Reader@mReotEch.com

Latest Tech Feeds to Keep You Updated…

Threat Roundup for Sept 14 – 21

Today, as we do every week, Talos is giving you a glimpse into the most prevalent threats we’ve observed this week — covering the dates between Sept. 14 and 21....

Two big fakes & two big flaws | Avast

Updated:  The DNC cyberattack was deemed to be a simulated test by an unknown third party.  This has been removed from our security roundup for the week.

Security flaws haunt Ghostscript

For the third year in a row, researchers have found exploitable flaws in the open source software Ghostscript, a PDF and PostScript interpreter used by hundreds of programs on all major platforms. While the software includes a sandbox protection option, researchers have now identified a series of sandbox bypass vulnerabilities. For a bad actor to take advantage of the flaw, he or she would only need to send their victim a specially modified file in a format that triggers interaction with Ghostscript (PDF, PS, EPS, or XPS). Doing so would grant the malware’s C&C remote code execution privileges on the infected system, thereby allowing them to essentially take it over. No patch is available yet, so experts are advising that Linux distributions disable PS, EPS, PDF, and XPS coders in ImageMagick’s policy.xml, as the image processing library seems to be the most affected project by the flaw.

The Essential Guide for Mac Security | Avast

Macs are beautiful machines, in both appearance and performance. The sleek designs, intuitive OS, trend-setting apps, and, yes, the anti-malware security built into the platform, make them among the most cherished items possessed by their owners.

A game that cryptojacks, a town under seige, and more data breaches | Avast

Steam game found to be secretly cryptomining

“Malicious cryptomining has become so popular among cybercriminals that it has earned its own name: cryptojacking,” states Avast security evangelist Luis Corrons. “It is one of the most popular ways to make easy money nowadays, and we have seen in the last months how thousands of vulnerable websites have been hacked to make their visitors cryptomine, or using ads to push cryptomining JavaScript.”

SamSam ransomware can shut your city down | Avast

SamSam ransomware was first spotted in the digital wild back in 2015. Since then, its purveyors have racked up approximately $6M in extorted ransom money, experts surmise, and its diabolical reign shows no sign of slowing. The malware continues to be improved upon to make it sneakier, with its newest version encrypting files late at night, hoping to infect the system when the user is away from the screen. Additionally, the SamSam attacks all seem strategic and deliberate, as opposed to automated outbreaks, making them some of the most feared and destructive cyberattacks active today.

Scroll Up