Security Alerts & News
by Tymoteusz A. Góral

History
#299 While it defies US government, Apple abides by China's orders — and reaps big rewards
Since the iPhone was officially introduced in China seven years ago, Apple has overcome a national security backlash there and has censored apps that wouldn't pass muster with Chinese authorities. It has moved local user data onto servers operated by the state-owned China Telecom and submits to security audits by Chinese authorities.
#298 Angler Exploit Kit learns new tricks, finds home on popular website
Karl Sigler, a Trustwave SpiderLabs researcher, told Threatpost his lab found the Anger Exploit Kit on a popular website for the second time in a week, exposing just under million visitors monthly to possible TeslaCrypt ransomware infections. Sigler said Trustwave researchers spotted the exploit on Extendoffice[.]com, a site that sells software for customizing Microsoft Office software applications.
#297 Tor Project accuses CloudFlare of mass surveillance, sabotaging Tor traffic
The issue, raised by a Tor Project member, revolves around a series of measures that CloudFlare implemented to fight malicious traffic coming from the Tor network. These measures are also affecting legitimate Tor users.
#296 How hackers are making the worst-case security scenario ever worse
Cybercriminals and hackers are becoming more disruptive, increasing engaging in cyberattacks with aims ranging from destroying businesses, to stealing data to taunting executives while holding them to ransom.
#295 Google envisages new hard disk format design for data centres
Google has made a call for technology manufacturers to consider developing new hard drives, intended primarily for data centre use, which abandon the traditional 3.5” dimension format in favour of taller designs.
#294 Hackers behind Ukraine power cuts, says US report
The December 2015 incident is thought to be the first known successful hack aimed at utilities. The report, written by the Department of Homeland Security, is based on interviews with staff at Ukrainian organisations that dealt with the aftermath of the attack. The DHS report did not name the suspected perpetrators.
#293 SocioSpyder: the tool bought by the FBI to monitor social media - Facebook Twitter YouTube Google+ LinkedIn
By examining public records, Motherboard has found one of the pieces of software that the Federal Bureau of Investigation (FBI) has purchased for gleaning information from sites such as Facebook, Twitter, YouTube and Google+. Motherboard also found public LinkedIn profiles for intelligence analysts which seem to reaffirm the agency's use of the tool.
#292 FighterPOS PoS malware gets worm routine
FighterPOS, a point-of-sale (PoS) malware that was used in a one-man cybercriminal operation to steal over 22,000 unique credit card numbers and affected more than 100 PoS terminals in Brazil and other countries.
#291 Porn clicker trojans keep flooding Google Play
ESET researchers have found 343 malicious porn clicker trojans, which ESET detects as Android/Clicker, on Google Play over the last seven months – and their numbers keep rising. In one of the largest malware campaigns on the Google Play Store yet, criminals continue to upload further variants of these malicious apps to the official app store for the Android mobile platform.
#290 Breached Credit Union comes out of its shell
It’s not clear yet whether the hackers who hit the credit union’s site did anything other than install the backdoor, but Kuenzler wrote that in his case the intruders indeed used their access to relay spam. The attackers could just have easily booby-trapped the credit union’s site to foist malicious software disguised as a security update when customers tried to log in at the site.
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12