April 7, Softpedia – (International) Security experts crack Dridex admin panel, recover victim data. Security researchers from buguroo reported that they were able to retrieve user data and analyze Dridex’s activity to mitigate future attacks after researchers found the Internet Protocol (IP) address of one of the Dridex admin panels, previously known as Subnet 220, hardcoded in the malicious JavaScript files. The Subnet 220 was running an older version of the Dridex backend that was previously discovered which allowed researchers to open Subnet 220’s admin panel and study its operations. Source
April 7, SecurityWeek – (International) Ubuntu patches several kernel vulnerabilities. Ubuntu released patches addressing several vulnerabilities in the Linux kernel and various Ubuntu 14 and 15 variants including a use-after-free flaw that can be exploited by a local attacker to crash a system and potentially execute arbitrary code, a timing side channel vulnerability that can be exploited by an attacker to disrupt the integrity of the system, and a denial-of-service (DoS) vulnerability that could allow an unauthenticated attacker to exhaust resources and force a DoS condition, among other flaws. Source
April 7, SecurityWeek – (International) Adobe patches flash zero-day exploited by Magnitude EK. Adobe released an update for its Flash Player products that patched a zero-day vulnerability, specifically a memory corruption flaw that can be exploited for remote code execution, after a security researcher from Proofpoint found changes in the Magnitude exploit kit (EK); and upon further investigation, discovered attackers were delivering various threats such as Cerber and Locky ransomware via the Magnitude EK. Source
April 7, Softpedia – (International) Authorities shut down botnet of 4,000 Linux servers used to send spam. ESET reported that a joint effort with CyS Centrum LLC and the Cyber Police of Ukraine helped shut down the six-year-old Mumblehard botnet after researchers pinpointed the location of the true command and control (C&C) server when Mumblehard operators began making changes to their malware’s code. Authorities seized the Internet Protocol (IT) of the server and transferred it to a security firm who is running a server that is cancelling all requests made by Mumblehard’s botnets. Source