September 29, IDG News Service – (International) Newly found TrueCrypt flaw allows full system compromise. A security researcher from Google’s Project Zero team discovered two vulnerabilities in TrueCrypt hard drive encryption software which could allow attackers to obtain elevated system privileges if they have access to a limited user account. VeraCrypt released patches for the vulnerabilities, and users were advised to switch products for these and other security improvements. Source
September 28, Softpedia – (International) VBA malware makes a comeback inside booby-trapped Word documents. Security researchers from Sophos released research findings revealing that hackers are increasingly using Visual Basic for Applications (VBA) to deliver malware in Microsoft Word documents, and that the company discovers 50 – 100 new VBA templates every month which primarily deliver the Dridex, CryptoWall, Dyreza, and Zbot malware, among other findings. Source
September 28, Securityweek – (International) Mobile ad network abused in DDoS attack: CloudFlare. CloudFlare reported that a customer was recently targeted by a Layer 7 JavaScript-based distributed denial-of-service (DDoS) attack leveraging a mobile ad network in an attack that involved over 1 billion Hypertext Transfer Protocol (HTTP) requests per hour. Security researchers warned that the attack could be signaling a new trend in DDoS attacks that are more difficult to mitigate. Source
September 26, Securityweek – (International) Cookies render HTTPS sessions vulnerable to data leaks. The Computer Emergency Readiness Team (CERT) published an advisory warning that cookies established via regular Hypertext Transfer Protocol (HTTP) requests are a security flaw for HTTP Secure (HTTPS) sessions, and that an attacker could set a cookie to be later used via an HTTPS connection instead of the original Web site, potentially gaining access to private information. Source
September 26, Softpedia – (International) Operation Pony Express delivers malware via Microsoft Word files. Security researchers from Sophos reported that a spear-phishing campaign active from April – May, dubbed Operation Pony Express, utilized a documented Microsoft Word vulnerability delivered via an intermediary malware downloader. The campaign targeted specific individuals and organizations with emails containing fake rich text format (RTF) invoice files purporting to be from RingCentral. Source
September 25, Softpedia – (International) Over 2,000 WordPress sites are infecting users with spyware. Security researchers from Zscaler discovered a covert spyware distribution campaign active since August that has been targeting the latest WordPress content management system (CMS) with malicious JavaScript code that uses iframes to collect user information and redirects users to pages containing spyware masked as an Adobe Flash Player update. The campaign has affected over 2,000 sites and infected over 20,000 users. Source
September 25, Softpedia – (International) Kasidet DDOSing bot adds credit card scraping capabilities. Security researchers from TrendMicro discovered a new version of the Kasidet/Neutrino distributed denial-of-service (DDoS) bot, which as of March added support for scraping a device’s point-of-sale (PoS) random access memory (RAM). The bot’s command-and-control (C&C) server also attempts to evade mitigation by sending “404 not found” errors to make it appear that it is not working properly. Source