Security Alerts & News
by Tymoteusz A. Góral

History
#514 Apple releases iOS 9.3.1 with fix for unresponsive links
Apple, on Thursday, rolled out a minor update to iPhone, iPad, and iPod devices. The update, dubbed iOS 9.3.1, brings with it a fix for a software glitch that caused many apps -- including Safari, and Chrome -- to freeze and crash when trying to open a link. The issue was related to Universal Link, a feature Apple first introduced with iOS 9. Many reported that some apps including Booking.com were abusing this capability, causing the Universal Link database to overload.
#513 Patch out for 'ridiculous' Trend Micro command execution vulnerability
Password Manager, Maximum Security and Premium Security are all at risk. A bug in its software meant that Trend Micro accidentally left a remote debugging server running on customer machines.

The flaw, discovered by Google’s Project Zero researcher Tavis Ormandy, opened the door to command execution of vulnerable systems (running either Trend Micro Maximum Security, Trend Micro Premium Security or Trend Micro Password Manager).
#512 Cybercriminals are overcoming barriers to cooperate on making malware more dangerous
Kaspersky researchers say Russian and Brazilian cybercriminals are trading tools and techniques to target their respective local victims.
#511 Most prevalent Android ransomware in the west arrives in Japan
Android.Lockdroid ransomware expands to Asia by targeting Japan first. The malware poses as a system update and locks the device from use.
#510 Cyber criminals 'hacked law firms'
Cyber criminals have been targeting major law firms in what may have been an attempt to gather data for insider trading deals, according to reports. The Wall Street Journal said that a number of US companies had had their computer systems compromised.
#509 Weakness in iOS enterprise hooks could let bad apps sneak in
Security researchers at Check Point Software claim to have found a weakness in Apple's mobile device management (MDM) interface for iOS devices that could be exploited to gain complete access to devices. Dubbed "SideStepper," the approach could allow an attacker to hijack enterprise management functions and bypass Apple's application security.
#508 UK cops tell suspect to hand over crypto keys in US hacking case
At a court hearing earlier this month, the UK's National Crime Authority (NCA) demanded that Lauri Love, a British computer scientist who allegedly broke into US government networks and caused "millions of dollars in damage," decrypt his laptop and other devices impounded by the NCA in 2013, leading some experts to warn that a decision in the government's favor could set a worrisome precedent for journalists and whistleblowers.
#507 Meet Remaiten – a Linux bot on steroids targeting routers and potentially other IoT devices
ESET researchers are actively monitoring malware that targets embedded systems such as routers, gateways and wireless access points. Recently, we discovered a bot that combines the capabilities of Tsunami (also known as Kaiten) and Gafgyt. It also provides some improvements as well as a couple of new features. We call this new threat Linux/Remaiten. So far, we have seen three versions of Linux/Remaiten that identify themselves as versions 2.0, 2.1 and 2.2. Based on artifacts found in the code, the authors call this new malware “KTN-Remastered” or “KTN-RM”.
#506 Root servers were not targets of 2015 DDoS attack
Matt Weinberg and Duane Wessels are scheduled to deliver a talk at DNS-OARC 24 in Buenos Aires where they will present their review of the malicious UDP traffic absorbed by the A- and J-Root servers under VeriSign’s control. In their slides, Weinberg and Wessels identify two domains, 336901[.]com and 916yy[.]com, as the real targets with attacks peaking near five million queries per second for each domain on the A and J root servers. Both domains are registered to individuals in China, according to Whois data. The researchers also speculate that the attacks could have originated from a botnet pushing the BillGates or WebTools malware, both of which are known to generate DNS attacks.
#505 CloudFlare: 94 percent of the Tor traffic we see is “per se malicious”
In a company blog post entitled "The Trouble with Tor," CloudFlare CEO Matthew Prince says that 94 percent of the requests the company sees coming across the Tor network are "per se malicious." He explains:

"That doesn’t mean they are visiting controversial content, but instead that they are automated requests designed to harm our customers. A large percentage of the comment spam, vulnerability scanning, ad click fraud, content scraping, and login scanning comes via the Tor network. To give you some sense, based on data from Project Honey Pot, 18% of global email spam, or approximately 6.5 trillion unwanted messages per year, begin with an automated bot harvesting email addresses via the Tor network."
#504 Microsoft extends its Windows Hello login security features to apps and the web
Microsoft is bringing to Windows apps (and even the web) some of the convenience and security of being able to use the same tech it uses to keep enterprise laptops safe. The idea here is to let you use the same technology that powers “Windows Hello” — the login security feature of Windows 10 that supports fingerprint scanners, facial recognition and even iris scanners — to log into other services, as well.
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12