All posts by 007admin

Panda Security

Charger, the Most Costly Ransomware to Smartphone Users

Ransomware is evolving and becoming increasingly sophisticated, posing a greater threat to companies and private users alike. This malicious software has shown that it can propagate by using the viral mechanisms of a meme, that it can directly attack corporate servers, or even camouflage itself in false resumes. And now it has made its way to other devices, namely, our smartphones.

It is now the main threat to mobile devices, until now considered to be relatively virus-free compared with their PC counterparts. Recently, a new ransomware was discovered that goes by the name of Charger, which copies all the data from your agenda, text messages, etc., and seeks admin permissions from the devices owner. If the unwary user accepts the request, the malicious code begins its attack. A message warns the owner that their device has been blocked and their stolen personal data will be sold on the dark web unless they proceed to pay a ransom.

The Most Costly Ransom

Charger’s victims will have to pay 0.2 bitcoins (at about $1000 a bitcoin, it comes out to a round $200) to, supposedly, unblock their device. It may not be the first ransomware to affect smartphones, but never before has this figure been so high.

Also new is its means of spreading.  Until now, most cyberattacks targeting mobile phones found their gateway in applications downloaded outside official app stores. With Charger it’s different. Charger attacks Android devices through a power saver app that could be downloaded from Google Play, Android’s official app store.

It is vital for employees to be aware of the dangers of downloading apps from unverified sources. They should also know that it’s not such a great idea to store sensitive corporate data on their computers or mobile devices without taking the proper security precautions. Keeping passwords or confidential documents on an unprotected device could end up giving cybercriminals just what they need to access corporate platforms.

We’ve said it before, and we’ll say it again: new attacks like these come about every day and can take anyone by surprise, be they casual users or security experts. The unpredictable nature of attacks like Charger make an advanced cybersecurity solution indispensable. Perimeter-based security solutions are simply not enough anymore.

 

The post Charger, the Most Costly Ransomware to Smartphone Users appeared first on Panda Security Mediacenter.

Redhat

RHSA-2017:0847-1: Moderate: curl security update

Red Hat Enterprise Linux: An update for curl is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact of
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
CVE-2017-2628

Ubuntu

USN-3247-1: AppArmor vulnerability

Ubuntu Security Notice USN-3247-1

28th March, 2017

apparmor vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 16.10
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary

AppArmor could remove the confinement from some programs.

Software description

  • apparmor
    – Linux security system

Details

Stéphane Graber discovered that AppArmor incorrectly unloaded some profiles
when restarted or upgraded, contrary to expected behavior.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 16.10:
apparmor

2.10.95-4ubuntu5.3
Ubuntu 16.04 LTS:
apparmor

2.10.95-0ubuntu2.6
Ubuntu 14.04 LTS:
apparmor

2.10.95-0ubuntu2.6~14.04.1
Ubuntu 12.04 LTS:
apparmor

2.7.102-0ubuntu3.11

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

A new utility, called aa-remove-unknown, was added to assist with profiles that
would have been previously unloaded when AppArmor was restarted or upgraded.

References

CVE-2017-6507

Checkpoint

Microsoft IIS WebDAV ScStoragePathFromUrl Buffer Overflow (CVE-2017-7269)

A buffer overflow exists in Microsoft Internet Information Services 6.0. The vulnerability is due to improper validation of a long header in HTTP request. A remote attacker could exploit this vulnerability by sending a crafted request over a network to the vulnerable application. Successful exploitation could result in denial of service conditions or execute arbitrary code on the target machine.

NVD

CVE-2017-7298

In Moodle 3.2.2+, there is XSS in the Course summary filter of the “Add a new course” page, as demonstrated by a crafted attribute of an SVG element.