Security Alerts & News
by Tymoteusz A. Góral

History
#165 Symantec: Cybercriminals target social networks to do their dirty work
In 2014, Symantec observed a 70 percent increase in scams distributed via social media, which often spreads rapidly because people are more likely to click something posted by a friend. Criminals hijacked the power of “social proof” – the idea that we attribute more value to something if it’s shared or approved by others.
#164 Windows 10 updates finally get some release notes
Until now, it has been hard to know exactly what each update and upgrade contains. While security fixes were enumerated—as they have been for Patch Tuesday for many years—information about the non-security portion of the updates was scant. Microsoft's public release notes for each update package were virtually non-existent—and this in spite of the company producing internal documentation to tell its OEM partners what was changing. After pushback from IT departments and end users alike, the compa
#163 Huge number of Apple Mac apps vulnerable to hijacking, and a fix is elusive
The vulnerability is the result of apps that use a vulnerable version of Sparkle along with an unencrypted HTTP channel to receive data from update servers. It's the result of functions built into the WebKit rendering engine that allows JavaScript execution. As a result, attackers with the ability to manipulate the traffic passing between the end user and the server—say, an adversary on the same Wi-Fi network—can inject malicious code into the communication. A security engineer who goes by the n
#162 Google AdWords display ads going all-HTML, will ban Flash in 2017
tarting on June 30, 2016, Google will no longer accept new Flash display ads from advertisers. On January 2, 2017, even old Flash ads will be blocked from appearing, making Google's ad network mostly Flash-free. The one exception seems to be video ads, as Google notes that "video ads built in Flash will not be impacted at this time."
#161 NCR: Network cable card skimming attacks in the US
NCR has received reliable reports of NCR and Diebold ATMs being attacked through the use of external skimming devices. These devices are plugged into the ATM network cables and intercept customer card data. Additional devices are attached to the ATM to capture the PIN. A keyboard overlay was used to attack an NCR ATM, a concealed camera was used on the Diebold ATM. PIN data is then likely transmitted wirelessly to the skimming device.
#159 Poseidon APT Group identified as first portuguese-speaking campaign
Experts with Kaspersky Lab’s Global Research and Analysis Team, who today at the Kaspersky Lab Security Analyst Summit disclosed research on the group and the malware it spreads, say there’s enough evidence surrounding the attacks to suggest it’s the first ever Portuguese-speaking attack group.
#158 Check your Google security and get 2 free GBs of Google Drive for free
A quick and easy security checkup for 2GBs of free cloud storage.
#157 Java “RAT-as-a-Service” backdoor openly sold through website to scammers
A family of Java-based malware that has given attackers a backdoor into Windows, Linux, Mac OS X, and Android devices since 2013 has risen from the dead once again as a "commercial" backdoor-as-a-service.
#156 Hack on DoJ and DHS downplayed
A hacker, or hacking group, published via Twitter what they said were records of 9,000 DHS employees. According to technology news site Motherboard, the hacker has said he will soon share the personal information of 20,000 DoJ employees, including staff at the FBI.
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12