Security Alerts & News
by Tymoteusz A. Góral

History
#345 Whole lotta onions: number of Tor hidden sites spikes — along with paranoia
In recent weeks, the number of "hidden services"—usually Web servers and other Internet services accessible by a ".onion" address on the Tor anonymizing network—has risen dramatically. After experiencing an earlier spike in February, the number of hidden services tracked by Tor spiked to 114,000 onion addresses on March 1. They then dropped just as quickly, falling to just below 70,000 hidden services seen by Tor on Thursday—still twice the number that Tor had held steady at
#344 Online break-in forces bank to tighten security
Two major high street banks will change security procedures after journalists from BBC Radio 4's You and Yours programme broke into an account online and removed money.
#343 How hackers attacked Ukraine's power grid: implications for industrial IoT security
The initial breach of the Ukraine power grid was -- as so often in cyberattacks -- down to the human factor: spear-phishing and social engineering were used to gain entry to the network. Once inside, the attackers exploited the fact that operational system.
#342 Bitcoin's nightmare scenario has come to pass
This week the dire predictions came to pass, as the network reached its capacity, causing transactions around the world to be massively delayed, and in some cases to fail completely. The average time to confirm a transaction has ballooned from 10 minutes to 43 minutes. Users are left confused and shops that once accepted Bitcoin are dropping out.
#341 Dirt-cheap DDoS: The rock-bottom cost of mounting crippling 400Gbps attacks
You can hire Russian attackers to knock out a website for two days for just $173, according to new research by Arbor Networks.
#340 Attack on Zygote: a new twist in the evolution of mobile threats
Trojans obtaining unauthorized superuser privileges to install legitimate apps and display advertising would eventually start installing malware. And worst fears have been realized: rooting malware has begun spreading the most sophisticated mobile Trojans we have ever seen.
#339 Macro malware strides in new direction, uses forms to store its code
The resurgence and continued prevalence of macro malware could be linked to several factors, one of which is their ability to bypass traditional antimalware solutions and sandboxing technologies. Another factor is the continuous enhancements in their routines: just recently, we observe that the macro malware related to DRIDEX and the latest crypto-ransomware variant, Locky ransomware, used Form object in macros to obfuscate the malicious code. With this improvement, it could further aid cybercri
#338 New attack steals secret crypto keys from Android and iOS phones
Researchers have devised an attack on Android and iOS devices that successfully steals cryptographic keys used to protect Bitcoin wallets, Apple Pay accounts, and other high-value assets.
#337 Cisco issues critical patch for Nexus switches to remove hardcoded credentials
Cisco Systems issued a “critical” patch on Wednesday for its Nexus 3000 and 3500 series switches that allow remote attackers to access default account and static password information on affected hardware. The vulnerability could allow an unauthenticated user to log in to the affected system with the privileges of a root user.
#336 Mozilla bans Firefox add-on that tampered with security settings
Mozilla developers have taken steps to ban the popular YouTube Unblocker add-on after it was caught altering browser security settings and even installing a second add-on without the user's consent.
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12