June 30, Softpedia – (International) Dridex is the most prevalent banking malware in the corporate sector. SecurityScorecard released findings from a report revealing that the Dridex banking trojan was the most prevalent malware found in corporate environments from January – May, primarily targeting the manufacturing and retail sectors, followed by the Beloh and Tinba trojans, which targeted telecommunications and technologies companies. Source
June 30, Securityweek – (International) Yahoo patches SSRF vulnerability in image processing system: researcher. A security researcher reported that Yahoo patched a server-side request forgery (SSRF) vulnerability affecting all of its services that required images to be processed in which an attacker could use the vulnerability to bypass controls and access data on the affected system. Source
June 29, Securityweek – (International) Many organizations using Oracle PeopleSoft vulnerable to attacks: report. ERPScan released findings from a report revealing that Oracle’s PeopleSoft contained several vulnerabilities including information disclosure, extensible markup language external entity (XXE), cross-site scripting (XSS), and authentication bypass flaws as well as configuration-related issues that could allow an attacker to breach PeopleSoft systems connected to the Internet. Source
June 30, Nextgov.com – (International) Pentagon, OPM shut down background check systems. The U.S. Department of Defense Joint Personnel Adjudication System was taken offline following the Office of Personnel Management’s (OPM) June 29 announcement that the e-QIP system would be offline 4-6 weeks for security improvements. A vulnerability in the OPM tool that links to JPAS was discovered during a probe of the recent OPM breach. Source