March 16, SecurityWeek – (International) Radamant C&C server manipulated to spew decryption keys. Security researchers from InfoArmor reported that a flaw in Radamant ransomware’s command and control (C&C) server could potentially allow researchers to decrypt victims’ files without requiring user interaction by registering the infected machine within the malware control center via a Hypertext Transfer Protocol (HTTP) POST request. Researchers reported the request needs to contain public and private encryption keys, as well as a unique identifier of the bot to bypass the filter and avoid additional vulnerability exploits. Source
March 16, The Register – (International) VMware vRealizes that vRealize has XSS bugs on Linux. Virtzilla released its first maintenance updates in version 7.0.1 of its vRealize Automation product in Linux systems after discovering that a pair of cross-site scripting (XSS) vulnerabilities could compromise a user’s workstation. Source
March 15, SecurityWeek – (International) Suffocating volume of security alerts challenge incident response. Phantom and Enterprise Strategy Group (ESG) released a report stating that 74 percent of large companies regularly disregard security alerts due to the increase in information technology (IT) activities that pull staff from daily workflow tasks. With the increase in IT activities, the report stated companies face challenges in monitoring incident response (IR) processes from end-to-end, maintaining the high volume of security alerts and external threat intelligence, and coordinating between information technology (IT) and security teams. Source
March 15, SecurityWeek – (International) Google tracks use of HTTPS on top 100 websites. Google released its transparency report March 15 that tracks the progress of encryption efforts for its own products and the world’s most visited websites, as well as includes a new tracking service that monitors the state of Hypertext Transfer Protocol Secure (HTTPS) used on the world’s top 100 third-party websites. Source