This Week in Security: KeRanger, Android, Adobe, Firefox, Chrome, SWIFT, Java, ISIS, Libotr

DZone 's Guide to

This Week in Security: KeRanger, Android, Adobe, Firefox, Chrome, SWIFT, Java, ISIS, Libotr

Check out the latest security happenings, from KeRanger, a new Ransomeware for Mac bypass, to Google Android security, and a Java patch issue.

· Performance Zone ·
Free Resource

This week there has been a significant amount going on in the security arena. Here are some of the more important goings on.

KeRanger Mac Ransomware

KeRanger a new Ransomware for Mac bypasses gatekeeper by piggybacking on an open source BitTorrent client called Transmission that has been signed with a valid developers certificate.

Read more here

Google Android Security Update

Google have this week released an update to fix 16 vulnerabilities, mostly related to remote code execution in the operating systems built in media server.

Read more here


This week Adobe has released patches for Digital Editions, Acrobat, Reader and Flash

Read more here


Microsoft has this week released 13 bulletins which addressed 44 vulnerabilities of which 6 bulletins were critical.

Read more here

Mozilla Firefox

Mozilla has released Firefox 45 this week which includes fixes for 23 security advisories of which 9 were critical.

Read more here

Chrome 49

Chrome 49 was released this week which addresses three critical security problems two were related to the rendering engine and one is in the PDF library used by the browser.

Read more here


A bank robbery was I can’t really say foiled but, at least, stopped when someone at Deutsch Bank detected a spelling mistake on a SWIFT transaction and asked for clarification. Turns out the modern day Bonnie and Clyde had already made off with 80M USD. They were stopped from making off with the other 850M USD that was planned, though.

Read more here


A patch released two years ago for a serious security issue in the Java sandbox has been found to be easy to bypass.

Read more here


Seems like there is some descent in the ranks of ISIS, a member of ISIS defected this week taking with him a USB key containing the names of 22K members which he promptly handed over to the media and is now in the hands of the authorities. It also contained a file called martyrs with the names of potential suicide attackers, all seems a little too easy by my way of thinking.

Read more here and here


The Libotr library has exposed a number of Internet messaging applications to buffer overflow attacks. The library is used for encryption of communications and can be found in Pidgin, Adium and ChatSecure.

Read more here

Locky Ransomware

Researchers are seeing an enormous spam campaign that is diffusing the Locky Ransomware by means of JavaScript attachments. Usually, less than 2% of Spam contains malware however there has been a recent increase to 18%.

Read more here


SAP has released patches for 28 vulnerabilities in a number of its products. These ranged from cross site scripting issues, information disclosure issues, authorization checks to mention just a couple.

Read more here


Samsung urges its Windows laptop users to download a fix for the MITM vulnerability. The vulnerability was in the Samsung Software Update Tool and could allow an attacker to download files to the machine and then take complete control of the system.

Read more here


The ISC released updates for BIND to fix three denial of service DoS high severity vulnerabilities. They are related to the pardin of DName records, control channel input handling and cookie options being used to terminate named.

Read more here

adobe, android, chrome, firefox, java, microsoft, ransomware, sap

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}