April 13, SecurityWeek – (International) Adobe patches flaws in Creative Cloud, RoboHelp. Adobe released Creative Cloud version 3.6.0.244, which patched an important vulnerability in the sync process that affected Creative Cloud Libraries version 3.5.1.209 and earlier versions, as well as a security hotfix for RoboHelp Server version 9, which patched a critical vulnerability linked to the Structured Query Language (SQL) queries that could lead to information disclosure, among other patched vulnerabilities. Source
April 13, SecurityWeek – (International) Another IBM Java patch bypassed by researchers. Researchers from Security Explorations discovered that IBM’s patch for Java’s “issue 70” was inefficient and could be easily bypassed and exploited for a complete sandbox escape flaw against Java versions 7 and 8 after the patches did not address the root causes of the vulnerabilities or introduce security checks into the code. Security Explorations published a report advising how IBM’s patch can be bypassed and released a Proof-of-Concept (PoC) code for the flaw. Source
April 12, SecurityWeek – (International) Links found between different ransomware families. Researchers from AlienVault released a report addressing several similarities between PowerWare and PoshCoder ransomware including the use of the RijndaelManaged class and that both ransomware encrypt the same file types, which suggests that the two threats are connected. In addition, the report stated several similarities between Rokku and Chimera ransomware including the use of the ReflectiveLoader function, which is used in both ransomware for reflective dynamic link library (DLL) injection to load a library from memory into a host process. Source
April 12, Softpedia – (International) Over half a billion personal records were stolen or lost in 2015. Symantec Corporation released a report which stated that in 2015 many companies avoided disclosing the full details of their data breaches after researchers found that over 429 million records were lost or stolen and that data breaches grew by 85 percent compared to data breaches in 2014. In addition, the report stated that 75 percent of popular Web sites had major vulnerabilities; of which, 15 percent were considered as critical flaws. Source
April 12, SecurityWeek – (International) Improved Qbot worm targets public institutions. Researchers from BAE Systems discovered that an improved version of the Qbot malware was targeting public organizations such as police departments, hospitals, and universities after finding that the malware’s developers had made several improvements to avoid detection and that more than 54,000 international machines were part of the botnet, with 85 percent of infections listed in the U.S. Researchers noted that cyber attackers distributed the Qbot malware via compromised Web sites that lead to the RIG exploit kit (EK). Source