This Week In Security: KeRanger, Android, Adobe, Firefox, Chrome, SWIFT, Java, ISIS, Libotr

This week there has been a significant amount going on in the security arena. Here are some of the more important goings on.

KeRanger Mac Ransomware

KeRanger a new Ransomware for Mac bypasses gatekeeper by piggybacking on an open source BitTorrent client called Transmission that has been signed with a valid developers certificate.

Read more here

Google Android Security Update

Google have this week released an update to fix 16 vulnerabilities, mostly related to remote code execution in the operating systems built in media server.

Read more here

Adobe

This week Adobe has released patches for Digital Editions, Acrobat, Reader and Flash

Read more here

Microsoft

Microsoft have this week release 13 bulletins which addressed 44 vulnerabilities of which 6 bulletins were critical.

Read more here

Mozilla Firefox

Mozilla have released Firefox 45 this week which includes fixes for 23 security advisories of which 9 were critical.

Read more here

Chrome 49

Chrome 49 was released this week which addresses three critical security problems two were related to the rendering engine and one is in the PDF library used by the browser.

Read more here

SWIFT Heist

A bank robbery was I can’t really say foiled but at least stopped when someone at Deutsch Bank detected a spelling mistake on a SWIFT transaction and asked for clarification. Turns out the modern day Bonnie and Clyde had already made off with 80M USD. They were stopped from making off with the other 850M USD that was planned though.

Read more here

Java

A patch released two years ago for a serious security issue in the Java sandbox has been found to be easy to bypass.

Read more here

ISIS

Seems like there is some descent in the ranks of ISIS, a member of ISIS defected this week taking with him a USB key containing the names of 22K members which he promptly handed over to the media and is now in the hands of the authorities. It also contained a file called martyrs with the names of potential suicide attackers, all seems a little too easy by my way of thinking.

Read more here and here

Libotr

The Libotr library has exposed a number of Internet messaging applications to buffer overflow attacks. The library is used for encryption of communications and can be found in Pidgin, Adium and ChatSecure.

Read more here

Locky Ransomware

Researchers are seeing an enormous spam campaign that is diffusing the Locky Ransomware by means of JavaScript attachments. Usually less than 2% of Spam contains malware however there has been a recent increase to 18%.

Read more here

SAP

SAP has relased patches for 28 vulnerabilities in a number of its products. These ranged from cross site scripting issues, information disclosure issues, authorization checks to mention just a couple.

Read more here

Samsung

Samsung urges its Windows laptop users to download a fix for the MITM vulnerability. The vulnerability was in the Samsung Software Update Tool and could allow an attacker to download files to the machine and then take complete control of the system.

Read more here

BIND

The ISC released updates for BIND to fix three denial of service DoS high severity vulnerabilities. They are related to the pardin of DName records, control channel input handling and cookie options being used to terminate named.

Read more here

Be the first to comment on "This Week In Security: KeRanger, Android, Adobe, Firefox, Chrome, SWIFT, Java, ISIS, Libotr"

Leave a Reply

%d bloggers like this: