Security Alerts & News
by Tymoteusz A. Góral

History
#610 Your phone number is all a hacker needs to read texts, listen to calls and track you
Hackers have again demonstrated that no matter how many security precautions someone takes, all a hacker needs to track their location and snoop on their phone calls and texts is their phone number.

The hack, first demonstrated by German security researcher Karsten Nohl in 2014 at a hacker convention in Hamburg, has been shown to still be active by Nohl over a year later for CBS’s 60 Minutes.

The hack uses the network interchange service called Signalling System No. 7 (SS7), also known as C7 in the UK or CCSS7 in the US, which acts as a broker between mobile phone networks. When calls or text messages are made across networks SS7 handles details such as number translation, SMS transfer, billing and other back-end duties that connect one network or caller to another.
#609 Web host 123-reg deletes sites in clean-up error
The company, which hosts 1.7m sites in the UK, said an error made during maintenance "effectively deleted" what was on some of its servers.

"We can conclude that the issues faced have resulted in some data loss for some customers," the firm admitted.

It has started a "recovery process", but said customers with their own data backup to rebuild their own websites.

The web host, which has 800,000 customers in the UK, would not say how many websites had been deleted but said it was a "small proportion".
#608 WhatsApp vs Telegram
The competition for the most secure instant messaging tool has been running for years. It re-surfaced this month when WhatsApp announced it has completed implementing end-to-end encryption. Curiously, in security research circles, this has resulted in endless debates between WhatsApp and Telegram. Very much like Emacs vs Vi, everybody has a (strong) opinion, but there is no general consensus.
#607 Ransomware: past, present, and future
Ransomware as we know it today has a sort of 'spray and pray' mentality; they hit as many individual targets as they can as quickly as possible. Typically, payloads are delivered via exploit kits or mass phishing campaigns. Recently a number of scattered ransomware campaigns deliberately targeting enterprise networks, have come to light. We believe that this is a harbinger of what's to come -- a portent for the future of ransomware.

Traditionally, malware was never terribly concerned with the destruction of data or denial of access to its contents; With few notable exceptions, data loss was mostly a side-effect of malware campaigns. Most actors were concerned with sustained access to data or the resources a system provided to meet their objectives. Ransomware is a change to this paradigm from subversion of systems to outright extortion; actors are now denying access to data, and demanding money to restore access to that data. This paper will discuss the latest ransomware trends as w
#606 Widespread JBoss backdoors a major threat
Recently a large scale ransomware campaign delivering Samsam changed the threat landscape for ransomware delivery. Targeting vulnerabilities in servers to spread ransomware is a new dimension to an already prolific threat. Due to information provided from our Cisco IR Services Team, stemming from a recent customer engagement, we began looking deeper into the JBoss vectors that were used as the initial point of compromise. Initially, we started scanning the internet for vulnerable machines. This led us to approximately 3.2 million at-risk machines.
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12