Security Alerts & News
by Tymoteusz A. Góral

#438 Mitre takes on critics, set to revamp CVE vulnerability reporting
Mitre Corporation will introduce a new pilot program for classifying Common Vulnerabilities and Exposures (CVE) in the coming weeks. The move is in response to a backlash in the security community where some critics contend Mitre is failing to keep pace with a massive influx in the number of reported vulnerabilities to the organization.
#437 Alert: Millions of Android devices vulnerable to new Stagefright exploit
Israeli software research company NorthBit claimed it had "properly" exploited the Android bug that was originally described as the "worst ever discovered".

The exploitation, called Metaphor, is detailed in a research paper (PDF) from NorthBit and also a video showing the exploit being run on a Nexus 5. NorthBit said it had also successfully tested the exploit on a LG G3, HTC One and Samsung Galaxy S5.
#436 American Express notifies cardholders of third-party breach
American Express has begun notifying cardholders that their data may have been compromised in a third-party breach. A notification letter filed on March 10 with California’s attorney general indicates that AmEx account numbers, user names and other information including expiration dates may have been accessed.
#435 AceDeceiver: first iOS trojan exploiting Apple DRM design flaws to infect any iOS device
What makes AceDeceiver different from previous iOS malware is that instead of abusing enterprise certificates as some iOS malware has over the past two years, AceDeceiver manages to install itself without any enterprise certificate at all. It does so by exploiting design flaws in Apple’s DRM mechanism, and even as Apple has removed AceDeceiver from App Store, it may still spread thanks to a novel attack vector.
#434 5 major hospital hacks: horror stories from the cybersecurity frontlines
In real-world war, combatants typically don’t attack hospitals. In the cyber realm, hackers have no such scruples. “We’re attacked about every 7 seconds, 24 hours a day,” says John Halamka, CIO of the Boston hospital Beth Israel Deaconess. And the strikes come from everywhere: “It’s hacktivists, organized crime, cyberterrorists, MIT students,” he says.
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12