April 23, Softpedia – (International) Improper parsing of SSID info exposes Wi-Fi client’s memory contents. Security researchers at Alibaba and Google discovered a vulnerability in the cross-platform “wpa_supplicant” Wi-Fi software that affects versions 1.0 – 2.4 with the Config_P2P option turned on and could allow an attacker to create a service set identifier (SSID) buffer overflow condition, potentially exposing sensitive information in the memory of the device and allowing for arbitrary code execution. Source
April 23, Softpedia – (International) Net Nanny parental control software vulnerable to HTTPS spoofing. Researchers from Carnegie Mellon’s Computer Emergency Response Team (CERT) discovered security vulnerabilities in ContentWatch’s Net Nanny software resulting from its use of man-in-the-middle (MitM) proxies and the same root certificates and private key for all installations, the latter of which is included in plain text in the application. The researchers believe that an attacker could use the key to generate new certificates to spoof legitimate Web sites and avoid user alerts for malicious domains. Source
April 23, Help Net Security – (International) Banking botnets persist despite takedowns. Dell SecureWorks released analysis from its annual Top Banking Botnets report revealing that attackers targeted an array of Web sites in addition to traditional banking portals, including those related to corporate finance and payroll services, stock trading, employment portals, and email services in 2014, that over 90 percent of the 1,400 financial institutions targeted worldwide were in the U.S., and that attackers began avoiding countries where international transactions are more difficult, among other findings. Source
April 22, Softpedia – (International) Malware uses invisible command line argument in shortcut file. Security researchers at F-Secure discovered that a variant of the Janicab trojan for Microsoft Windows delivered as a link (LNK) file includes invisible shell commands and uses the right-to-left override (RLO) technique to avoid detection. The malware has existed for two years, and uses Python and Visual Basic Scripts (VBScript) to infect machines. Source