(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
ImageMagick CVE-2017-5511 Local Heap Buffer Overflow Vulnerability
ImageMagick CVE-2017-5510 Local Denial of Service Vulnerability
ImageMagick CVE-2017-5507 Local Information Disclosure Vulnerability

(credit: Aurich Lawson)

Google Play, the official market for Android apps, was caught hosting a ransomware app that infected at least one real-world handset, security researchers said Tuesday.

The ransomware was dubbed Charger and was hidden inside an app called EnergyRescue, according to a blog post published by security firm Check Point Software. Once installed, Charger stole SMS contacts and prompted unsuspecting users to grant it all-powerful administrator rights. If users clicked OK, the malicious app locked the device and displayed the following message:

You need to pay for us, otherwise we will sell portion of your personal information on black market every 30 minutes. WE GIVE 100% GUARANTEE THAT ALL FILES WILL RESTORE AFTER WE RECEIVE PAYMENT. WE WILL UNLOCK THE MOBILE DEVICE AND DELETE ALL YOUR DATA FROM OUR SERVER! TURNING OFF YOUR PHONE IS MEANINGLESS, ALL YOUR DATA IS ALREADY STORED ON OUR SERVERS! WE STILL CAN SELLING IT FOR SPAM, FAKE, BANK CRIME etc… We collect and download all of your personal data. All information about your social networks, Bank accounts, Credit Cards. We collect all data about your friends and family.

The app sought 0.2 Bitcoin, currently worth about $180. In an e-mail, Check Point researchers said the app was available in Google Play for four days and had only a "handful" of downloads. "We believe the attackers only wanted to test the waters and not spread it yet," the researchers told Ars. The infection was detected by Check Point's mobile malware software, which the company sells to businesses. Google officials have since removed the app and have thanked Check Point for raising awareness of the issue.

Read 3 remaining paragraphs | Comments

PHP 'ext/pcre/php_pcre.c' Information Disclosure Vulnerability
Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
Cisco Security Advisory: Cisco WebEx Browser Extension Remote Code Execution Vulnerability
Apache Tomcat CVE-2016-8735 Remote Code Execution Vulnerability
Apple iOS and watchOS CVE-2017-2352 Security Bypass Vulnerability
Apple iOS/tvOS/watchOS CVE-2017-2360 Arbitray Code Execution Vulnerability
WebKit CVE-2017-2363 Cross-Origin Security Bypass Vulnerability
WebKit Multiple Security Vulnerabilities
Novell Open Enterprise Server CVE-2017-5182 Directory Traversal Vulnerability
libbpg CVE-2016-8710 Integer Overflow Vulnerability
eClinicalWorks Patient Portal CVE-2017-5569 SQL Injection Vulnerability
[security bulletin] HPSBGN03690 rev.1 - HPE Real User Monitor (RUM), Remote Disclosure of Information
eClinicalWorks Patient Portal CVE-2017-5570 SQL Injection Vulnerability
SAP Afaria Multiple SQL Injection Vulnerabilities
Cisco WebEx Extension 'magic URL' Remote Command Execution Vulnerability
phpMyAdmin PMASA-2017-7 Denial of Service Vulnerability
WebKit Multiple Memory Corruption Vulnerabilities
Apple macOS/watchOS/iOS/tvOS Multiple Security Vulnerabilities
Apple iOS/WatchOS/tvOS/Safari/iTunes/iCloud CVE-2016-7589 Memory Corruption Vulnerability
Apple iOS/macOS/tvOS/watchOS Multiple Security Vulnerabilities
phpMyAdmin PMASA-2017-4 Security Bypass Vulnerability
WebKit CVE-2017-2364 Cross-Origin Security Bypass Vulnerability
CVE-2017-3241 - [ERPSCAN-17-006] Oracle OpenJDK - Java Serialization DoS
[ERPSCAN-17-005] Oracle PeopleSoft - XSS vulnerability CVE-2017-3300
Apple macOS APPLE-SA-2017-01-23-2 Multiple Security Vulnerabilities
Apple Safari CVE-2017-2359 Address Bar Spoofing Vulnerability
Apple iOS APPLE-SA-2017-01-23-1 Denial of Service and Security Bypass Vulnerabilities
EMC Avamar Data Store and Avamar Virtual Edition Local Privilege Escalation Vulnerability
phpMyAdmin PMASA-2017-3 Denial of Service Vulnerability
phpMyAdmin PMASA-2017-1 Open Redirection Vulnerability
[slackware-security] mozilla-firefox (SSA:2017-023-01)
EMC RSA Security Analytics CVE-2016-8215 Unspecified Cross Site Scripting Vulnerability
APPLE-SA-2017-01-23-7 iTunes for Windows 12.5.5
Internet Storm Center Infocon Status