March 28, SecurityWeek – (International) PowerWare ransomware abuses PowerShell, Office macros. Security researchers from Carbon Black reported a new fileless ransomware, PowerWare can allow attackers to disguise malicious commands as legitimate computer activities and execute malicious actions by abusing PowerShell, a core utility for Microsoft Windows systems. The malware was distributed via malicious Word documents that uses embedded macros to send “cmd.exe” to a target’s computer. Source
March 28, Softpedia – (International) Flaw in StartSSL validation allowed attackers to get SSL certs for any domain. A security researcher discovered a domain validation flaw in Web service, StartSSL certificate authority (CA) that could allow an attacker to receive Secure Sockets Layer (SSL) certificates for any desired domain by capturing the Hypertext Transfer Protocol (HTTP) request sent to the server and modifying the included parameters to send the certificate to their own personal email. StartSSL reported they patched the flaw. Source
March 26, Softpedia – (International) Node.js Package Manager vulnerable to malicious worm packages. A Google software engineer discovered that a design flaw in Node.js Package Manager (npm) could allow an attacker to infect other packages and propagate malicious scripts in the entire JavaScript ecosystem as well as in the structure of projects via a simple worm virus, which can be distributed through a rogue npm package embedded with malicious code. Once a malicious package is opened, unaware developers will include the package in projects via a “npm install” command, which will execute malicious actions on the infected system using the users’ full privileges. Source
March 25, SecurityWeek – (International) Google patches serious flaws in Chrome 49. Google released patches for Chrome 49 affecting Microsoft Windows, Apple Mac, and Linux systems that fixed five vulnerabilities including a use-after free vulnerability in Navigation and Extensions, an out-of-bounds read in V8 JavaScript engine, and a buffer overflow flaw in LibAGLE, among other flaws. Source
March 25, SecurityWeek – (International) U.S. Federal Agencies vulnerable to data threats: Survey. Vormetric released its 2016 Data Threat Report which detailed that 90 percent of Information Technology (IT) security executives from large international organizations, including more than 100 executives in the U.S. Federal government expressed their organizations were vulnerable to data threats and that 61 percent of executives admitted that their organization had previously suffered a data breach. The report stated that many entities were planning to increase spending on sensitive data protection, invest in data-at-rest defenses, and implement more efficient data security tools. Source
March 25, SecurityWeek – (International) Petya ransomware encrypts entire hard drives. Security researchers from G DATA SecurityLabs found a new threat, dubbed Petya ransomware that has been allegedly encrypting company’s entire hard drives and locking users out of their systems via a malicious Dropbox download link, included in an email sent to Human Resources (HR) departments, that is embedded with an executable file that causes the computer to crash and enables the ransomware to manipulate the Master Boot Record (MBR) to ultimately control the computer system. Security researchers advised HR department employees to take extra precaution when offered Dropbox links. Source
March 25, SecurityWeek – (International) Brazilian trojan conceals malicious code in PNG image. Security researchers from Kaspersky Lab found a new malware delivery method was being used by attackers to avoid detection after finding that attackers were distributing a Portable Network Graphics (PNG) image embedded with malicious code via an email that contains a clean PDF file, which holds a link to a .zip file with the malicious image. Researchers found that the PNG image cannot be executed without its launcher; and therefore, it cannot be the main infector. Source