December 3, Securityweek – (International) Ponmocup botnet still actively used for financial gain. Researchers from Fox-IT released a report stating that the malware Ponmocup botnet has infected more than 15 million devices since 2009 and that its infrastructure consists of different components used to deliver, install, execute, and control the malware to prevent researchers from reengineering it. The botnet infects a device via encryption and stores its components in different locations to evade detection, while using different domains for installation, stealing file transfer protocol (FTP) and Facebook credentials to allow hackers to spread the malware. Source
December 3, Securityweek – (International) Heartbleed, other flaws found in Advantech ICS Gateways. Researchers from Rapid7 discovered that the newest firmware versions for Advantech Modbus gateway products including EKI-136X, EKI-132X, and EKI-122X were susceptible to Heartbleed attacks and Shellshock attacks which can be exploited via the Boa web server by administering any of the shell scripts in /www/sgi-bin. The vulnerabilities were tested with the genuine binaries in an emulator environment with a Metasploit module. Source
December 3, Securityweek – (International) OpenSSL patches moderate severity vulnerabilities. OpenSSL Project released updates to its cryptographic software library versions 1.0.2e, 1.0.1q, 1.0.0t, and 0.9zh, patching 3 vulnerabilities including the CVE-2015-3193 flaw that can produce incorrect results on x86_64 systems via exploitation against RSA algorithms, Digital Signature Algorithms (DSA), and Diffie-Hellman (DH) algorithms; the CVE-2015-3194 flaw that can administer denial-of-service (DoS) attacks; and the CVE-2015-3195 flaw that can leak system memory when presented with a malformed X509_ATTRIBUTE structure. Source
December 3, Softpedia – (International) Linux users targeted by new Rekoobe trojan. Security researchers from Dr. Web reported that an updated version of the trojan, Linux.Rekoobe.1 can target Linux personal computers (PCs) running on Intel chips in 32-bit and 64-bit architectures by using the XOR algorithm to stop researchers from detecting the trojan. The malware includes the functionality to download files from its command-and-control (C&C) server, upload files to the C&C server, and execute commands on the local shell, allowing attackers to deliver powerful payloads on infected systems. Source
December 3, Securityweek – (National) Popular mobile modems plagued by zero-day flaws. Security researchers with Positive Technologies tested mobile broadband modems and routers from Huawei, Gemtek, Quanta, and ZTE and found that the 3G/4G devices were vulnerable to remote code execution, had cross-site scripting (XSS) vulnerabilities, and lacked cross-site request forgery (CSRF) protection, among other issues, leaving the devices open to attackers for exploitation. Huawei was the only vendor that released firmware updates addressing the vulnerabilities, out of the four companies tested. Source