November 30, Securityweek – (International) Microsoft unveils protection against potentially unwanted applications. Microsoft released a new feature for its Systems Center Endpoint Protection (SCEP) and Forefront Endpoint Protection (FEP) systems that includes a new potentially unwanted application (PUA) protection program that automatically identifies unwanted software containing threat names, such as PUA:Win32/Creprote, that targets software bundling technologies, PUA applications, and PUA frameworks and decreases the amount of adware, toolbars, or other malicious applications that can be installed. Source
November 30, Securityweek – (International) Insecure app exposed Billboard Lights to hacker attacks. A security researcher reported that the SmartLink Android App to remotely control highway billboard sign lights had several vulnerabilities, including authentication flaws that can allow attackers to bypass the authentication mechanism and gain access to SmartLink customers’ data, perform man-in-the middle (MitM) attacks, and access web directories, including files containing the application programming interface (API) source code and log files containing user login information. Source
November 28, Softpedia – (International) DecryptorMax ransomware decrypted, no need to pay the ransom. A security researcher from Emisoft created a new tool dubbed DecryptInfinite that decodes files encrypted by the DecryptorMax ransomware, also known as CryptInfinite, which allows infected users to obtain encrypted information without paying the ransom by using at least one file in its unencrypted form to drag and drop over the tool’s main window. Source
November 27, Securityweek – (International) Critical vulnerability patched in Zen Cart. Zen Cart, the open source shopping cart software, released patches for several of its vulnerabilities, including several cross-site scripting (XSS) vulnerabilities in the order-comments fields and the administration edit fields; a PHP file inclusion vulnerability which allowed remote attackers to exploit the / ajax.php file to execute arbitrary PHP code and gain unlimited access to databases and files; as well as a low severity vulnerability that caused incorrect passwords to remain in the password field following a failed login attempt. Source
November 30, Reuters – (International) U.S. states probe VTech hack, experts warn of more attacks. Hong-Kong based VTech Holdings Ltd, a company that sells electronic toys, reported that 5 million customers’ accounts and related childrens' profiles were compromised worldwide after a breach in its database exploited customers’ names, email addresses, passwords, secret questions, and Internet Protocol (IP) addresses, among other information. VTech officials notified all account holders of the breach and reported that credit card information, ID card numbers, Social Security numbers, and drivers’ license numbers were unaffected. Source
November 27, Softpedia – (International) VPN vulnerability “Port Fail” reveals user’s real IP address. Network security experts from Perfect Privacy discovered a vulnerability in virtual private network (VPN) providers’ internal routing table and port forwarding settings, which can allow an attacker to learn a victim’s real Internet Protocol (IP) address by directing victims to access a resource (image embedded on a site) hosted on the same VPN server. Source
November 26, Securityweek – (International) CryptoWall 4.0 spreading via Nuclear exploit kit. Security researchers from Rackspace discovered that the BizCNgate actor has been disseminating the CryptoWall 4.0 ransomware through the Nuclear exploit kit (EK) via newly developed Internet Protocol (IP) addresses to allow the EK to exploit a flash vulnerability on websites and successfully infect Microsoft Windows hosts. The updated threat encrypts file names, prevents victims from recognizing them, and features an updated ransom note, in addition to encrypting the content of files on infected machines. Source