July 29, Securityweek – (International) Russian hacker tool uses legitimate Web services to hide attacks: FireEye. Security researchers from FireEye discovered that the APT29 threat group is employing a malicious backdoor dubbed “HAMMERTOSS” that utilizes a multi-stage process involving social media, steganography, and PowerShell to hide malicious activity within legitimate network traffic. Researchers believe that the backdoor is only being deployed against critical targets, possibly as a backup in case other tools fail or are disrupted. Source
July 29, Securityweek – (International) BIND update patches critical DoS vulnerability. The Internet Systems Consortium released updates for the popular BIND Domain Name System (DNS) software addressing a critical remotely exploitable vulnerability in the handling of TKEY recorded queries in which an attacker could use a specially crafted DNS packet to trigger a denial-of-service (DoS) condition. Source
July 29, Softpedia – (International) Row Hammer DRAM bug now exploitable via JavaScript, most DDR3 memory chips vulnerable. Security researchers from universities in Austria and France released findings revealing that the Row Hammer exploit can be initiated and actively exploited remotely via JavaScript, making it the first documented “remote software-induced hardware-fault attack.” Source
July 29, Securityweek – (International) Black Vine espionage group attacked aerospace, energy, healthcare industries. Security researchers from Symantec reported that the Black Vine espionage group responsible for the 2014 Anthem system breach has been active since 2012, used custom-built malware, zero-day exploits, and watering hole attacks to target organizations across the aerospace, healthcare, energy, military, defense, finance, agriculture, and technology industries, primarily in the U.S. Source
July 29, The Register – (International) Microsoft admits critical .NET Framework 4.6 bug, issues workaround. Microsoft released a workaround addressing a critical codegen bug for those running 64-bit processes on .NET Framework 4.6, in which incorrect parameters could be passed, leading to unpredictable results. Source
July 29, Homeland Security News Wire – (International) Cellphones can steal data from isolated “air-gapped” computers. Researchers at the Ben-Gurion University of the Negev Cyber Security Research Center discovered a way to use central processing unit (CPU) firmware-modification software to turn an air-gapped system into a cellular transmitting antenna, making it possible for any mobile phone infected with malicious code to use GSM phone frequencies to steal data from infected air-gapped systems. Researchers recommended mitigation measures including defined “zones” where mobile phones and other devices are not allowed near at-risk air-gapped computers. Source
July 29, Bloomberg – (International) China-tied hackers that hit U.S. said to breach United Airlines. Investigators involved in a probe of a previously unreported May or June breach of United Airlines’ computer systems reported links between the hackers and the Chinese threat group that perpetrated the theft of security-clearance records from the U.S. Office of Personnel Management and medical data from Anthem Inc., as well as at least seven other travel and health insurance organizations. Officials believe that the breach may have compromised movement data of millions of Americans and opened the airline’s systems to future disruptions and attacks. Source
July 28, IDG News Service – (International) Xen patches new virtual-machine escape vulnerability. The Xen Projected released updates for its virtualization software addressing a vulnerability in the CD-ROM drive emulation feature of the QEMU open-source hardware emulator that could allow an attacker to bypass the security barrier between virtual machines and their host operating systems (OS). Source