April 18, SecurityWeek – (International) 3.2 million devices exposed to ransomware attacks: Cisco. Security researchers from Cisco Talos discovered that approximately 3.2 million computers were vulnerable to file-encrypting ransomware due to out-of-date software after an Internet scan on already compromised devices revealed that more than 2,100 backdoors across 1,600 Internet Protocol (IP) addresses were associated with governments, schools, aviation companies, and other organizations. Cisco advised administrators to disable external access to infected machine to keep attackers away. Source
April 18, SecurityWeek – (International) C99 webshell increasingly used in WordPress attacks. IBM Security reported that there was a 45 percent increase in attacks using a variant of the PHP webshell dubbed, C99 in WordPress Web sites after IBM identified nearly 1,000 attacks in February and March. Source
April 18, SecurityWeek – (International) Flaws found in Accuenergy, Ecava ICS products. The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) released advisories detailing several flaws in its ICS products from Accuenergy Corporation, Ecava, and Sierra Wireless Company including an authentication bypass issue in Acuvim II and Acuvim IIR products, a security issue in Accuenergy devices, and an information disclosure vulnerability in Sierra’s Wireless ACEmanager product, among other vulnerabilities. Source
April 17, Softpedia – (International) New USB-C standard can help fight USB malware. The USB Implementers Forum (USB-IF) reported that it created a new standard titled, USB Type-C Authentication that will help protect USB-C capable devise from low-end USB chargers that may inflict damage to a user’s device and will help prevent USB malwares from infecting a device as the USB-C Authentication only sends data to a device that adheres to the strict USB-C specifications. Source
April 16, Softpedia – (International) Decrypter available for AutoLocky, Locky ransomware copycat. A security researcher from Emsisoft developed a decrytper for a new ransomware named AutoLocky, a variant of the Locky ransomware, which can encrypt a victim’s file by tricking a victim into accessing a malicious link created inside the Start Menu StartUp folder named “Start.Ink.” The decrypter was discovered after researchers found a flaw in the ransomware. Source
April 16, Softpedia – (International) Researcher identifies XSS filter bypass in Microsoft Edge. A security researcher form PortSwigger discovered a bypass flaw in Microsoft’s Edge’s built-in cross-site scripting (XSS) filter that could allow attackers to run malicious JavaScript code inside its Edge Web browser while exploring several Web sites. Microsoft released a proof-of-concept code to users and reported a similar issue was seen in its Internet Explorer Web browser. Source
April 15, SecurityWeek – (International) VMware patches critical vulnerability. VMware released updates for several of its products including a patch for a critical vulnerability in its Client Integration Plugin (CIP) that could have allowed an attacker to execute a man-in-the-middle (MitM) attack or session hijacking attack by tricking a vSphere Web client user to visit a specially crafted Web site. VMware advised its customers to update all programs to patch the flaw. Source
April 15, SecurityWeek – (International) Western Digital user data exposed by DNS issue. A security researcher discovered that a Western Digital (WD) nameserver, supporting the company’s My Cloud NAS products, was not configured properly and posed a Domain Name System (DNS) flaw that could have been exploited by an attacker to conduct a zone transfer and gain access to a zone file, which can contain valuable user data for attackers to exploit a zero-day vulnerability in the products. WD corrected the faulty configuration after scanning all its servers and reviewing all the architecture and processes in place for modifying the configuration of nameservers. Source