Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

This Week in Security: KeRanger, Android, Adobe, Firefox, Chrome, SWIFT, Java, ISIS, Libotr

DZone's Guide to

This Week in Security: KeRanger, Android, Adobe, Firefox, Chrome, SWIFT, Java, ISIS, Libotr

Check out the latest security happenings, from KeRanger, a new Ransomeware for Mac bypass, to Google Android security, and a Java patch issue.

· Performance Zone
Free Resource

Evolve your approach to Application Performance Monitoring by adopting five best practices that are outlined and explored in this e-book, brought to you in partnership with BMC.

This week there has been a significant amount going on in the security arena. Here are some of the more important goings on.

KeRanger Mac Ransomware

KeRanger a new Ransomware for Mac bypasses gatekeeper by piggybacking on an open source BitTorrent client called Transmission that has been signed with a valid developers certificate.

Read more here

Google Android Security Update

Google have this week released an update to fix 16 vulnerabilities, mostly related to remote code execution in the operating systems built in media server.

Read more here

Adobe

This week Adobe has released patches for Digital Editions, Acrobat, Reader and Flash

Read more here

Microsoft

Microsoft has this week released 13 bulletins which addressed 44 vulnerabilities of which 6 bulletins were critical.

Read more here

Mozilla Firefox

Mozilla has released Firefox 45 this week which includes fixes for 23 security advisories of which 9 were critical.

Read more here

Chrome 49

Chrome 49 was released this week which addresses three critical security problems two were related to the rendering engine and one is in the PDF library used by the browser.

Read more here

SWIFT Heist

A bank robbery was I can’t really say foiled but, at least, stopped when someone at Deutsch Bank detected a spelling mistake on a SWIFT transaction and asked for clarification. Turns out the modern day Bonnie and Clyde had already made off with 80M USD. They were stopped from making off with the other 850M USD that was planned, though.

Read more here

Java

A patch released two years ago for a serious security issue in the Java sandbox has been found to be easy to bypass.

Read more here

ISIS

Seems like there is some descent in the ranks of ISIS, a member of ISIS defected this week taking with him a USB key containing the names of 22K members which he promptly handed over to the media and is now in the hands of the authorities. It also contained a file called martyrs with the names of potential suicide attackers, all seems a little too easy by my way of thinking.

Read more here and here

Labour

The Libotr library has exposed a number of Internet messaging applications to buffer overflow attacks. The library is used for encryption of communications and can be found in Pidgin, Adium and ChatSecure.

Read more here

Locky Ransomware

Researchers are seeing an enormous spam campaign that is diffusing the Locky Ransomware by means of JavaScript attachments. Usually, less than 2% of Spam contains malware however there has been a recent increase to 18%.

Read more here

SAP

SAP has released patches for 28 vulnerabilities in a number of its products. These ranged from cross site scripting issues, information disclosure issues, authorization checks to mention just a couple.

Read more here

Samsung

Samsung urges its Windows laptop users to download a fix for the MITM vulnerability. The vulnerability was in the Samsung Software Update Tool and could allow an attacker to download files to the machine and then take complete control of the system.

Read more here

BIND

The ISC released updates for BIND to fix three denial of service DoS high severity vulnerabilities. They are related to the pardin of DName records, control channel input handling and cookie options being used to terminate named.

Read more here

Learn tips and best practices for optimizing your capacity management strategy with the Market Guide for Capacity Management, brought to you in partnership with BMC.

Topics:
ransomware ,android ,adobe ,microsoft ,firefox ,java ,chrome ,sap

Opinions expressed by DZone contributors are their own.

THE DZONE NEWSLETTER

Dev Resources & Solutions Straight to Your Inbox

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.

X

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}