August 11, Securityweek – (International) Darkhotel APT uses Hacking Team exploit to target specific systems. Security researchers from Kaspersky Lab reported that the Darkhotel advanced persistent threat (APT) group recently started leveraging a Flash zero-day vulnerability revealed in the July Hacking Team Breach to target specific systems, and that the group has been using a variety of techniques to attack defense industrial bases, energy policy makers, militaries, governments, electronics, pharmaceutical organizations, and medical providers in countries across Europe and Asia. Source
August 11, Help Net Security – (International) Angler EK exploits recently patched IE bug to deliver ransomware. Security researchers from FireEye discovered that the Angler exploit kit (EK) is exploiting a Microsoft Internet Explorer vulnerability uncovered in the July Hacking Team breach to deliver Cryptowall ransomware to affected systems. Source
August 11, IDG News Service – (International) Asprox botnet, a long-running nuisance, disappears. Officials from Palo Alto networks found that the Asprox botnet was apparently shut down, after observers reported last seeing the botnet distributing the Kuluoz malware in 2014. Source
August 11, Securityweek – (International) Serialization vulnerabilities put many Android devices at risk. Security researchers from IBM discovered an Android operating system (OS) “serialization vulnerability” affecting versions 4.3 Jelly Bean through 5.1 Lollipop, related to Android’s OpenSSLX509Certificate class framework that an attacker could exploit for arbitrary code execution in applications and services, leading to privilege escalation, in which legitimate apps can be replaced with malicious apps that steal data, among other actions. Source
August 10, Wall Street Journal – (National) Fred’s Inc. discloses cybersecurity breach. Fred’s Inc. officials reported August 10 that its two payment processing servers were compromised by thieves using malware designed to locate Track 2 data from March 23 – April 24 in which card numbers, expiration dates, and verification codes may have been used to create an unknown amount of counterfeit cards. The company found no evidence that customers’ data were removed. Source
August 10, Network World – (International) Cyber-physical attacks: Hacking a chemical plant. Researchers with the European Network for Cyber Security and IOActive released their Damn Vulnerable Chemical Plant Process framework at Def Con 23 that stated ways in which a hacker could infiltrate a chemical plant, and taught defenders how to spot cyber-physical attacks. The report is the first open source framework based on two simulated chemical plants. Source
August 11, Reuters – (International) Nine charged in U.S. insider trading scheme involving hackers. Authorities announced indictments against 9 Ukrainian hackers and securities traders in the U.S. and Ukraine August 11, alleging that the suspects conspired and made up to $100 million by hacking into companies that publish news releases about publicly traded companies, and made trades using the information starting in February 2010. The U.S. Securities and Exchange Commission filed a related civil lawsuit alleging that the thefts generated over $100 million in illegal profits, and the case is the first example of prosecution alleging the use of hacked inside information for securities fraud. Source