Security Alerts & News
by Tymoteusz A. Góral

History
#1332 How the NSA snooped on encrypted Internet traffic for a decade
In a revelation that shows how the National Security Agency was able to systematically spy on many Cisco Systems customers for the better part of a decade, researchers have uncovered an attack that remotely extracts decryption keys from the company's now-decommissioned line of PIX firewalls.

The discovery is significant because the attack code, dubbed BenignCertain, worked on PIX versions Cisco released in 2002 and supported through 2009. Even after Cisco stopped providing PIX bug fixes in July 2009, the company continued offering limited service and support for the product for an additional four years. Unless PIX customers took special precautions, virtually all of them were vulnerable to attacks that surreptitiously eavesdropped on their VPN traffic. Beyond allowing attackers to snoop on encrypted VPN traffic, the key extraction also makes it possible to gain full access to a vulnerable network by posing as a remote user.
Read more
#1336 Development version of the Hitler-ransomware discovered
#1335 Can good encryption be a double-edged sword for security in Australia?
#1334 Rex Linux trojan can launch DDoS attacks, lock websites, mine for cryptocurrency
#1333 Anti-Google research group in Washington is funded by Oracle
#1332 How the NSA snooped on encrypted Internet traffic for a decade
#1331 Multiple vulnerabilities identified in ‘utterly broken’ BHU routers
#1330 New Brazilian banking trojan uses Windows PowerShell utility
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12