Alert

NEWS - July 14, 2016

Be careful in your inbox. Massive Locky ransomware campaign underway

F-Secure is warning computer users about a significant increase in sightings of the Locky ransomware, typically spammed out posing as invoices or profiles for positions at your company.

Here is how researcher Päivi Tynninen described the scale of the malware campaign:

Yesterday, Tuesday, we saw two new campaigns with a totally different magnitude: more than 120,000 spam hits per hour. In other words, over 200 times more than on normal days, and 4 times more than on last week’s campaigns.

Continued: https://www.grahamcluley.com/2016/07/careful-inbox-massive-locky-ransomware-campaign-underway/
Discussion is locked
Follow
Reply to: NEWS - July 14, 2016
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: NEWS - July 14, 2016
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Comments
- Collapse -
Adobe, Microsoft Patch Critical Security Bugs
Adobe has pushed out a critical update to plug at least 52 security holes in its widely-used Flash Player browser plugin, and another update to patch holes in Adobe Reader. Separately, Microsoft released 11 security updates to fix vulnerabilities more than 40 flaws in Windows and related software.

First off, if you have Adobe Flash Player installed and haven’t yet hobbled this insecure program so that it runs only when you want it to, you are playing with fire. It’s bad enough that hackers are constantly finding and exploiting zero-day flaws in Flash Player before Adobe even knows about the bugs.

Continued: http://krebsonsecurity.com/2016/07/adobe-microsoft-patch-critical-security-bugs/
- Collapse -
Here's the best advice on what you should do with Adobe ..
- Collapse -
20-year-old Windows bug lets printers install malware ..
.. - patch now

For more than two decades, Microsoft Windows has provided the means for clever attackers to surreptitiously install malware of their choice on computers that connect to booby-trapped printers, or other devices masquerading as printers, on a local area network. Microsoft finally addressed the bug on Tuesday during its monthly patch cycle.

The vulnerability resides in the Windows Print Spooler, which manages the process of connecting to available printers and printing documents. A protocol known as Point-and-Print allows people who are connecting to a network-hosted printer for the first time to automatically download the necessary driver immediately before using it.

Continued: http://arstechnica.com/security/2016/07/20-year-old-windows-bug-lets-printers-install-malware-patch-now/

Related:
How boobytrapped printers have been able to infect Windows PCs for over 20 years
http://www.tripwire.com/state-of-security/featured/boobytrapped-printers-windows-malware/
- Collapse -
Fiat Chrysler Launches Bug Bounty with $1.5K Payout Cap

Hacking Jeeps is about to get a lot more competitive. That’s because Jeep maker Fiat Chrysler Automobiles has launched a bug bounty program in conjunction with Bugcrowd that will payout as much as $1,500 per bug.

Fiat Chrysler, the world’s No. 7 automaker, claims it will be the first Detroit automaker to introduce a bug bounty program. Last year, Fiat Chrysler was thrust unwittingly in to the hacker limelight when researchers Chris Valasek and Charlie Miller remotely hacked a Jeep and took control of the vehicle, research that led to a recall of 1.4 million Fiat Chrysler automobiles.

Continued: https://threatpost.com/fiat-chrysler-launches-bug-bounty-with-1-5k-payout-cap/119255/

Related:
Generous Fiat Chrysler offers $1,500 for car security bugs – or two minutes of annual profit
http://www.theregister.co.uk/2016/07/13/fiat_chrysler_bug_bounty/
Bug bounties and automotive firewalls: Dealing with the car hacker threat
http://arstechnica.com/cars/2016/07/bug-bounties-and-automotive-firewalls-dealing-with-the-car-hacker-threat/

- Collapse -
6 months on, Bleeping Computer will continue to have to ..
.. defend libel lawsuit

"Computer help site didn't like Enigma Software's anti-virus program, so Enigma sued."

A federal judge has recently allowed an ongoing libel lawsuit filed against a popular online forum to go forward.

Bleeping Computer, the website, has characterized the lawsuit as "frivolous," and has asked its readers to help defend its "freedom of speech."

The case revolves around numerous posts on the site concerning Enigma Software Group, which makes an anti-virus software known as SpyHunter.

Continued: http://arstechnica.com/tech-policy/2016/07/judge-case-over-spyhunters-bad-review-on-bleeping-computer-can-continue/
- Collapse -
A surge of Pokemon Go-related apps is out to steal your data

"A throng of unofficial apps has tried to piggyback on the title’s success"

Privacy fears about the Pokemon Go app have been largely addressed, but dozens of other apps that piggy back on the popular game have raised further concerns.

Since the game launched last week, a swarm of unofficial apps has emerged and is trying to capitalize on the title’s success. And many are hungry for your personal data.

Continued: http://www.pcworld.com/article/3095421/a-surge-of-pokemon-go-related-apps-is-out-to-steal-your-data.html

Related:
Fake Pokemon GO app watches you, tracks you, listens to your calls
https://nakedsecurity.sophos.com/2016/07/12/fake-pokemon-go-app-watches-you-tracks-you-listens-to-your-calls/
Were you planning on downloading the Pokémon GO APK? Beware fake versions!
http://www.welivesecurity.com/2016/07/13/planning-download-pokemon-go-apk-watch-fake-versions/

- Collapse -
Critical remote code execution holes reported in Drupal ..
.. modules

Drupal is calling on its users to patch a dangerous remote code execution hole that can let attackers easily hijack sites.

The content management system has some 15 million downloads, compared to WordPress on 140 million and Joomla with 30 million, but is used on big ticket and business sites including nine percent of the world's 10,000 most popular sites.

The remote code execution hole lies in Drupal modules used by about 14,000 websites.

Continued: http://www.theregister.co.uk/2016/07/14/critical_remote_code_execution_holes_reported_in_drupal_modules/

Related:
Drupal Patches Remote Code Execution Vulnerabilities in Three Modules
https://threatpost.com/drupal-patches-remote-code-execution-vulnerabilities-in-three-modules/119270/
Drupal calls on users to patch critical remote code execution vulnerabilities
http://www.zdnet.com/article/drupal-calls-on-users-to-patch-critical-remote-code-execution-vulnerabilities/

CNET Forums