June 16, Infosecurity Magazine – (International) Stegoloader malware hides in images on legit sites. Security researchers from Dell SecureWorks released findings from a report warning of potential new trend in which malware uses digital stenography to evade detection and steal information from affected users via various configurable modules. Source
June 16, Softpedia – (International) LastPass has been hacked, change your master password now. Officials from LastPass advised that users change their master passwords after the company discovered that their system was compromised June 12. No user accounts were reported to have been accessed, and encrypted vault data was reportedly not tampered with. Source
June 16, Securityweek – (International) Canonical patches privilege escalation vulnerability in Ubuntu. Canonical released updates for Ubuntu fixing a local root privilege escalation vulnerability related to the OverlayFS Linux file system’s permissions in which an attacker could gain administrative privileges on the affected system. Source
June 15, Securityweek – (International) Duqu 2.0 used stolen digital certificate in attacks: Kaspersky Lab. Security researchers at Kaspersky Lab reported that the attackers behind the Duqu 2.0 malware identified in worldwide attacks in June used a stolen valid digital signature from Hon Hai Precision Industry Co., LTD/Foxcon Technology Group to sign a driver that masked command-and-control (C&C) traffic and ensured the persistence of the malware. The attackers reportedly installed the malicious drivers on firewalls, gateways, and servers with direct internet access, as well as corporate network access. Source
June 15, Securityweek – (International) Cisco fixes DoS vulnerability affecting carrier routing systems. Cisco released updates for IOS XR Software installed on CRS-3 Carrier Routing Systems addressing a medium severity vulnerability in which an attacker could cause the line card to reload by sending specially crafted packets to the vulnerable device, causing an extended denial-of-service (DoS) condition. Source