November 10, Securityweek – (International) Flaw in Linux encryption ransomware exposes decryption key. Researchers at Bitdefender discovered a flaw in the Linux.Encoder1 ransomware in its advanced encryption standard (AES) key generation process that revealed the libc rand() function, seeded with the current system timestamp during encryption, allows the retrieval of the AES key without having to decrypt the malware by paying the attackers for a RSA public key. The security firm released a decryption tool that automatically restores encrypted files previously attacked by Linux.Encoder1. Source
November 9, Securityweek – (International) Remote code execution flaw found in Java app servers. Researchers from FoxGlove Security released a report addressing deserialization vulnerabilities in Java applications including Oracle WebLogic, IBM WebSphere, and Jenkins, among other products that can be remotely exploited for arbitrary code due to poor coding via Java library Apache Commons Collections that is used for more than 1,300 projects. A Java deserialization library and a report were released to secure applications from malicious actors and educate developers on how to avoid such flaws. Source
November 10, Wall Street Journal – (International) Charges announced in J.P. Morgan hacking case. A Federal indictment was unsealed November 10 against three men in connection to an alleged massive cyber-attack against J.P. Morgan Chase & Co., and several other U.S. financial institutions that allowed the suspects to steal the personal information of more than 100 million customers by hacking into the financial institutions’ systems and stealing customer information to carry out a stock-manipulation scheme. The defendants would artificially inflate stock prices and send spam emails to customers to trick them into buying stocks. Source
November 9, Washington Post – (National) Comcast says it’s not to blame after 200,000 user accounts were put up for the sale online. Comcast announced November 9 that it will reset passwords for roughly 200,000 customers after a package of personal data, including the e-mail addresses and passwords, was listed for sale for $1,000 on a Dark website. The company reported it was not hacked and that its systems and apps were not compromised and held unsuspecting customers responsible for visiting malware-laden sites or fallen victim to other schemes that allowed hackers to obtain their data. Source