Security Alerts & News
by Tymoteusz A. Góral

#566 Sophisticated bribe scheme helped crooks whitelist malware on Chinese antivirus
Malware operators utilized this particular attack scenario in China, where they bribed the employees of an authorized gaming company in order to embed samples of their malware in the source code of one of their many mobile apps.
#565 Researchers help shut down spam botnet that enslaved 4,000 Linux machines
Known as Mumblehard, the botnet was the product of highly skilled developers. It used a custom "packer" to conceal the Perl-based source code that made it run, a backdoor that gave attackers persistent access, and a mail daemon that was able to send large volumes of spam. Command servers that coordinated the compromised machines' operations could also send messages to Spamhaus requesting the delisting of any Mumblehard-based IP addresses that sneaked into the real-time composite blocking list, or CBL, maintained by the anti-spam service.
#564 Every voter in Philippines exposed in mega hack
The database of the Philippine Commission on Elections (COMELEC) has been breached and the personal information of 55 million voters potentially exposed in what could rank as the worst ever government data breach anywhere.
#563 Over 135 million modems and routers vulnerable to denial-of-service flaw
The problem lies with how a widely-used modem, the Arris Surfboard SB6141, handles authentication and cross-site requests.

Arris (formerly Motorola) said that it has sold more than 135 million of the Surfboard SB6141 modems, but an Arris spokesperson disputed that the figure was "not an accurate representation" of the units impacted and that only a "subset" of Surfboard devices were affected.

Millions of Comcast, Time Warner Cable, and Charter customers (and more) were shipped one of these modems when they first subscribed.
#562 Symantec: Latest intelligence for march 2016
The Latest Intelligence for March 2016 reveals that the average number of mobile malware variants has reached 50 per family.
#561 HTTPS everywhere: encryption for all sites
On Friday, WordPress announced that it is bringing free HTTPS to all -- "million-plus" -- custom domains, essentially ramping up security on every blog and website. The publishing platform says it partnered with Let's Encrypt project to implement HTTPS across such a voluminous number of sites.
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12