Security Alerts & News
by Tymoteusz A. Góral

#36 Waledac takes pot shot with pump and dump stock spam
In a recent analysis of Waledac (W32.Waledac) activity, Symantec observed a pump and dump stock spam campaign that potentially led to a 100 percent gain in the targeted stock price. The targeted stock in this case was Indie Growers Association (stock symbol: UPOT), a company linked to the cultivation of marijuana and carefully chosen for its historical skyrocketing stock price.
#35 A Case of Too Much Information: Ransomware Code Shared Publicly for “Educational Purposes”, Used Maliciously Anyway
In mid-August 2015, in an attempt to educate people, Turkish security group Otku Sen published an open source code for ransomware dubbed “Hidden Tear” and made it available for everyone at github. Hidden Tear uses AES encryption and can evade common AV platforms because it’s a new malware. Otku Sen also published a short video demonstrating how ransomware worked.
#34 Cisco patched critical bugs; would allow device takeover
Cisco patched multiple vulnerabilities affecting its wireless LAN Controller software, Identity Services Engine software, and Aironet access points. Two of the vulnerabilities are considered critical – including a bug that the United States Computer Emergency Readiness Team (US-CERT) warned could be exploited by a remote attacker to take over devices and an access point hardcoded password.
#33 Ransomware a Threat to Cloud Services, Too
Ransomware — malicious software that encrypts the victim’s files and holds them hostage unless and until the victim pays a ransom in Bitcoin — has emerged as a potent and increasingly common threat online. But many Internet users are unaware that ransomware also can just as easily seize control over files stored on cloud services.
#32 Bug that can leak crypto keys just fixed in widely used OpenSSH
A critical bug that can leak secret cryptographic keys has just just been fixed in OpenSSH, one of the more widely used implementations of the secure shell (SSH) protocol.
#31 NETFLIX: Evolving Proxy Detection as a Global Service
David Fullagar, Vice President of Content Delivery Architecture at Netflix says: We will continue to respect and enforce content licensing by geographic location.
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12