March 9, Softpedia – (International) KeRanger ransomware is actually Linux.Encoder ported for Macs. Security researchers from Bitdefender reported that the KeRanger ransomware that targets Mac OS X systems is a rewrite of the Linux.Encoder ransomware after finding that the encryption functions of each ransomware were identical to each other and that both ransomwares share the same names: encrypt_file, recursive_task, currentTimestamp, and creatDaemon. Source
March 8, SecurityWeek – (International) Microsoft updates Windows, browsers to patch critical flaws. Microsoft released 13 security bulletins addressing several vulnerabilities in Windows, Internet Explorer, Edge browser, Office, Server Software, and the .NET Framework including 13 Internet Explorer vulnerabilities that could allow a remote attacker to execute arbitrary code by tricking a victim into visiting a specially crafted website; 11 Microsoft Edge vulnerabilities; and critical vulnerabilities in how the Windows Adobe Type Manager Library handles specially crafted Type fonts which can be exploited for denial-of-service (DoS) attacks and remote code execution (RCE) attacks, among other vulnerabilities. Source
March 8, SecurityWeek – (International) Adobe patches flaw in Acrobat, Reader, Digital Editions. Adobe Systems released updates for its Acrobat, Reader, and Digital Editions products to patch several critical vulnerabilities including multiple memory corruption flaws and a directory search path flaw that can be exploited to execute arbitrary code in several of the products. Source
March 8, Associated Press – (International) Mock cyberattack tests response. The U.S. Department of Homeland Security and the U.S. Secret Service reported that more than 1,000 U.S. cybersecurity professionals from the Federal government, healthcare firms, Internet service providers, retail businesses, and phone companies were participating in a mock cyberattack exercise March 8 – March 10 to test human response and coordination in the event of a real-life cyberattack. The exercise will also look for areas of improvement to help the public and private sector become more resilient against cyber threats. Source