Some recently discovered threats and vulnerabilities lead today's news. Palo Alto Networks' Unit 42 has determined that new, aggressive adware is abusing the popular open-source Android plug-in frameworks, DroidPlugin and VirtualApp. Users' private data are at risk if they operate in these environments.
ICS security shop Dragos reports finding malware disguised as Siemens firmware infecting some ten industrial plants. The infestation has been quietly active for about four years.
According to Netskope, a new strain of macro-based malware affecting Microsoft Office is now cloud-based. Default Office installations disable macros, so the malware purveyors seek to induce their targets to enable macros in the documents they use as vectors.
Enterprises are encouraged to apply the most recent SAP patches: ERPScan has demonstrated a proof-of-concept remote code execution exploit for the SAP graphic user interface.
While this attack technique hasn't been observed in the wild, Cybellum researchers describe an escapade they're calling "Double Agent." Double Agent uses Microsoft's Application Verifier, loading its own verifier DLL in place of the one provided by Microsoft. Double Agent, as demonstrated by Cybellum, can subvert anti-virus software and either silence them or turn them into attack mechanisms. Potentially affected AV vendors have either verified that their products aren't vulnerable, patched them, or are at work on fixes.
In industry news, GoDaddy acquires security firm Sucuri.
The US considers indicting North Korean hackers in the Bangladesh Bank SWIFT fraud case.
Heard of fake news? Here's another fake thing to worry about: apparently catphish are refereeing scientific journals.