November 16, Securityweek – (International) Thousands of sites infected with Linux encryption ransomware. Researchers from Dr. Web reported that approximately 2,000 websites were compromised by the Linux file-encrypting ransomware dubbed Linux.Encoder1, that targets the root and home files, web servers, backups, and source code via a downloaded file containing the public RSA key used to store AES keys that adds .encrypt extension to each file, allowing files to be nearly impossible to recover without paying a ransom to the attackers. A patch was released, but experts warned that attackers may update the malware to make file decryption more difficult. Source
November 16, IDG News Service – (International) State-sponsored cyber spies inject victim profiling and tracking scripts in strategic websites. Security researchers from FireEye discovered an attack campaign dubbed WITCHCOVEN, which has injected computers profiling and tracking scripts into over 100 websites involved in international business travel, diplomacy, energy production and policy, international economics, and official government work. The malware was designed to identify users of interest and target such users with exploits designed for their specific computer and software configurations. Source
November 16, InfoWorld – (International) Microsoft fixes Hyper-V bug in Windows. Microsoft released patches for vulnerabilities in its Hyper-V hypervisor software affecting several Windows Servers, including a flaw in the central processing unit (CPU) chip set that issues instructions and causes the host system into a nonresponsive state, resulting in a denial-of-service condition for users’ operating systems. No attacks in the wild have been reported. Source
November 16, Softpedia – (International) A quarter of web-accessible devices have vulnerable firmware. Researchers from EURECOM and Ruhr University in Bochum, Germany, released a study confirming the weak state of security for Internet of Things (IoT) devices included cross-site scripting (XSS) vulnerabilities, cross-site request forgery (CSRF) vulnerabilities, SQL injection (SQLi) vulnerabilities, and remote code/command execution (RCE) vulnerabilities which can grant attackers access to devices, spy on users, steal data, and rewrite the firmware to perform other malicious activities. Source
November 16, Securityweek – (International) Libpng Library updated to patch vulnerabilities. The official Portable Network Graphics (PNG) reference library, Libpng released an update addressing several memory corruption vulnerabilities in all its versions from 1.6.18 – 1.0.63, affected by a potential out-of-bounds read in the png_set_tIME() and png_convert_to_rfc1123() functions, and an out-of-bounds write issue in the png_get_PLTE() and png_set_PLTE() functions that failed to check for an out-of-range palette when reading or writing PNG files. The flaws were patched with the release of updated versions. Source
November 15, Softpedia – (International) Compromised website fools security vendor, continues to infect users. Researchers from Palo Alto Networks reported that the CryptoWall 3.0 ransomware, that previously affected all users via the Angler Exploit Kit when users visited the website, cxda.[.]gov[.]cn, was still active and compromised 4,000 additional websites despite initial reports that revealed the malicious campaign had stopped. Researchers revealed a “dormant” and “filtering” functionality imbedded in the campaign’s malicious code allowed attackers to go unnoticed depending on the website's source Internet Protocol (IP) and user agent. Source
November 13, Softpedia – (International) Oil and gas companies indirectly put at risk by vulnerabilities in ERP systems. Researchers from ERPScan presenting at Black Hat Europe 2015 showed how a vulnerability in an enterprise resource planning (ERP) suite from SAP and Oracle used inside oil and gas companies, could allow an attacker to gain access into operation technology (OT) infrastructure through connected applications that are insecure. The researchers also determined that misconfigurations, the presence of unnecessary privileges, and custom code provided entry or access escalation points for attacks. Source