Security Alerts & News
by Tymoteusz A. Góral

History
#384 Firefox 45 fixes 40 vulnerabilities, 22 critical
Much like Google, which updated Chrome yesterday, Mozilla released a new version of Firefox on Tuesday, fixing 40 vulnerabilities in the browser.

The update, Firefox 45, included eight bulletins rated critical and patched a handful of serious use-after-free vulnerabilities and a pair of buffer overflow vulnerabilities.
#383 Caution urged over patched Windows USB driver flaw
Yesterday, Microsoft patched a flaw in the Windows USB Mass Storage Class Driver that could put some people on edge. Though the flaw was rated “important,” likely because it requires local access to exploit, previous work in this arena shows that such a bug could be attacked remotely.
#382 Home Depot will pay up to $19.5 million for massive 2014 data breach
Home Depot has agreed to pay as much as $19.5 million to remedy the giant data breach it suffered in 2014, the company confirmed on Tuesday. Included in that figure is a reported $13 million to reimburse customers for their losses and $6.5 million to provide them with one and a half years of identity protection services.
#381 Chrome update fixes three high severity vulnerabilities
Google pushed out the latest version of its flagship browser Chrome on Tuesday, fixing three high severity bugs in the process.

The update graduates the browser to version number 49.0.2623.87 for Windows, Mac, and Linux, according to a post on Google’s Chrome Releases blog this week.
#380 Phishers are creating YouTube channels to document their attacks
Phishing attacks have linked back to YouTube channels where phishers explain their attacks and promote their tools while looking for buyers.
#379 The rise of IoT hacking: New dangers, new solutions
The explosive growth of the Internet of Things has created a host of new threats for the enterprise. Here's how hackers are targeting your connected devices and what you can do about it.
#378 Let's Encrypt reaches one million certificate encryption milestone
One million free TLS certificates have now been issued, paving the way for better encryption and security on the Web.
#377 Android vulnerabilities allow for easy root access - Qualcomm Snapdragon SoCs flaw
Qualcomm Snapdragon SoCs (systems on a chip) power a large percentage of smart devices in use today. The company’s own website notes that more than a billion devices use Snapdragon processors or modems. Unfortunately, many of these devices contain security flaws that could allow an attacker to gain root access. Gaining root access on a device is highly valuable; it allows the attacker access to various capabilities they would not have under normal circumstances.
#376 Dell open sources DCEPT, a honeypot tool for detecting network intrusions
Dell SecureWorks researchers have developed a tool that allows Windows system administrators to detect network intrusion attempts and pinpoint them to the original source (i.e. a compromised endpoint), and have made it available for everybody.
#375 FBI quietly changes its privacy rules for accessing NSA data on Americans
Classified revisions accepted by secret Fisa court affect NSA data involving Americans’ international emails, texts and phone calls.
#374 Mark Ward: How Minecraft undermined my digital defences
Mark Ward: "Could your children be your weak link when it comes to home security? One of mine almost was thanks to Minecraft."
#373 KeRanger ransomware Is actually Linux.Encoder ported for Macs
A big surprise was revealed today by security researchers from Romanian antivirus company Bitdefender, who claim that the KeRanger Mac ransomware that appeared last weekend is actually a rewrite of the ransomware variant that's been plaguing Linux servers for the past five months.
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12