Security Alerts & News
by Tymoteusz A. Góral

History
#552 Locky: the encryptor taking the world by storm
In February 2016, the Internet was shaken by an epidemic caused by the new ransomware Trojan Locky (detected by Kaspersky Lab products as Trojan-Ransom.Win32.Locky). The Trojan has been actively propagating up to the present day. Kaspersky Lab products have reported attempts to infect users with the Trojan in 114 countries around the world.
#551 Panic over! Apple fixes iPhone 6S lockscreen bug
The fix turned out to be surprisingly easy, and didn’t even require Apple to push out an iOS update. (Just as well, because the latest iOS update, 9.3.1, came out less than a week ago.)

It seems that all Apple had to do to patch against this flaw, or perhaps more accurately to work around it, was to reconfigure Siri not to process “open Twitter” commands from the lockscreen.
#550 How CERN fights hackers
Security is all about balance—keeping users and data safe has to sit alongside usability and efficiency. At CERN, the European Organization for Nuclear Research and home of the Large Hadron Collider (LHC), Stefan Lueders has the daunting task of coordinating the security of systems while maintaining an environment of academic freedom.
#549 Google reCAPTCHA cracked in new automated attack
A trio of security researchers have devised a new automated attack that can break the CAPTCHA systems employed by Google and Facebook.

The researchers utilized a large number of factors in putting together their attack, leveraging tricks to bypass CAPTCHA security measures (cookies, tokens) and machine learning to "guess" the correct (image) CAPTCHA answer with a higher degree of accuracy than previous studies.
#548 WhatsApp encryption a good start, but far from a security cure-all
“End to end encryption is a good thing, but it’s really just the beginning of good security,” said Jonathan Zdziarski, a leading independent security researcher and forensics expert. “No question about it, this is good tech. But just like any tech it’s not perfect. The real question: Is WhatsApp’s owner Facebook going to be responsible with this technology? A lot of people view Facebook as the antithesis of privacy,” Zdziarski said.
#547 Vulnerable WordPress and Drupal may have contributed to the Panama Papers Breach
The firm ran its unencrypted emails through an outdated (2009) version of Microsoft’s Outlook Web Access. Outdated open source software running the frontend of the firm’s websites is also now suspected to have provided a vector for the compromise.
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12