October 26, Softpedia – (International) 12 new malware strands are discovered every minute. Security researchers at G DATA released report findings revealing that the company discovered 3,045,722 new types of malware in the first half of 2015, a 26.6 percent increase since the second half of 2014, and that most attacks were either adware or potentially unwanted programs (PUPs) hosted on U.S. websites from the healthcare and technology and telecommunications, among others. G DATA also observed an increase in banking trojan usage for the first time since 2012. Source
October 23, Softpedia – (International) Malware spread via black hat SEO campaign. Security researchers from Heimdal Security discovered a malware campaign in which criminals are using black hat search engine optimization (SEO) to distribute malicious software to technical users typing terms such as “Java JRE,” “MSN 7,” or “Windows 8,” into searches, which would then return infected Google top search results. Source
October 23, The Register – (International) Hackers pop grease monkeys’ laptops to disable Audi airbags. Security researchers from CrySyS Lab and Budapest University of Technology and Economics discovered that third party software used in certain Volkswagen Group vehicles could be compromised using a zero-day vulnerability, allowing an attacker to disable airbags and other car functions without mechanics’ knowledge by falsifying car readouts via a malicious replaced dynamic link library (DLL) file used to communicate with the vehicle’s diagnostic cable. Source
October 23, Securityweek – (International) Serious flaws found in Janitza power analyzers. Security researchers from Applied Risk discovered several vulnerabilities in Janitza power analyzer products, including an undocumented default password protecting a File Transfer Protocol (FTP) interface that could allow an attacker to upload and download arbitrary files, and a flaw in which an attacker could use a debug interface on Transmission Control Protocol (TCP) port 1239 to read and write files and execute JASIC code, among other issues. The vendor released firmware updates and new documentation addressing the issues; however researchers determined that not all flaws were effectively fixed. Source