August 4, Securityweek – (International) Chinese VPN used by APT actors relies on hacked servers. Security researchers at RSA analyzed a Chinese virtual private network (VPN) service dubbed “Terracotta” and found that the service has at least 31 hacked Windows server nodes worldwide in hospitality, government organizations, universities, technology services providers, and private firms. Researchers have observed compromised servers running the Ghost Remote Administration Tool (RAT), the Mitozhan trojan, and the Liudoor Backdoor, among others. Source
August 4, Help Net Security – (International) Macs can be permanently compromised via firmware worm. Security researchers discovered vulnerabilities in the firmware of Apple computers, dubbed “Thunderstrike 2,” in which a worm delivered via a phishing email or malicious Web site could spread across connected devices and systems before rewriting itself in the firmware to ensure persistence. Researchers stated that users need to re-flash the chip that contains the malware in order to get rid of the worm. Source
August 4, Softpedia – (International) RIG Exploit Kit 3.0 succeeded in infecting 1.25 million machines. Trustwave researchers reported that version 3.0 of the RIG Exploit Kit (EK) infected an average of 27,000 machines a day, totaling 1.25 million infections, through various campaigns in which it predominantly leveraged Adobe Flash zero-day exploits exposed by a Hacking Team leak in July. Source
August 4, Securityweek – (International) Malvertising hits Yahoo! ad network. Security researchers at Malwarebytes discovered that the Yahoo! advertising network was hit by a large malvertising attack starting July 28 that leveraged Microsoft Azure Web sites to redirect users to pages hosting the Angler exploit kit (EK) to infect systems with ransomware and possibly banking or ad-fraud malware. The attack was shut down August 3. Source
August 4, Securityweek – (International) Zero-day vulnerability in OS X exploited in the wild. Security researchers from Malwarebytes observed attacks leveraging an unpatched local privilege escalation vulnerability in Apple’s OS X operating system (OS) in which an attacker could modify a hidden UNIX file to execute adware and other suspicious software with root permissions. Source
August 4, Help Net Security – (International) 79% of companies release apps with known vulnerabilities. Prevoty released findings from a survey and report on security and application development revealing that many enterprises face challenges in releasing secure software on development schedules, and that 43 percent of respondents admitted to releasing applications with vulnerabilities at least 80 percent of the time, due to business pressures and other concerns. Source
August 4, Softpedia – (International) WordPress 4.2.4 fixes three XSS vulnerabilities and one potential SQL injection. WordPress released an update for its content management system (CMS) addressing three cross-site scripting (XSS) vulnerabilities, a structured query language (SQL) injection, an issue that allowed attackers to lock posts indefinitely, and a timing side-channel attack vector point in which an attacker could analyze cryptographic algorithm routine execution times. Source