Security Alerts & News
by Tymoteusz A. Góral

History
#592 Underwriters Labs refuses to share new IoT cybersecurity standard
UL, the 122-year-old safety standards organisation whose various marks (UL, ENEC, etc.) certify minimum safety standards in fields as diverse as electrical wiring, cleaning products, and even dietary supplements, is now tackling the cybersecurity of Internet of Things (IoT) devices with its new UL 2900 certification. But there's a problem: UL's refusal to freely share the text of the new standard with security researchers leaves some experts wondering if UL knows what they're doing.
#591 Broken IBM Java patch prompts another disclosure
For the second time in two weeks, researchers have discovered a three-year-old broken patch for a vulnerability in IBM’s Java SDK implementation. The flaw allows for an attacker to execute code outside the Java sandbox, and still affects current versions of IBM SDK, 7 and 8, released in January.

Details of the vulnerability and proof-of-concept code were disclosed by Polish consultancy Security Explorations. The organization announced, on March 7, a change in internal policy whereby the company will disclose bugs if the vendor’s patch is broken or incomplete.
#590 Qbot malware morphs quickly to evade detection
The Qbot malware is back and hard at work again with infections reported on 54,517 machines, according to researchers at BAE Systems—with 85 percent of those impacted systems residing in the United States. Qbot’s latest incarnation has learned new tricks since its early days in 2009, and is riling security professionals with its ability to evade detection. So far, BAE Systems reports, the criminals behind this latest Qbot wave have repurposed the original Qbot source code and tweaked it in such a way that the most recent version can slip through most security systems.
#589 Cisco report: Cybersecurity to help businesses deliver digital growth strategies
Cybersecurity to businesses is no longer just about reducing risk, but is now being considered at a board level as part of the business strategy, according to new research by Cisco.

The Cybersecurity as a Growth Advantage report shows that 64 percent of executives recognise that cybersecurity is fundamental to their digital growth strategy, with nearly one third believing the primary purpose of cybersecurity is to be a growth enabler, while another 44 percent of executives believe cybersecurity is a competitive advantage.
#588 Let's Encrypt free security certificate program leaves beta
Let's Encrypt has announced that the free secure certificate program is leaving beta in its push to encrypt 100 percent of the web.

The certificate authority (CA) announced on Tuesday that the Let's Encrypt program has left the beta stage of testing after four months, having issued over 1.5 million HTTPS certificates to approximately three million websites worldwide.

In a blog post, Let's Encrypt said the project is pushing "much closer" to the overall target of providing free security certificates to every webmaster online.
#587 The future of Firefox is … Chrome
Senior VP Mark Mayo caused a storm by revealing that the Firefox team is working on a next-generation browser that will run on the same technology as Google's Chrome browser.

"Let's jump right in and say yes, the rumors are true, we're working on browser prototypes that look and feel almost nothing like the current Firefox," Mayo wrote in a blog post.

"The premise for these experiments couldn't be simpler: what we need a browser to do for us – both on PCs and mobile devices – has changed a lot since Firefox 1.0, and we're long overdue for some fresh approaches."

The biggest surprise, however, was that the project, named Tofino, will not use Firefox's core technology – Gecko – but will instead plumb for Electron, which is built on the technology behind Google's rival Chrome browser, called Chromium.
#586 Jigsaw ransomware decrypted: Will delete your files until you pay the Ransom
A new ransomware has been released that not only encrypts your files, but also deletes them if you take too long to make the ransom payment of $150 USD. The Jigsaw Ransomware, named after the iconic character that appears in the ransom note, will delete files every hour and each time the infection starts until you pay the ransom. At this time is currently unknown how this ransomware is distributed.
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12