Adobe finds, patches ANOTHER exploited Flash 0day

(via TheRegister.co.uk)

Another exploited zero-day vulnerability has been uncovered and patched in Adobe Flash, 24 hours after a second flaw in the popular web trinket was found being used in attack kits.

(Full Article)

A new ransomware called CoinVault has been released

(via Bleeping Computer)

Another particularly nasty virus that blackmails you for your own files:

CoinVault is a new ransomware from the same family as CryptoGraphic Locker. Once infected, CoinVault will encrypt all of your data files and then demand a .7 bitcoin ransom to decrypt your files. If you do not pay the ransom within 24 hours, the ransom price will increase.

When you become infected with CoinVault it will configure itself to start automatically when you login to Windows by setting an autostart in the Registry called Vault. The application will then scan your drives for data files and encrypt any that are detected. It will store the path to each file it encrypts in the %Temp%\CoinVaultFileList.txt file.

(Forum Post)

Adobe, Microsoft Issue Critical Security Fixes

(via Krebs On Security)

Adobe and Microsoft today each issued security updates to fix critical vulnerabilities in their software. Microsoft pushed 14 patches to address problems in Windows, Office, Internet Explorer and .NET, among other products. Separately, Adobe issued an update for its Flash Player software that corrects at least 18 security issues.

(Full Article)

Potentially catastrophic bug bites all versions of Windows. Patch now

(via arstechnica)

Microsoft has disclosed a potentially catastrophic vulnerability in virtually all versions of Windows. People operating Windows systems, particularly those who run websites, should immediately install a patch Microsoft released Tuesday morning.

(Full Article)

Masque Attack — New iOS Vulnerability Allows Hackers to Replace Apps with Malware

(via The Hacker News)

A security flaw in Apple’s mobile iOS operating system has made most iPhones and iPads vulnerable to cyber attacks by hackers seeking access to sensitive data and control of their devices, security researchers warned.
The details about this new vulnerability was published by the Cyber security firm FireEye on its blog on Monday, saying the flaw allows hackers to access devices by fooling users to download and install malicious iOS applications on their iPhone or iPad via tainted text messages, emails and Web links.

(Full Article)

Koler Android Ransomware Learns to Spread via SMS

(via The Hacker News)

Users of Android operating system are warned of a new variant of Android malware Koler that spreads itself via text message and holds the victim’s infected mobile phone hostage until a ransom is paid.
Researchers observed the Koler Android ransomware Trojan, at the very first time, in May when the Trojan was distributed through certain pornographic websites under the guise of legitimate apps. It locks the victim’s mobile screen and then demands money from users with fake notifications from law enforcement agencies accusing users of viewing and storing child pornography.

 

(Full Article)

Ad-borne Cryptowall ransomware is on the loose

(via TheRegister)

Security watchers are warning of a surge in CryptoWall ransomware victims this month that will coincide with a campaign to spread a new variant of the malware though advertising networks.

Security researchers at Proofpoint warn that a new variant of CryptoWall recently spread through malicious banner ads. Surfers ran a risk of being faced with ransomware purely by visiting one of the impacted sites, which included various properties in the Yahoo!, Match.com, and AOL domains, among others.

(Full Article)

Microsoft PowerPoint Vulnerable to Zero-Day Attack

(via The Hacker News)

(Full Article)