Security Alerts & News
by Tymoteusz A. Góral

History
#546 Ubuntu patches kernel vulnerabilities
Several vulnerabilities in Ubuntu’s implementation of the Linux kernel, including a use-after-free vulnerability and a timing side-channel vulnerability, were patched today. An advisory issued by Ubuntu Wednesday morning urges users to patch if they’re running 14.04 LTS or any derivative builds.
#545 First Windows 10 preview with bash support is out now
The first Windows 10 Insider Preview build that includes support for native Linux bash on Windows is now out. This was some of the biggest news to come out of Build last week, as Microsoft works to make Windows even more attractive to developers.
#544 Crypto ransomware targets called by name in spear-phishing blast
For the past decade, spear phishing—the dark art of sending personalized e-mails designed to trick a specific person into divulging login credentials or clicking on malicious links—has largely been limited to espionage campaigns carried out by state-sponsored groups. That made sense. The resources it takes to research the names, addresses, and industries of large numbers of individuals was worth it when targeting a given organization that had blueprints or some other specific piece of data prized by the attacker. But why go through the trouble to spread crypto ransomware or banking trojans to the masses when a single scam e-mail could do the trick?
#543 Quanta LTE router beset by over 20 critical security flaws
Pierre Kim, an independent security researcher, came across these issues while testing devices installed with the latest firmware. According to his findings, Quanta 4G WiFi Router QDH, Quanta 4G WiFi Router UNE, Quanta 4G WiFi Router MOBILY (QDH-Mobily - CPE342X), and Quanta 4G WiFi Router Yoomee versions are affected.

Other Quanta CPE (Customer-Premises Equipment) variations that run the same vulnerable version may also be vulnerable. Based on the languages in which the help manuals are provided, the Quanta routers may be found in English, French, Chinese and Arabic-speaking countries.
#542 Phishing email that knows your address
A new type of phishing email that includes the recipient's home address has been received by thousands of people, the BBC has learned.
#541 Apple iPhone 6S, 6S Plus vulnerable to new lock screen bypass flaw
A security flaw in Apple's newest iPhones lets anyone bypass the phone's passcode and access personal information.

Anyone with physical access to an affected phone can access the user's contacts, photos, text and picture messages, emails, and phone settings, according to the disclosure.
#540 Nexus Security Bulletin—April 2016
The most severe of these issues is a Critical security vulnerability that could enable remote code execution on an affected device through multiple methods such as email, web browsing, and MMS when processing media files.

Android Security Advisory 2016-03-18 previously discussed use of CVE-2015-1805 by a rooting application. CVE-2015-1805 is resolved in this update. There have been no reports of active customer exploitation or abuse of the other newly reported issues. Refer to the Mitigations section for further details on the Android security platform protections and service protections such as SafetyNet, which improve the security of the Android platform.
#539 Obtaining login tokens for an Outlook, Office or Azure account
This is pretty similar to Wes’s awesome OAuth CSRF in Live, except it’s in the main Microsoft authentication system rather than the OAuth approval prompt.
#538 Microsoft patches severe account hijacking security flaw
Microsoft has taken only 48 hours to patch a critical account authentication flaw which allowed attackers to use harvested login tokens.

According to British security researcher Jack Whitton, the vulnerability could be exploited through phishing websites designed to harvest login tokens to later compromise user accounts and data.
#537 Samsam may signal a new trend of targeted ransomware
Samsam, unlike more conventional ransomware, is not delivered through drive-by-downloads or emails. Instead, the attackers behind Samsam use tools such as Jexboss to identify unpatched servers running Red Hat’s JBoss enterprise products. Once the attackers have successfully gained entry into one of these servers by exploiting vulnerabilities in JBoss, they use other freely available tools and scripts to collect credentials and gather information on networked computers. Then they deploy their ransomware to encrypt files on these systems before demanding a ransom.
#536 NoScript and other popular Firefox add-ons open millions to new attack
The attack is made possible by a lack of isolation in Firefox among various add-ons installed by an end user. The underlying weakness has been described as an extension reuse vulnerability because it allows an attacker-developed add-on to conceal its malicious behavior by invoking the capabilities of other add-ons. Instead of directly causing a computer to visit a booby-trapped website or download malicious files, the add-on exploits vulnerabilities in popular third-party add-ons that allow the same nefarious actions to be carried out. Nine of the top 10 most popular Firefox add-ons contain exploitable vulnerabilities. By piggybacking off the capabilities of trusted third-party add-ons, the malicious add-on faces much better odds of not being detected.
#535 Emergency update coming for Flash vulnerability under attack
Adobe will release an emergency Flash Player update as soon as Thursday, patching a critical vulnerability that is being publicly attacked. Adobe said the vulnerability is in version 21.0.0.197 and earlier for Windows, Mac OS X, Linux and Chrome OS.

“Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system,” Adobe said in an advisory published late this afternoon.
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12