August 27, The Register – (International) FireEye intern VXer pleads guilty for Darkode droid RAT ruse. A former FireEye intern from Pittsburgh pleaded guilty to creating and selling the Dendroid remote access trojan (RAT) for Android phones on the Darkode hacker forums. Denroid was capable of infecting about 1,500 phones for each buyer, while it is unknown how many copies the suspect sold. Source
August 27, Threatpost – (International) Endress+Hauser patches buffer overflow in dozens of ICS products. Endress+Hauser and CodeWrights released updates addressing a remotely exploitable vulnerability found in the Device Type Manager (DTM) library of dozens of Endress+Hauser’s products used for industrial process automation, in which an attacker could use a specially crafted packet to create a buffer overflow in the DTM, causing the affected product to hang indefinitely. Source
August 27, Securityweek – (International) Small percentage of employees responsible for most cloud security risk: Report. Report findings from a CloudLock analysis of 10 million users across 1,800 organizations revealed that the top 1 percent of users in organizations are responsible for 57 percent file ownership, 81 percent of file shares, 73 percent of exposed files, and 62 percent of application industries, suggesting that cyber risks could be mitigated by reaching out to an organization’s top users, among other findings. Source
August 27, Softpedia – (International) PayPal fixes XSS flaw that allowed access to unencrypted credit card details. PayPal addressed a cross-site scripting (XSS) flaw on the Web site’s SecurePayments page in which an attacker could inject customized payment forms into the page HyperText Markup Language (HTML) in order to intercept user financial and PayPal login information in clear text. Source