July 31, Help Net Security – (International) Cybercriminals are preying on existing vulnerabilities to plan future attacks. An analysis of cyber threats by Solutionary identified several campaigns consisting of over 600,000 events worldwide that targeted the bash vulnerability in the second quarter of 2015, and found that the U.S. was a leading source of command and control traffic and malware threats, among other findings. Source
July 30, Securityweek – (International) Stack ranking the SSL vulnerabilities for the enterprise. Security researchers discovered an OpenSSL vulnerability dubbed “OprahSSL” in which an attacker with a legitimate end-leaf certificate could circumvent OpenSSL code validating the certificate’s purpose, and sign other certificates in order to perpetrate man-in-the-middle (MitM) attacks on Secure Sockets Layer (SSL) sessions, and ranked the severity of the flaw in relation to other SSL vulnerabilities, including Heartbleed, Early CCS, and LOGJAM. Source
July 30, Softpedia – (International) Google fixes Chrome issue that leaked the user’s real IP from behind a VPN. Google released a Chrome Web browser extension called “WebRTC Network Limiter” to address an issue with the WebRTC protocol in which certain circumstances could reveal the real public and local Internet Protocol (IP) address of a user connected via a virtual private network (VPN). Source
July 30, CNET – (National) GM quickly issues fix for OnStar hack, but service still vulnerable. The General Motors Company confirmed July 30 that OnStar-equipped vehicles are vulnerable to a flaw that could allow an attacker to remotely locate the vehicle and issue commands through OnStar’s RemoteLink app, such as locking doors or starting the engine. A hacker demonstrated the vulnerability using a device called “OwnStar,” which he claimed allowed him to intercept communications between the app and the vehicle. Source
July 31, MarketWatch – (National) How vulnerable are the U.S. stock markets to hackers? An analysis of information security and cyber risk trends in the financial sector cited findings from a 2015 U.S. Securities and Exchange Commission Risk Alert revealing that about 88 percent of brokerages and 74 percent of financial advisers in the U.S. have suffered cyber-attacks, and that according to Congressional testimony, a major U.S. bank is attacked every 34 seconds, among other disclosures. Source