August 18, Securityweek – (International) High severity flaw in Android allows arbitrary code execution. Security researchers from Trend Micro discovered a heap overflow vulnerability in the Android operating system’s (OS) mediaserver Audio Policy Service, AudioEffect component, in which an app requiring no permissions could be used to execute arbitrary code. The vulnerability was patched in August security updates. Source
August 18, Securityweek – (International) Darkode member admits selling access to spam botnet. A New York member of the Darkode hacker forums pleaded guilty August 17 for his involvement in a scheme in which computers of Facebook users were infected with the Slenfbot worm and the “Facebook Spreader” malware, which used victim account information to spread. The suspect and co-conspirators allegedly received $200 - $300 for every 10,000 active infections from 2011 – 2012. Source
August 18, Threatpost – (International) Reflection DDoS attacks abusing RPC Portmapper. Officials from Level 3 Communications observed attackers utilizing Remote Procedure Call (RPC) Portmapper services for reflection distributed denial-of-service (DDoS) attacks between June and August, representing a new and effective method for bandwidth saturation. Source
August 18, The Guardian – (International) Security flaw affecting more than 100 car models exposed by scientists. Research published from a 2013 report by British and Dutch academics revealed weaknesses in the Swiss-made Megamos Crypto system used to prevent certain Audi, Citroën, Fiat, Honda, Volvo, and Volkswagen vehicles’ engines from starting when a remote key is not present, in which a third party could use “close-range wireless communication” attacks to disable the system and steal the vehicle. Source