November is the second-to-last Patch Tuesday of 2016, and it brings a slightly higher than typical number of bulletins: six Critical bulletins and eight Important bulletins. The 8th is the earliest date that Patch Tuesday can take place in a month; December’s Patch Tuesday (and the last of 2016) takes place in exactly five weeks. Among the items fixed today was the zero-day vulnerability in Windows that was used in the same attacks at the Adobe Flash Player zero-day in late October.Read More
A new exploit kit has arrived which is spreading different versions of Locky ransomware. We spotted two cases of this new threat, which is based on the earlier Sundown exploit kit. Sundown rose to prominence (together with Rig) after the then-dominant Neutrino exploit kit was neutralized.
Called Bizarro Sundown, the first version was spotted on October 5 with a second sighting two weeks later, on October 19. Users in Taiwan and Korea made up more than half of the victims of this threat. Bizarro Sundown shares some features with its Sundown predecessor but added anti-analysis features. The October 19 attack also changed its URL format to closely resemble legitimate web advertisements. Both versions were used exclusively by the ShadowGate/WordsJS campaign.Read More
Mobile threats are trending upward, with vulnerability exploits gaining traction. The silver lining? More of these vulnerabilities are also disclosed, analyzed and detected. This helps better mitigate Android devices from zero-days and malware, enabling OEMs/vendors to more proactively respond to these threats. This is echoed by our continuous initiatives on Android vulnerability research: from June to August 2016, for instance, we’ve discovered and disclosed 13 vulnerabilities to Google. Their real-world impact ranges from battery drainage and unauthorized capture of photos, videos, and audio recordings, to system data leakage and remote control. This is on top of 16 other security flaws we’ve uncovered that were cited in Android/Google’s security bulletins from January to September this year.Read More
Exploiting CVE-2016-3298 enables attackers to check for specific antivirus (AV) software installed in the system in order to avoid AV detection and threat research/analysis. This sounds innocuous, but determining if the system is unsecure eases—and even automates—the undertaking of sneaking malware into it.Read More