This Week in Security: KeRanger, Android, Adobe, Firefox, Chrome, SWIFT, Java, ISIS, Libotr
Check out the latest security happenings, from KeRanger, a new Ransomeware for Mac bypass, to Google Android security, and a Java patch issue.
Join the DZone community and get the full member experience.
Join For FreeThis week there has been a significant amount going on in the security arena. Here are some of the more important goings on.
KeRanger Mac Ransomware
KeRanger a new Ransomware for Mac bypasses gatekeeper by piggybacking on an open source BitTorrent client called Transmission that has been signed with a valid developers certificate.
Read more here
Google Android Security Update
Google have this week released an update to fix 16 vulnerabilities, mostly related to remote code execution in the operating systems built in media server.
Read more here
Adobe
This week Adobe has released patches for Digital Editions, Acrobat, Reader and Flash
Read more here
Microsoft
Microsoft has this week released 13 bulletins which addressed 44 vulnerabilities of which 6 bulletins were critical.
Read more here
Mozilla Firefox
Mozilla has released Firefox 45 this week which includes fixes for 23 security advisories of which 9 were critical.
Read more here
Chrome 49
Chrome 49 was released this week which addresses three critical security problems two were related to the rendering engine and one is in the PDF library used by the browser.
Read more here
SWIFT Heist
A bank robbery was I can’t really say foiled but, at least, stopped when someone at Deutsch Bank detected a spelling mistake on a SWIFT transaction and asked for clarification. Turns out the modern day Bonnie and Clyde had already made off with 80M USD. They were stopped from making off with the other 850M USD that was planned, though.
Read more here
Java
A patch released two years ago for a serious security issue in the Java sandbox has been found to be easy to bypass.
Read more here
ISIS
Seems like there is some descent in the ranks of ISIS, a member of ISIS defected this week taking with him a USB key containing the names of 22K members which he promptly handed over to the media and is now in the hands of the authorities. It also contained a file called martyrs with the names of potential suicide attackers, all seems a little too easy by my way of thinking.
Labour
The Libotr library has exposed a number of Internet messaging applications to buffer overflow attacks. The library is used for encryption of communications and can be found in Pidgin, Adium and ChatSecure.
Read more here
Locky Ransomware
Researchers are seeing an enormous spam campaign that is diffusing the Locky Ransomware by means of JavaScript attachments. Usually, less than 2% of Spam contains malware however there has been a recent increase to 18%.
Read more here
SAP
SAP has released patches for 28 vulnerabilities in a number of its products. These ranged from cross site scripting issues, information disclosure issues, authorization checks to mention just a couple.
Read more here
Samsung
Samsung urges its Windows laptop users to download a fix for the MITM vulnerability. The vulnerability was in the Samsung Software Update Tool and could allow an attacker to download files to the machine and then take complete control of the system.
Read more here
BIND
The ISC released updates for BIND to fix three denial of service DoS high severity vulnerabilities. They are related to the pardin of DName records, control channel input handling and cookie options being used to terminate named.
Read more here
Opinions expressed by DZone contributors are their own.
Comments