Security Alerts & News
by Tymoteusz A. Góral

History
#560 OK, panic - newly evolved ransomware is bad news for everyone
This week's ransomware attack at Maryland's MedStar Health hospital network is a prime example. For more than a week, 10 hospitals operated without access to their central networks, because the Windows servers controlling MedStar's domains were locked down by the ransomware variant known as Samsam. Security firms report that there have been many other incidents with Samsam over the past few months. Some attacks have encrypted the contents of hundreds of servers and desktops.
#559 50 million Turkish citizens could be exposed in massive data breach
Nearly 50 million Turkish citizens, more than half of the country’s population, may have had their personal details exposed in a massive new data breach revealed this week.

As reported by The Telegraph, a compressed file has been posted online by an unnamed group appearing to contain information including names, addresses, parents’ first names, cities of birth, birth dates, and national identifier numbers used by the Turkish government.

The authenticity of the leak was partially verified by the Associated Press, which ran 10 non-public Turkish ID numbers against names listed in the data dump, eight of which were an exact match.
#558 FBI: $2.3 billion lost to CEO email scams
The U.S. Federal Bureau of Investigation (FBI) this week warned about a “dramatic” increase in so-called “CEO fraud,” e-mail scams in which the attacker spoofs a message from the boss and tricks someone at the organization into wiring funds to the fraudsters. The FBI estimates these scams have cost organizations more than $2.3 billion in losses over the past three years.

In an alert posted to its site, the FBI said that since January 2015, the agency has seen a 270 percent increase in identified victims and exposed losses from CEO scams. The alert noted that law enforcement globally has received complaints from victims in every U.S. state, and in at least 79 countries.
#557 Linux botnet attacks increase in scale
Hackers are using malware which targets Linux to build botnets to launch distributed denial of service (DDoS attacks) security researchers have warned.

The so-called BillGates Trojan botnet family of malware - apparently so named by the virus writers because it targets machines running Linux, not Windows - has been labelled with a "high" risk factor in a threat advisory issued by Akamai's Security Intelligence Research Team.
#556 FBI quietly admits to multi-year APT attack, sensitive data stolen
The FBI issued a rare bulletin admitting that a group named Advanced Persistent Threat 6 (APT6) hacked into US government computer systems as far back as 2011 and for years stole sensitive data. The FBI alert was issued in February and went largely unnoticed. Nearly a month later, security experts are now shining a bright light on the alert and the mysterious group behind the attack.
#555 Mac adware OSX.Pirrit unleashes ad overload, for now
Researchers discovered a Mac OS X variant of the Windows-based Pirrit adware that creates a proxy server on infected Mac computers and injects ads into webpages. According to researchers at Boston-based Cybereason Labs, the adware, dubbed OSX.Pirrit, is mostly benign, serving up just ads, but has the potential to morph into something more sinister.
#554 Edge to follow Chrome’s lead, make Flash ads click-to-play
Google announced an equivalent change to Chrome last year. Since September 2015, Chrome too has tried to pause non-essential Flash content. Google's argument was that this behavior would be much better for battery life and that stopping ads from playing would make the browser less of a power hog. Microsoft also suggests that battery life will improve, but the company is positioning the change as more of a standards-compliance issue. Microsoft says that there are now many standardized alternatives to Flash and that developers should continue to adopt these technologies and phase out their use of Adobe's proprietary platform.
#553 Latest Flash 0-day being used to push ransomware
Exploits for a zero-day vulnerability in Adobe Flash Player are being aggressively distributed in two exploit kits. The zero day, meanwhile, was patched by Adobe in an emergency update released Thursday night. Attackers are using the previously unpatched flaw in the maligned Flash Player to infect victims with either Locky or Cerber ransomware. Locky is a relatively new crypto-ransomware strain, spread primarily via spam with attachments enticing users to enable macros in Word documents that download the malware onto machines. Cerber is also crypto-ransomware that includes a feature where the infected machine will speak to the victim.
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12