July 6, Securityweek – (International) KINS malware toolkit leaked online. Security researchers from MalwareMustDie reported that version 2.0 of the KINS banking trojan toolkit was leaked and widely distributed on the Internet, and that the malware’s developers have integrated ZeusVM banking trojan technology in the newest release, including the use of stenography to conceal configuration data. Source
July 6, Softpedia – (International) Govt supplier of surveillance software gets hacked, 400GB of data leaked. The Italian surveillance software company, Hacking Team reported that its systems were hacked, and 400 gigabytes of corporate data was leaked to the public. The company developed products for government agencies worldwide, including the U.S. Drug Enforcement Agency and the FBI. Source
July 4, Softpedia – (International) Matsnu backdoor uses RSA crypto on exfiltrated data. Security researchers from Check Point discovered malware dubbed Matsnu, also known as Androm backdoor and Boxed.DQH, which acts as a backdoor on compromised machines, and sends Rivest-Shamir-Andleman (RSA)-encrypted user and system information back to a command and control (C&C) server. Source
July 4, Softpedia – (International) TYPO3 Enterprise CMS update adds 7 security fixes. TYPO3 released an update for its Enterprise Content Management System (CMS) addressing 7 security fixes for cross-site scripting (XSS) and authentication vulnerabilities, as well as the addition of login protection against brute-force attacks. Source
July 4, Softpedia – (International) Node.js fixes denial of service bug. Developers released an update for Node.js addressing a bug affecting all Buffer to Strings conversions in which a triggered out-of-band write in Google Chrome’s JavaScript runtime V8 engine UTF-8 decoder could lead to a denial of service (DoS) condition. Source
July 3, Softpedia – (International) Dungarees Web site hacked, card information exposed. Dungaree reported that the company’s Web site had been hacked, and that customers who placed orders from March 26 – June 5 may have had their card-related data compromised, including card verification values (CVV). Dungaree secured the Web site and is offering identity theft protection services to affected customers. Source
July 3, Securityweek – (International) Mozilla patches critical vulnerabilities with release of Firefox 39. Mozilla released version 39 of Firefox addressing 24 issues, including 3 use-after-free vulnerabilities, 7 critical uninitialized memory, buffer overflow, unowned memory, poor validation issues, 3 critical memory safety browser engine bugs, and high-severity privilege escalation, and type confusion flaws. Source
July 3, Securityweek – (International) Ad fraud trojan Kovter patches Flash player, IE to keep other malware out. A security researcher from Kafeine reported that the Kovter ad fraud trojan has been updating Adobe Flash Player and Microsoft Internet Explorer on infected systems in an effort to exclude other malware platforms. Source