers to add new administrator accounts to the Web sites or inject backdoors due to improper sanitization of information originating from users. The plugin currently has over 1 million active installations, and developers released a new version repairing the issue. Source
April 8, Threatpost – (International) New evasion techniques help AlienSpy RAT spread Citadel malware. Fidelis researchers reported that hackers have co-opted the AlienSpy remote access tool (RAT) and are spreading it via phishing messages to deliver the Citadel banking trojan and establish backdoors inside a number of critical infrastructure operations, including technology companies, financial institutions, government agencies, and energy companies. The tool has the capability to detect whether it is being executed inside a virtual machine, can disable antivirus and other security tools, and employs transport-layer security (TLS) encryption to protect communication with its command-and-control (C&C) server. Source
April 8, InfoWorld – (International) Widespread outages hit Windows 8/8.1 Metro Mail, Windows Live Mail, Windows Phone 8.1 mail. Microsoft reported that its Windows 8 and 8.1 Metro Mail, Windows Live Mail, and Windows Phone 8.1 Mail clients were experiencing widespread outages for at least 6 hours April 8 that prevented the syncing and sending of email, and that the issue is expected to be resolved within 24 hours. Source
April 7, Securityweek – (International) Majority of critical infrastructure firms in Americas have battled hack attempts: Survey. A report released by Trend Micro and the Organization of the American States revealed that in the last year, 40 percent of 575 security leaders throughout critical infrastructure sectors dealt network shut down attempts, while 44 percent faced attempts to delete files, and 60 percent faced hacking attempts aimed at stealing vital information. The survey also found that 54 percent of organizations dealt with attempts of equipment manipulation through control networks or systems. Source
April 7, Softpedia – (International) Fake downloads for Android vulnerability scanner lead to persistent ads. Security researchers at Trend Micro identified three fraudulent Web sites that claim to provide a tool to scan for previously-identified Android Installer hijacking vulnerabilities, which instead redirect users to risky locations that display persistent ads and install Android application package (APK) files on devices automatically. Source
April 7, Securityweek – (International) Lazy remediation leaves most Global 2000 firms vulnerable after Heartbleed Flaw: Report. Venafi released new research revealing that as of April 2015, 74 percent of 1,642 Global 2000 organizations with public-facing systems vulnerable to the Open Secure Socket Layer (OpenSSL) Heartbleed flaw failed to fully remediate the risks around the flaw, despite warnings and guidance. The study also found that 85 percent of the organizations’ external servers were still vulnerable, and 580,000 hosts belonging to them were not completely remediated. Source
April 7, SC Magazine – (International) Drive-by-login attack identified and used in lieu of spear phishing campaigns. Security researchers at High-Tech Bridge reported that attackers are increasingly utilizing drive-by-logins attacks that target specific visitors to infected Web sites with vulnerabilities that they can leverage to install backdoors that deliver malware directly to users. Researchers believe that these types of attacks are likely to be used in Advanced Persistent Threat (APT) campaigns and could eventually replace phishing attacks. Source
April 7, Softpedia – (International) Simple FedEx email slips malware on the computer. Researchers discovered a FedEx phishing campaign that relies on the curiosity of victims to open an attachment in an email purportedly from the company which installs a malware dropper that can steal sensitive data from the system or add it to a network of compromised computers. Source