Security Alerts & News
by Tymoteusz A. Góral

History
#254 HTTP GZIP leaks data on the general location of Tor websites
Jose Carlos Norte, developer for the eyeOS virtual desktop project, has discovered an obscure setting in the HTTP GZIP compression format that may help authorities identify the timezone and general location of a Tor-based server.
#253 Linux kernel bug delivers corrupt TCP/IP data to Mesos, Kubernetes, Docker containers
The Linux Kernel has a bug that causes containers that use veth devices for network routing (such as Docker on IPv6, Kubernetes, Google Container Engine, and Mesos) to not check TCP checksums.
#252 Source code for Android banking malware leaked
Source code for the potent Android malware GM Bot has been leaked to underground forums, according to IBM security experts. The impact, IBM X-Force threat intelligence says, will be an uptick in GM Bot variants and the number of attacks targeting financial applications on Android-based devices.
#251 Australia is the leading country where users are attacked by mobile banking Trojans
The modifications of Acecard were written by the same cybercriminals who earlier created Backdoor.AndroidOS.Torec.a, the first TOR Trojan for Android, as well as Trojan-Ransom.AndroidOS.Pletor.a, the first encryptor for mobile devices. All three Trojans run on Android.
#250 Russian bank employees received fake job offers in targeted email attack Trojan.Ratopak
Employees at six Russian banks were sent spoofed emails delivering Trojan.Ratopak in a narrow, targeted attack.
#249 MWC 2016: Mastercard rolls out selfie and fingerprints ID checks
Credit card firm Mastercard has confirmed it will accept selfie photos and fingerprints as an alternative to passwords when verifying IDs for online payments.
#248 Web Authentication Working Group will finally kill passwords
The W3C, which creates standards that guide the future of the Web, has formed a new group with one goal: remove the need for passwords entirely by creating a better way to log in.
#247 Beware of Backdoored Linux Mint ISOs
Yesterday a blog post on “The Linux Mint Blog” caught our attention. Apparently criminals managed to compromise a vulnerable instance of WordPress which the project used to run their website. The attackers modified download links pointing to backdoored ISO files of Linux Mint 17.3 Cinnamon edition. This “should only impact people who downloaded this edition on February 20th”, the author of the blog stated.
#246 Google AdWords switching to 4 ads on top, none on sidebar
It seems that Google is rolling out a change to Google AdWords that sees 4 ads at the top of the search results, none on the sidebar at all, and an additional 3 ads at the bottom of the search results. This replaces the usual mix of top, bottom and sidebar-heavy AdWords ads, depending on the specific search result.
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12