December 15, Help Net Security – (International) 13 million MacKeeper users exposed in data breach. MacKeeper, the utility software for Apple Mac products, reported that its database containing passwords and the personal information of 13 million users were exposed in a data breach after a security researcher submitted a Shodan search and discovered four Internet Protocol (IP) addresses led to a MongoDB database belonging to Kromtech, the company that produces MacKeeper. MacKeeper patched the vulnerability and reported no data was shared or used inappropriately. Source
December 15, SecurityWeek – (International) Joomla patches zero-day exploited in the wild. Joomla released its software version 3.4.6 and hotfixes patching a critical remote code execution flaw that was exploited in the wild for two days, enabling attackers to perform object injection via the Hypertext Transfer Protocol (HTTP) user agent which led to a full remote command execution attack from three different Internet Protocol (IP) addresses: 74.3.170.33, 146.0.72.83, and 194.28.174.106. The company advised users to check their logs for incoming requests from the three IP addresses and check if their websites were compromised by searching for “JDatabaseDriverMysqli” or “O:” in the User Agent. Source
December 15, Softpedia – (International) The return of macro malware and other malware trends. Security researchers from Intel Security released a report stating there were two types of malicious campaigns using macro-based malware to compromise a user’s personal computer (PC) via weaponized Word documents and another using fileless, in-memory malware to compromise a device by working in a PC’s random-access memory (RAM). The report stated the office-based macro threats were the highest last seen within six years. Source
December 14, SecurityWeek – (International) Polycom patches flaw in VVX Business Media phones. Polycom released software updates patching a path traversal vulnerability for several of its VVX Business Media phones after a security researcher from Depth Security found the request used by the interface displayed background images and ringtones in filename, which can allow attackers to use ‘../../’ to back out of the ring tones and background image files and access sensitive file content using ‘/etc/passwd.’ The company advised users to update its software to the latest version and disable the web servers on the affected devices. Source
December 15, Softpedia – (National) Two mobile banking trojans used Facebook Parse as C&C server. Security researchers in Germany announced that the Android/OpFake and Android/Marry banking trojans targeting mobile devices stored their command and control (C&C) servers on 5 Facebook Parse databases, the company’s Backend-as-a-Service (BaaS) offering, and gathered nearly 170,000 short message service (SMS) messages from infected devices in addition to successfully executing over 20,000 commands primarily for financial fraud. Facebook closed all five accounts in August. Source