Security Alerts & News
by Tymoteusz A. Góral

History
#335 PSA: Updated Apple certificate means old OSX installers don’t work anymore
There's one edge case for people who frequently troubleshoot and fix Macs, as pointed out by TidBits: old OS X installers downloaded from the Mac App Store before the certificate's expiration date will no longer work. This includes not just installers for El Capitan, but also downloaded installers for Yosemite, Mavericks, Mountain Lion, and Lion—every OS X installer issued using the Mac App Store. It also affects any USB install disks you've created using the downloaded installer.
#334 First step in cross-platform Trojan bankers from Brazil done
Brazilian cybercriminals have been “competing” with their Russian-speaking “colleagues” for a while in who makes more Trojan bankers and whose are most effective. A few days ago we found a new wave of different campaigns spreading the initial “Banloader” components in Jar (Java archive), which is very particular by its nature – it’s able to run on Linux, OS X, and of course Windows. Actually, it’s also able to run under certain circumstances even on mobile devices.
#333 Weak bank password policies leave 350 million vulnerable
In a study that looked at the password strength required to access website account for Wells Fargo, Capital One and 15 other banks, researchers found that 35 percent had significant weaknesses in their password policies, according to University of New Haven Cyber Forensic Research and Education Group.
#332 Amazon just removed encryption from the software powering Kindles, phones, and tablets
While Apple continues to resist a court order requiring it to help the FBI access a terrorist's phone, another major tech company just took a strange and unexpected step away from encryption.

Amazon has removed device encryption from the operating system that powers its Kindle e-reader, Fire Phone, Fire Tablet, and Fire TV devices.
#331 Time to pay attention: The Internet of Things is about to go mainstream
According to the firm's recent survey, Early Adopters of Internet of Things Poised to Make 2016 the Year of the Customer, the number of businesses planning to adopt some sort of IoT strategy is set to grow by 50 percent this year, a figure which would bring the overall total of businesses with some sort of IoT deployment to 43 percent.
#330 Businesses are still scared of reporting cyberattacks to the police
According to Cyber Security: Underpinning the Digital Economy, a report by the Institute of Directors and Barclays bank, companies are keeping quiet about being the victim of a cyberattack, even if their operations were badly affected by such an incident -- as figures suggest was the case for half of respondents.
#329 Operation Fingerprint: a look into several angler exploit kit malvertising campaigns (PDF)
Malicious advertising, also known as malvertising, has become the best method to distribute malware on a global scale with surgical precision. Simply put, malvertising is a means to expose innocent users visiting legitimate websites to malware. It uses a rogue advertisement (a banner ad) on the website to redirect the victim to a malicious payload, often delivered via an exploit kit.
#328 US bank hacker faces long jail term
A Turkish man alleged to have masterminded the theft of more than $55m (£39m) has pleaded guilty in a US court.
#327 OpenSSL operating with renewed vision two years after Heartbleed
Experts have stressed this week that DROWN is no Heartbleed, but at some point in the not too distant future, there’s going to be another major Internet vulnerability and developers at OpenSSL claim they’re battle tested.
#326 Gentle reminder at RSA: hacking back is a bad idea
Putting aside the illegality of hacking back for a second, there are many tentacles to such an action that not only put a company’s legal position and reputation at risk, but also threatens innocent third parties caught in the crossfire.
#325 Windows built-in PDF reader exposes edge browser to hacking
WinRT PDF, the default PDF reader for Windows 10, opens Edge users to a new series of attacks that are incredibly similar to how Flash, Java, and Acrobat exposed Web users for the past few years.
#324 UK: 'Trolls' face criminal prosecution for fake online profiles
Internet "trolls" could face criminal charges for creating fake profiles, according to guidance being considered for prosecutors in England and Wales.
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12