February 11, Softpedia – (International) Severe vulnerability affects Cisco ASA VPN server equipment. Cisco released patches for a buffer overflow vulnerability in its firewall equipment embedded in several versions of its Adaptive Security Appliance (ASA) software for corporate networks and data centers after a researcher found an issue in the InternetKey Exchange (IKE) protocol that could allow attackers to craft malicious User Datagram Protocol (UDP) packets and send it to an ASA device, exploiting the vulnerability. Source
February 11, SecurityWeek – (International) Hackers invited to target VMware at Pwn2Own 2016. Hewlett Packard Enterprise, Trend Micro, and the Zero Day Initiative will be hosting a Pwn2Own 2016 competition that will allow white-hat hackers to hack Google Chrome, Microsoft Edge, Adobe Flash, Apple Safari, and VMware Workstation in exchange for monetary goods and to show potential vulnerabilities within each software. Source
February 11, Help Net Security – (International) Rooting malware lurking in third party Android app stores. Security researchers from Trend Micro discovered over 1,163 malicious trojanized Android application packages (APK) were found in the Google Play store through third party apps that allowed attackers to root the phone, download and install additional malicious apps, and collect and send user device data to a remote server controlled by hackers. Researchers advised app users to check the reputation of any app before downloading. Source
February 10, SecurityWeek – (International) SAP patches flaws in xMII, other products. SAP released patches addressing several flaws in its products including a cross-site scripting (XSS) flaw, authentication check flaw, and implementation flaws after security researchers found that the vulnerabilities can be exploited to give malicious actors control over plant devices and manufacturing systems in the Manufacturing sector, Energy sector, Oil and Natural gas sector, and the Communications sector. Source
February 10, Softpedia – (International) Linode VPS host accidentally deploys servers with the same SSH key. Linode reported that its virtual private servers (VPS) hosted on Ubuntu machines could have been susceptible to man-in-the-middle (MitM) attacks after the company disseminated Ubuntu 15.0 images to some of its clients’ server, which used the same hard-coded secure shell (SSH) key. The company stated its customers need to reconfigure the SSH daemon and run a specific shell command to fix the vulnerability. Source
February 10, SecurityWeek – (International) Microsoft patches critical flaws in Windows, Browsers. Microsoft released several patches for its products including patches for 22 Flash Player flaws used in Internet Explorer 10, 11, and Edge, and patched a critical memory corruption flaw in Windows Journal, a remote code execution (RCE) flaw, and a denial-of-service (DoS) flaw, among other patched vulnerabilities. Source
February 10, IDG News Service – (International) Google will stop accepting new Flash ads on June 30. Google reported that it will stop accepting new Adobe Flash-based display ads for AdWords and DoubleClick Digital Marketing, and will not permit Flash ads on its Display Network or DoubleClick after January 2017 due to the frequent security vulnerabilities within Flash Players. Source
February 9, Softpedia – (International) Tool for hacking facebook accounts contains Remtasu spyware. The Win32/Remtasu.Y malware, also known as Remtasu, was reported infecting computer systems through different variants and through an app named Hack Facebook to log keystrokes, steal data from clipboard, save the information to local files, and upload the information to a remote file transfer protocol (FTP) server by duplicating itself to the Windows System32 folder saved as InstallerDir and creating a registry key that executes the malware process each time a user starts their computer. Researchers reported an antivirus program should help detect the malware. Source
February 9, SecurityWeek – (International) Nuclear EK gate uses decoy CloudFlare DDoS check page. Security researchers from Malwarebytes reported that hackers were using malvertising attacks to deceive users into visiting a rogue domain similar to CloudFlare’s distributed denial of service (DDoS) check page, that contained the Nuclear exploit kit (EK) to compromise a user’s system. CloudFlare reported the fraudulent domain was not associated with its security firm. Source
February 9, SecurityWeek – (International) Adobe patches flaws in Flash, Photoshop, Connect. Adobe release security updates and patches for its Flash Player, Photoshop, Bridge, Connect, and Experience Manager that addressed several vulnerabilities including 22 memory corruption flaws that can be exploited for arbitrary code execution, a content spoofing flaw, a cross-site request forgery flaw, and an insufficient input validation flaw affecting a Uniform Resource Locator (URL), among other vulnerabilities. Source
February 9, IDG News Service – (International) Google adds warning to unencrypted emails. Google released a new security feature in its email services that warned users when a recipient’s email does not support transport layer security (TLS) encryption and reminded users to be mindful of transmitting or revealing sensitive information via email. The new feature will use a small red unlocked padlock icon to warn users of the various security levels. Source
February 9, The Register – (International) Sophisticated malware-as-a-racket fraudsters have been scamming businesses for 10 years. Security researchers from Kaspersky Lab reported that the Poseidon Group, a global cyber-espionage group, has been targeting international financial sectors, telecommunications sectors, critical manufacturing sectors, and energy sectors to collect information from company networks via spear-phishing packages that are embedded with executable elements inside Word documents, and using the information to blackmail victim companies into contracting the Poseidon Group as a security firm. Researchers found that several of the infections were found to have a very short life span which contributed to the malware being undetectable. Source