February 25, SecurityWeek – (International) OpenSSL preparing patches for high severity flaws. The OpenSSL Project reported it will release versions 1.0.2g and 1.0.1s for its OpenSSL product early March 2016 to patch several vulnerabilities including a high severity flaw that could allow attackers to obtain the key needed to decrypt traffic if the targeted application uses the Diffie-Hellman (DH) key exchange. Source
February 25, SecurityWeek – (International) Critical Drupal updates patch several vulnerabilities. Drupal released versions 6.38, 7.43, and 8.0.4 that patches ten vulnerabilities including a bypass issue, denial-of-service (DDoS) vulnerability, and an open redirect vulnerability, among other flaws. Source
February 24, Softpedia – (International) Attackers can hijack wireless mice and keyboards to install malware. Security researchers from Bastille discovered that wireless mouse and keyboard USB dongles, sold by Dell, HP, Lenovo, and Microsoft, among other companies, were susceptible to a remote attack called, Mousejack after finding that the USB dongles did not have unique pairings between a computer and its device, allowing attackers to use similar devices with the victim’s dongle and take control of a victim’s computer and carry out malicious actions. Source
February 24, SecurityWeek – (International) Sony hackers linked to many espionage, destruction campaigns. Novetta, Kaspersky Lab, AlientVault, and Symantec security firms released a report February 24 detailing that the activities of the threat group dubbed, the Lazarus Group was allegedly linked to numerous attacks including a 2014 attack on Sony Pictures Entertainment, the Dark Seoul and Operation Tory campaigns, and attacks on government, media, military, aerospace, manufacturing, and financial organizations located in South Korea and the U.S. Researchers found that the attacks and the Lazarus Group shared similar code between malicious tools and similarities in the attackers’ modus operandi. Source