September 11, Securityweek – (International) Yokogawa patches serious flaws in ICS products. Japan-based Yokogawa Electric released patches addressing three critical flaws related to network communication functions affecting several of the company’s industrial control system (ICS) products. The remotely exploitable vulnerabilities include buffer overflows and a flaw that could allow an attacker to execute arbitrary code. Source
September 10, Securityweek – (International) No patches available for flaws in Cisco security appliances. Cisco revealed that its content security management appliance (SMA) 7.8.0-000 and possibly other versions are affected by denial-of-service (DoS) vulnerabilities that can be exploited remotely by an unauthenticated attacker due to inadequate validation of user credentials for incoming hypertext transfer protocol (HTTP) requests. Customers were urged to apply workarounds while the company worked to release a software update addressing the vulnerabilities. Source
September 11, Securityweek – (National) CoreBot becomes full-fledged banking trojan. IBM researchers determined that the CoreBot trojan has evolved to become a full-fledged banking trojan and includes new features such as browser hooking, real-time form grabbing, a virtual network computing (VNC) module for remote control, and man-in-the-middle (MitM) functionality, among other features. The new CoreBot’s data theft routines have evolved, which has made the trojan similar to the Zeus, Dridex, and Dyre trojans. Source