May 16, SecurityWeek – (International) Data leaked from hacker forum Nulled.io. Risk Based Security reported that the popular forum, Nulled.io was compromised after hackers leaked a 1.3Gb archive containing more than 536,000 user account information including usernames, email addresses, hashed passwords, application program interface (API) credentials for payment gateways, authentication logs, and Internet Protocol (IP) addresses, among other data. Researchers are unsure how the Nulled.io database was compromised and the forum was taken offline due to the attack. Source
May 16, Softpedia – (International) New Simple attack on Squid proxies leverages malicious flash ads. Squid released versions 4.0.10 and 3.5.18 addressing a vulnerability in its products after a graduate from Tsinghua University discovered a vulnerability dubbed Squison in Squid 3.5.12 to 3.5.17 and all 4.x versions up to 4.0.9 that could allow hackers to poison a Squid proxy server’s cache with malicious content by using simple attacks including a malicious Flash ad or through a Web site controlled by an attacker. Source
May 16, IDG News Service – (International) Researchers crack new version of CryptXXX ransomware. Researchers from Kaspersky Lab created a new tool titled, RannohDecryptor that will help victims decrypt files and recover lost information affected by the CryptXXX 2.0 malware. Researchers advised users to install software program updates to mitigate ransomware attacks. Source
May 15, Softpedia – (International) Silk Road 3.0 pops up on the Dark Web, once again. A Reddit online thread reported that a new Silk Road marketplace dubbed, Silk Road 3.0, was active after its predecessor site was shut down following an FBI raid that arrested the Web site’s users, moderators, and administer. The marketplace was seen actively compiling stolen data, exploits, botnets, drugs, and weapons, among other illegal items, for attackers to purchase. Source
May 13, Softpedia – (International) Five-year-old SAP vulnerability affects over 500 companies, not 36. The U.S. Computer Emergency Response Team (US-CERT) issued a public alert to all U.S. companies after ERPScan discovered at least 533 companies were affected by an SAP vulnerability largely due to the companies’ failure in installing a SAP security patch issued in 2010. The vulnerability can allow attackers to gain complete control of SAP business platforms via a bug in Invoker Servlet, a component in SAP’s Java platforms. Source
May 13, SecurityWeek – (International) Meteocontrol patches flaws in Photovoltaic Data logger. Meteocontrol released an update for all versions of its WEB’log Basic 100, Light, Pro, and Pro unlimited products used in the energy, water, critical manufacturing, and commercial facilities sectors after a security researcher discovered that the products were plagued by critical authentication flaws, information exposure flaws, and a cross-site request forgery (CSRF) flaw that could allow attackers to perform actions on behalf of the user without authentication and access an administrator password in clear text. Source
May 13, SecurityWeek – (International) Upgraded Android banking trojan targets users in 200 countries. Security researches from Doctor Web reported that an Android banking trojan dubbed Android.SmsSpy.88. origin, initially discovered in 2014, was updated with new ransomware capabilities including a credit card information stealing capability that targets around 100 banking applications by using WebView to display a phishing window on top of the legitimate banking app, and by utilizing a fake Google Play payment phishing page to intercept and send short message service (SMS) and multimedia messaging service (MMS) messages, send unstructured supplementary service data (USSD) requests, and transmit all saved messages to the server, among other malicious actions. Security researchers stated the trojan has infected over 40,000 devices in over 200 countries. Source
Reprinted from the USDHS Daily Open Source Infrastructure Report