Security Alerts & News
by Tymoteusz A. Góral

History
#601 CISCO: Out-of-date apps put 3 million servers at risk of crypto ransomware infections
More than 3 million Internet-accessible servers are at risk of being infected with crypto ransomware because they're running vulnerable software, including out-of-date versions of Red Hat's JBoss enterprise application, researchers from Cisco Systems said Friday.

About 2,100 of those servers have already been compromised by webshells that give attackers persistent control over the machines, making it possible for them to be infected at any time, the Cisco researchers reported in a blog post. The compromised servers are connected to about 1,600 different IP addresses belonging to schools, governments, aviation companies, and other types of organizations.
#600 VMware patches critical session-handling vulnerability
VMware fixed a critical vulnerability in one of its products this week that if exploited by an attacker, could’ve led to a man-in-the-middle attack. According to an advisory, the problem existed in VMware’s Client Integration plugin, a collection of tools present in a handful of other products the company ships, including some versions of its vCenter Server, vCloud Director, and vRealize Automation Identity Appliance.
#599 Microsoft's OneDrive short URLs pointed attackers right at your private files
Researchers have found that shortened URLs from cloud services can also be abused by attackers to locate private resources, such as files or even driving directions to medical appointments.

Researchers from Cornell Tech university have published a paper demonstrating serious privacy risks from using short URLs in cloud services such as Microsoft's OneDrive and Google Maps.
#598 Adobe patches Creative Cloud desktop in new security update
Adobe has released a set of new patches for the Creative Cloud Desktop application and RoboHelp Server 9 following last week's critical update of Adobe Flash Player.

The latest security advisory includes the resolution of a vulnerability in the JavaScript API for Adobe Creative Cloud Libraries. The flaw, assigned CVE-2016-1034, allows attackers to remotely read and write files on a client's file system through sync features, potentially leading to malware downloads and hijacking.
#597 ‘Blackhole’ Exploit Kit author gets 7 years
A Moscow court this week convicted and sentenced seven hackers for breaking into countless online bank accounts — including “Paunch,” the nickname used by the author of the infamous “Blackhole” exploit kit. Once an extremely popular crimeware-as-a-service offering, Blackhole was for several years responsible for a large percentage of malware infections and stolen banking credentials, and likely contributed to tens of millions of dollars stolen from small to mid-sized businesses over several years.

According to Russia’s ITAR-TASS news network, Dmitry “Paunch” Fedotov was sentenced on April 12 to seven years in a Russian penal colony. In October 2013, the then 27-year-old Fedotov was arrested along with an entire team of other cybercriminals who worked to sell, develop and profit from Blackhole.
#596 Online banking and plastic card-related fraud in India increases 35 percent
The incidence of ATM, credit, debit card and net banking-related fraud has gone up by more than 35 percent between 2012-13 and 2015-16 in India, according to country's federal bank Reserve Bank of India (RBI).

According to RBI data, 8,765 cases were reported by banks in 2012-13 and the corresponding figures for subsequent three years were 9,500 (2013-14), 13,083 (2014-15) and 11,997 (in the first nine months of 2015-16) respectively. India ranked third after Japan and the US as countries most affected by online banking malware in 2014.
#595 Australia: Cybercriminals now target payroll, invoicing, and superannuation systems
Cybercriminals targeting Australia are shifting their focus to second-tier targets such as payroll systems, invoicing systems, and superannuation brokers, according to federal agent Scott Mellis, team leader of cybercrime operations with the Australian Federal Police (AFP) in Melbourne.

"I blame the banks for all this. They've done a really good job of securing their retail banking platforms, God bless 'em," Mellis told the Australian Cyber Security Centre (ACSC) Conference in Canberra on Wednesday.
#594 Urgent Call to Action: Uninstall QuickTime for Windows Today
First, Apple is deprecating QuickTime for Microsoft Windows. They will no longer be issuing security updates for the product on the Windows Platform and recommend users uninstall it. Note that this does not apply to QuickTime on Mac OSX.

Second, our Zero Day Initiative has just released two advisories ZDI-16-241 and ZDI-16-242 detailing two new, critical vulnerabilities affecting QuickTime for Windows. These advisories are being released in accordance with the Zero Day Initiative’s Disclosure Policy for when a vendor does not issue a security patch for a disclosed vulnerability. And because Apple is no longer providing security updates for QuickTime on Windows, these vulnerabilities are never going to be patched.
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12