Security Alerts & News
by Tymoteusz A. Góral

History
#460 73 percent drop in financial Trojan infections but threat is far from neutralized
Using financial Trojans to defraud customers of online banking services is still a popular method among cybercriminals looking to make a profit. Although we have seen a drop in the number of financial Trojans being detected, the Trojans are becoming more capable at what they do and the threat they pose will remain for some time to come. Furthermore, criminals are increasingly targeting financial institutions directly, using malware or through business email compromise (BEC) scams.
#459 Hackers find it more lucrative to target banks, not customers
Trojan attacks against the financial industry are becoming more effective and will continue to plague the sector for some time, as cybercriminals move away from attacking customers and instead choose to target the banks themselves, due to the increased incentive of a more lucrative cash haul.
#458 Tor Project says it can quickly catch spying code
The Tor Project is fortifying its software so that it can quickly detect if its network is tampered with for surveillance purposes, a top developer for the volunteer project wrote on Monday.
#457 To stop the hackers, security teams need to share more data on attacks
Just under half of cybersecurity professionals use any form of shared cyberthreat intelligence (CTI) in their efforts to protect their enterprises from cyberattacks and hackers, despite CTI's potential to significantly improve security in the fight against cybercrime.
#456 Radio attack lets hackers steal 24 different car models
For years, car owners with keyless entry systems have reported thieves approaching their vehicles with mysterious devices and effortlessly opening them in seconds. After having his Prius burgled repeatedly outside his Los Angeles home, the New York Times‘ former tech columnist Nick Bilton came to the conclusion that the thieves must be amplifying the signal from the key fob in the house to trick his car’s keyless entry system into thinking the key was in the thieves’ hand. He eventually resorted to keeping his keys in the freezer.
#455 Encryption securing money transfers on mobile phones can be broken
A group of researchers has proved that it is possible to break the encryption used by many mobile payment apps by simply measuring and analysing the electromagnetic radiation emanating from smartphones.
#454 StartSSL Domain validation (vulnerability discovered).
StartSSL has only one way to validate the ownership of a domain name which is through a predefined list of emails (such as Webmaster,Postmaster and Hostmaster) that are in the same domain you are trying to verify. This method is rarely used, instead for the domain validation most certificate authorities ask the domain owner to place a certain file in their websites.
#453 Everything you need to know about the iMessage security flaw patched by iOS 9.3
Security researchers discovered a number of weaknesses in iMessage's encryption system. Apple's patches are already slated to appear.
#452 About the security content of OSX El Capitan v10.11.4 and security update 2016-002
This document describes the security content of OS X El Capitan v10.11.4 and Security Update 2016-002.
#451 FBI 'may be able to unlock San Bernardino iPhone'
The FBI says it may have found a way to unlock the San Bernardino attacker's iPhone without Apple's assistance.

A court hearing with Apple scheduled for Tuesday has been postponed at the request of the US Justice Department (DOJ), Apple has confirmed.
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12