May 19, Securityweek – (International) Attackers use trojanized version of PuTTY to steal SSH credentials. Security researchers at Symantec discovered that actors are using a malicious version of the PuTTY open-source secure shell (SSH) software to access systems remotely and steal data by copying secure server connection info and login details to be sent to an attacker-controlled server. The software bypasses common firewalls and security products due to its whitelisted status and used by system and database administrators and web developers. Source
May 19, Securityweek – (International) Address bar spoofing bugs found in Safari, Chrome for Android. Security researchers identified address bar vulnerabilities in the Safari and Chrome for Android Web browsers in which attackers could leverage Web page reloads via the setInterval() function in Safari and a problem in how Chrome handles 204 ‘No Content’ responses to render spoofed Web pages. Source
May 18, Krebs on Security – (National) St. Louis Federal Reserve suffers DNS breach. The St. Louis Federal Reserve reported that hackers hijacked its domain name servers (DNS) April 24 and redirected a portion of the bank’s online traffic to rogue sites resembling portions of its research.stlouisfed.org Web site. The bank recommended that potentially affected users change login information that could have been compromised in the attack. Source