July 17, Help Net Security – (International) Nearly all Web sites have serious security vulnerabilities. Acunetix released a report on 15,000 Web site and network scans of 5,500 companies revealing that almost half of Web applications scanned contained high security vulnerabilities, and 4 of 5 were affected by medium security vulnerabilities, plying that most organizations fail to comply with the Payment Card Industry Data Security Standard (PCI DSS), among other findings. Source
July 16, Help Net Security – (International) New GamaPoS malware targets U.S. companies. Security researchers from Trend Micro reported that the operators are using the Andromeda botnet to deliver a new point-of-sale (PoS) malware called GamaPoS that scrapes data via Microsoft’s .NET platform, to U.S. financial, information technology, supply, hospitality, and retail organizations nationally, among others. Source
July 16, Threatpost – (International) TotoLink routers plagued by XSS, CSRF, RCE bugs. Security researchers reported that 15 TotoLink routers contain backdoor credentials, multiple remote code execution flaws that could allow an attacker to bypass administrator authentication and execute commands, and cross-site scripting (XSS) and cross-site request forgery (CSRF) vulnerabilities that could allow an attacker to change router network configuration settings. Source
July 16, Washington Post – (National) Federal personnel files still very vulnerable and ‘prime targets’ for hackers, audit finds. An audit by the U.S. Department of the Interior inspector general’s office found 3,000 “critical” and “high-risk” vulnerabilities in 3 unnamed key bureaus of the department, potentially allowing hackers to gain access to internal networks through hundreds of publicly accessible computers whose systems are compromised. A lack of central authority over the agency’s information technology systems is delaying fixes, according to the agency’s chief information officer. Source