September 25, Securityweek – (International) Vulnerabilities found in several SCADA products. The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) published advisories identifying vulnerabilities in supervisory control and data acquisition (SCADA) products, including a privilege escalation bug in Resource Data Management’s Data Manager that could allow an attacker to change the passwords of users, a cross-site request forgery (CSRF) that an attacker could use to perform actions on behalf of authenticated users, and other vulnerabilities in IBC Solar and EasyIO products. Source
September 25, Help Net Security – (International) Cisco releases tool for detecting malicious router implants. Cisco Systems released a Python script called the SYNful Knock Scanner which scans networks for routers compromised by malicious SYNful Knock implants and provides next steps to users with affected routers. Source
September 25, The Register – (International) XcodeGhost-infected apps open gates to malware hijacking. Security researchers from Palo Alto Networks reported that the DES ECB mode-encrypted communication streams between XcodeGhost-infected applications and the attacker’s command-and-control (C&C) servers lack proper encryption, leaving them vulnerable to man-in-the-middle (MitM) attacks that could expose affected users to additional malware. Source
September 25, Softpedia – (International) Kovter malware now lives solely in the Windows registry. Security researchers from Symantec discovered a new version of the Kovter trojan that reportedly mimics the Poweliks malware’s survival methods, including the ability to hide its code in the Microsoft Windows registry, ensuring persistence and serving as an entry point for other malware. The Kovter trojan focuses primarily on click-fraud, and 56 percent of all infections have targeted U.S. users. Source
September 24, Threatpost – (International) Cisco patches denial-of-service, bypass vulnerabilities in IOS. Cisco released updates for its IOS router and switch software addressing three denial-of-service (DoS) vulnerabilities and one authentication bypass flaw affecting RSA-based user authentication in which an attacker knowing a legitimate username and the user’s public key could log in with their privileges. Source
September 24, IDG News Service – (International) New malware infects ATMs, dispenses cash on command. Security researchers from Proofpoint detected a new malware ATM malware program dubbed GreenDispenser that allows attackers to withdraw cash on demand by hooking into the eXtensions for Financial Services (XFS) middleware on Microsoft Windows-based ATMs. The malware was first spotted in Mexico, and researchers warned it will likely spread quickly to the U.S. Source