May 6, Help Net Security – (International) Android trojan pesters victims, won’t take no for an answer. Avast researchers determined that an information-stealing Android trojan that is inadvertently downloaded by users, begins its infection after an icon is installed in the launcher in the name of a fake app which launches a dialog box that asks the user to grant it admin rights and blocks further access. Users can remove the trojan by powering down the phone and restoring it to factory settings or uninstalling the app. Source
May 6, Threatpost – (International) New security flaw found in Lenovo Solution Center software. Trustwave SpiderLabs reported a new vulnerability in Lenovo’s Solution Center software which is tied to the software’s backend and can allow an attacker with local network access to a PC to execute arbitrary code and elevate privileges. The company updated a previous security advisory disclosing the additional vulnerability and released a fix addressing the vulnerability. Source
May 5, Softpedia – (International) Ransomware infections grew 14 percent in early 2016, April the worst month. Kaspersky, Enigma Software Group, and the FBI issued a warning to companies about the increase in ransomware infections following reports of at least 2,900 new ransomware variants, representing a 14 percent increase in Quarter 1 of 2016. Researchers also found a significant increase in the number of attacks during April. Source
May 5, Softpedia – (International) New Attack on WordPress sites redirects traffic to malicious URLs. Security researchers from Sucuri reported that hackers were continuously leveraging vulnerabilities in older WordPress versions or WordPress plugins by altering the Web sites’ main theme’s header.php file via 12 lines of obfuscated code to redirect users to malicious Web sites. In addition, Joomla Web sites were seen with a similar malicious code in the administrator/includes/help.php file. Source
May 5, SecurityWeek – (International) Qualcomm software flaw exposes Android user data. Security researchers from FireEye discovered Qualcomm Technologies, Inc., open source software package and devices running Android 5.0 Lollipop and earlier versions were plagued with an information disclosure vulnerability that could allow a malicious application to access user information as long as the application has the “ACCESS_NETWORK_STATE” permission. Qualcomm issued security updates patching the vulnerability. Source
May 5, SecurityWeek – (International) Adobe issues pre-patch advisory for Reader, Acrobat. Adobe issued a pre-patch advisory stating that it will release patches for its PDF Reader and Acrobat software products May 10, which will address critical vulnerabilities on the Microsoft Windows and Apple Mac operating system (OS) X platforms. Source
May 6, SecurityWeek – (International) New trojan targets banks in US, Mexico. Researchers from Zscaler discovered that a new information stealer trojan which leverages legitimate tools to target online banking users in the U.S. and Mexico is delivered via the “curp.pdf.exe” installer served on several compromised Web sites which downloads a main payload file, a Fiddler dynamic link library (DLL) file, and a Json.Net DLL file on a victim’s device to collect system information and send it back to the command and control (C&C) server, to parse the server’s response and save the information in an extensible markup language (XML) file, and to intercept Hypertext Transfer Protocol (HTTP) and Secure Hypertext Transfer Protocol (HTTPS) connections and redirect users to a malicious Web site masked as a bank’s legitimate domain. Source
Reprinted from the USDHS Daily Open Source Infrastructure Report