April 22, Softpedia – (International) WordPress 4.1.2 fixes critical XSS flaw. WordPress developers announced that the newest release of the blogging platform, 4.1.2, addresses critical security vulnerabilities including a cross-site scripting (XSS) glitch affecting the content management system (CMS) that could allow an attacker to compromise a vulnerable Web site, as well as three other flaws. The release also included increased protection for files that could present a security risk. Source
April 22, Softpedia – (International) White House, US State Department hit with Advanced CozyDuke threat. Security researchers from Kaspersky Lab reported that 2014 cyber-attacks against the White House and the U.S. Department of State were part of an advanced persistent threat (APT) campaign dubbed CozyDuke, also known as CozyBear and CozyCar, and could be connected with the MiniDuke campaign that used spear-phishing emails and malicious attachments and Web sites to target the North Atlantic Treaty Organization (NATO) and European government agencies. Source
April 22, The Register – (International) ‘No iOS Zone’ Wi-Fi zero-day bug forces iPhones, iPads to crash and burn. Security researchers from Skycure discovered a zero-day denial-of-service (DoS) secure sockets-layer (SSL) vulnerability in Apple’s iOS 8 called “No iOS Zone” that attackers can exploit to create a malicious Wi-Fi hotspot that forces users to connect, and manipulates traffic to cause apps and the operating system (OS) on connected iOS devices to crash, even in offline mode. Source
April 21, Dark Reading – (International) Zero-day malvertising attack went undetected for two months. Security researchers at Malwarebytes reported that cybercriminals had managed to exploit a zero-day Adobe Flash Player vulnerability patched in February to target U.S. users with the HanJuan exploit kit (EK) containing ransomware embedded in online ads for nearly two months without detection. The attacks infected Web sites belonging to Dailymotion, Huffington Post, and answers.com, among others, and reached over 1 billion users in February alone. Source