April 9, Softpedia – (International) Over 100 forum websites foist poorly detected malware. Security researchers at Cyphort discovered a supposed click-fraud campaign that exploits Web forums running outdated versions of vBulletin or IP Board software to use malicious code to direct visitors to a landing page hosting the Fiesta exploit kit (EK) to deliver Gamarue and FleerCivet malware that steals information and injects backdoor trojans. The malware ensures persistence by avoiding virtual environments and disabling security settings on compromised systems, and exploits vulnerabilities found in Internet Explorer and in Adobe Flash Player version 16.0.0.296 and earlier. Source
April 9, Threatpost – (International) Apple iOS 8.3 includes long list of security fixes. Apple released iOS 8.3 for iPhone and iPad users patching over three dozen vulnerabilities, including flaws in the mobile operating system’s kernel, several bugs in WebKit, and a number of code-execution bugs. Source
April 9, Help Net Security – (International) Deadly combination of Upatre and Dyre trojans still actively targeting users. ESET researchers discovered that an email campaign targeting users worldwide utilizes a combination of the Upatre (Waski) downloader and Dyre/Dyreza banking trojans delivered via simple spam emails to gain information about compromised systems and intercept online banking credentials. Researchers believe that the scheme is part of the larger, previously discovered Dyre Wolf campaign that has targeted businesses around the world. Source
April 8, Securityweek – (International) Google Chrome extension criticized for data collection. Security researchers at ScrapeSentry and Heimdal Security reported that the Webpage Screenshot Google Chrome third-party extension contained malicious code that allowed for copies of all browser data to be sent to a server in the U.S. Google removed the extension from the Chrome Web Store, and Webpage Screenshot claimed that the information was only used for marketing and development purposes. Source
April 8, Threatpost – (International) Two NTP key authentication vulnerabilities patched. Network Time Protocol (NTP) patched two vulnerabilities that allowed attackers to leverage symmetric key authentication flaws to bypass message authentication code (MAC) to send packets to clients. The second vulnerability utilized symmetric key authentication to create denial-of-service (DoS) conditions when peering hosts receive packets with mismatched timestamps. Source