July 23, Threatpost – (International) Four zero days disclosed in internet explorer. Hewlett Packard’s Zero Day Initiative released four new remote code execution (RCE) zero day vulnerabilities in Microsoft’s Internet Explorer, including an issue in how the browser processes arrays representing cells in Hyptertext Markup Language (HTML) tables in which an attacker could execute code under the context of the current process. Source
July 23, The Register – (International) Flash zero-day monster Angler dominates exploit kit crime market. Security researchers from SophosLabs reported that the Angler exploit kit’s (EK) prevalence in the underground malware market has ballooned from about 25 – 83 percent between September 2014 and May 2015, likely due to factors including its low cost and high traffic to Angler-infected Web sites. The EK recently incorporated three Adobe Flash zero-day flaws that were exposed in the breach of Hacking Team. Source
July 23, The Register – (International) Cyber poltergeist threat discovered in Internet of Stuff hubs. Security researchers from Tripwire’s Vulnerability and Exposure Research Team (VERT) discovered vulnerabilities in Internet of Things-enabled smart home hubs made by Wink, Vera, and SmartThings, that could allow an attacker to obtain root shell access on the device, provide entry points to the home network. Source
July 23, Help Net Security – (International) Smartwatches: a new open frontier for attack. Hewlett Packard released findings from an assessment of 10 smart-watches and their Android and iOS cloud and mobile application components revealing that each watch contained significant vulnerabilities, including insufficient authentication, lack of encryption, insecure software, firmware, interfaces, and privacy concerns. Source
July 22, Threatpost – (International) Bartalex variants spotted dropping Pony, Dyre malware. Security researchers at Rackspace reported that strains of the macro-based Bartalex malware has been observed dropping Pony loader malware along with the Dyre banking trojan. Source
July 23, Computerworld – (National) Hacker: ‘hundreds of thousands’ of vehicles are at risk of attack. A director of security research at IOActive who recently hacked into the system of a 2015 Jeep Cherokee from 10 miles away, reported that the hack could be repeated on hundreds of thousands of vulnerable model year 2013 – 2015 vehicles currently on the road, and that prior access to the vehicle is not required for a zero day-style attack, which works on any Chrysler vehicle with the Uconnect telematics system. Source