April 13, Securityweek – (International) Law enforcement, security firms team up to disrupt Simda botnet. U.S. and European agencies, along with private security firms, collaborated with Interpol to disrupt the Simda botnet by seizing 14 command and control (C&C) servers throughout the Netherlands, U.S., Poland, Luxembourg, and Russia. The malware is usually delivered via exploit kits (EK), and is often used for the distribution of malware and potentially unwanted applications (PUA), and has infected over 770,000 computers worldwide over the past 6 months. Source
April 12, IDG News Service – (International) Chinese hacker group among first to target networks isolated from internet. FireEye released findings in a technical report that identify a hacker group called Advanced Persistent Threat (APT) 30 as one of the first to target air-gapped networks with malware that has infected defense-related clients’ systems worldwide, utilizing custom-made malware components with worm-like capabilities that can infect removable drives, such as USB sticks and hard drives. Source
April 11, Softpedia – (International) New Shellshock worm seeks vulnerable systems at tens of thousands of IPs. Security researchers at Volexity observed that cybercriminals had amassed 26,356 internet protocol (IP) addresses belonging to systems vulnerable to the Shellshock bug for the Bash command shell found in many Linux and Unix systems that allows attackers to execute arbitrary commands by appending them after a variable function. Scanning for vulnerable systems has since decreased, and the malicious files were removed from the IP address hosting them. Source
April 10, Krebs on Security – (International) Don’t be fodder for China’s ‘Great Cannon’. Researchers from the University of Toronto, the International Computer Science Institute, and the University of California, Berkeley, released findings that a percentage of unencrypted Web traffic destined for the Chinese search service Baidu was actively manipulated by censors via malicious JavaScript (JS) files to cause users’ browsers to participate in denial-of-service (DoS) attacks. The capability was dubbed “The Great Cannon” and could serve malicious code that exploits other browser vulnerabilities. Source
April 10, Securityweek – (International) Siemens patches DoS, other vulnerabilities in SIMATIC HMI products. Siemens began releasing security updates addressing several vulnerabilities in its SIMATIC HMI (human-machine interaction) devices, which include allowing attackers positioned between the HMI panel and programmable logic controller (PLC) to cause a denial-of-service (DoS) condition, and intercept or modify industrial communication by sending specially crafted packets on transmission control protocol (TCP) port 102. Additional vulnerabilities include the ability to launch a man-in-the-middle (MitM) attack, and a flaw that allows users to authenticate themselves with password hashes instead of full passwords. Source