August 28, Securityweek – (International) Moxa patches flaws in industrial ethernet switches. Security researchers from Applied Risk discovered serious privilege escalation, denial-of-service (DoS), and cross-site scripting (XSS) vulnerabilities affecting Moxa industrial ethernet switches that could allow an unauthenticated remote attacker to compromise the device and connected industrial assets. Moxa recently released an update addressing nine heap-based buffer overflow and classic buffer overflow vulnerabilities in its SoftCMS closed-circuit television (CCTV) central management software. Source
August 28, Securityweek – (International) Mozilla updates Firefox 40 to patch two serious flaws. Mozilla released Firefox version 40.0.3 addressing a use-after free vulnerability in which an attacker could crash Firefox or execute arbitrary code with user privileges, and an add-on notification bypass through data Uniform Resource Locator (URL) that an attacker could use to trick users into installing a malicious add-on. Source
August 28, Securityweek – (International) Adobe releases hotfix to patch ColdFusion vulnerability. Adobe released a hotfix addressing a vulnerability in ColdFusion in which a security hole could be exploited to compromise data security, affecting LiveCycle Data Services and BlazeDS. Source
August 28, Softpedia – (International) Phishing costs an average company up to $3.7 million per year. A Wombat Security Technologies report carried out on 377 U.S. organizations revealed that an average-sized organization can lose up to $3.77 million per year in extrapolated costs due to phishing attacks, that 48% of the costs come from productivity losses in mitigating the attacks, and that uncontained malware attacks can cause industry losses up to $105 million, among other findings. Source
August 27, Threatpost – (International) BitTorrent patch throttles reflective DDoS attacks. BitTorrent released a patch addressing a libuTP protocol vulnerability that could allow attackers to carry out User Datagram Protocol (UDP) distributed reflection denial-of-service (DRDoS) attacks. Source
August 27, SC Magazine – (International) DD4BC are DDoS attack driving force, new report claims. VeriSign released findings from its “Distributed Denial of Service (DDoS) Trends Report – 2nd Quarter 2015” revealing a period of increased activity from the DDoS for Bitcoin (DD4BC) threat group, and that 22 percent of the attacks analyzed targeted the financial and payment sector. Attacks by the group typically start with threats and demands for ransom, followed by increased demands and ramped up DDoS attacks. Source