June 29, Securityweek – (International) Security firm discloses details of Amazon Fire Phone vulnerabilities. MWR InfoSecurity released details on three recently patched Amazon Fire Phone vulnerabilities, including flaws in the CertInstaller package that can allow third party applications to install digital certificates to intercept encrypted traffic via man-in-the-middle attacks, and an issue with the Android Debug Bridge (ADB) in which an attacker could bypass the lock screen, steal information, add and remove applications, and access a high privilege shell on the phone. Source
June 29, Help Net Security – (International) Hackers are exploiting Magento flaw to steal payment card info. A security researcher from Sucuri Security discovered that attackers are actively exploiting a flaw in eBay’s Magento platform to steal users’ billing and payment card information by injecting malicious code into Magento’s core file. Researchers are investigating the attack vectors to identify the vulnerability. Source
June 29, Softpedia – (International) LG’s Update Center app fails to check server’s SSL certificate, MitM risk. Security researchers from Search-Lab discovered a vulnerability in LG’s Update Center application on Android phones in which an attacker could exploit the fact that the app does not check the secure sockets layer/transport layer security (SSL/TLS) certificate of the update server to execute a man-in-the-middle (MitM) attack and install arbitrary applications on the device. Source
June 29, Securityweek – (International) Flash player flaw used by APT3 group added to Magnitude exploit kit. A French security researcher discovered that an exploit for a recently patched Adobe Flash Player heap buffer overflow vulnerability, leveraged by the APT3 threat group has been added to the Magnitude exploit kit (EK). Source
June 26, IDG News Service – (International) Samsung will stop blocking Microsoft software updates ‘within a few days’. Samsung reported that users will be receiving a patch through the Samsung Software Update notification process to revert back to restore default Microsoft Windows Update settings, after a security researcher discovered that the company had disabled Windows Update to de-conflict with its SW Update service. Source
June 26, Softpedia – (International) Click-fraud attack morphs into ransomware risk in a couple of hours. Security researchers at Damballa discovered that a threat actor dubbed RuthlessTreeMafia is distributing exploit kits along with the Rerdom malware in a click-fraud campaign in which they sell other threat actors access to infected users’ systems. Researchers observed an infection result in the delivery of the CryptoWall ransomware. Source
June 26, Securityweek – (International) Default SSH keys expose Cisco’s virtual security appliances. Cisco reported that customers using its Web Security, Email Security, and Security Management Virtual Appliances were vulnerable due to the products’ use of default secure shell (SSH) keys, which could allow an unauthenticated, remote attacker to connect to a system with root user privileges. The company released a patch addressing the issue. Source
June 26, Softpedia – (International) 94% of Android devices vulnerable to bug exposing memory content. Security researchers from Trend Micro discovered security flaw in the Android operating system’s (OS) debugging component in which an attacker could create a special Executable and Linkable Format (ELF) file to crash the debugger and view dumps and log files stored in memory, or to create a denial-of-service (DoS) condition. The issue affects all Android versions after 4.0, Ice Cream Sandwich. Source
June 25, Threatpost – (International) Stored XSS flaw patched in Thycotic secret server. Thycotic patched a stored cross-site scripting (XSS) vulnerability in its Secret Server product in which an attacker could use JavaScript code in the browser of a valid user to toggle the password mask and steal a victim’s stored passwords. Source
June 25, Securityweek – (National) U.S. healthcare companies hardest hit by ‘Stegoloader’ malware. Security researchers from Trend Micro reported that North American healthcare organizations are the primary victims of the Stegoloader Trojan, a malware identified as TROJ_GATAK which embeds malicious code in image files to avoid detection and has anti-virtual machine and anti-emulation capabilities to prevent analysis. Source