Security Alerts & News
by Tymoteusz A. Góral

History
#735 WordPress patches SOME, XSS flaws in version 4.5.2
WordPress vulnerabilities continue to be a magnet for hackers laden with exploit kits, and as recently as February, crippling ransomware attacks. As a result,

WordPress has already released three security updates this year, the latest for the content management system coming last Friday, bringing current users to version 4.5.2. WordPress also in April turned on free encryption for custom domains hosted on the platform.

The latest update is a security release affecting all versions including 4.5.1.

In an advisory published late last week, WordPress said the Plupload third-party file-upload library was plagued by a SOME vulnerability. SOME flaws are Same Origin Method Execution bugs where JSON callbacks are abused and lead to similar problems as cross-site scripting attacks. Researcher Ben Hayak presented on SOME flaws at Black Hat Europe two years ago and he provides some technical details in a blog post.
#734 NCA's bid to get Lauri Love US hack case passwords thrown out
A bid by the National Crime Agency to force an alleged cyber hacker to hand over encrypted computer passwords has been thrown out by a judge.

The US is attempting to extradite Lauri Love, 31, on charges of hacking into the US Army, Nasa and US Federal Reserve networks.

The agency (NCA) seized the computers during a raid at Mr Love's home in Stradishall, Suffolk, in October 2013.

A call to hand over passwords was rejected by a district judge.
#733 Locky ransomware gets clever!
Locky ransomware rise to fame in recent months. Locky is aggressively distributed via a JavaScript-based downloader sent as an attachment in spam emails, and may have overshadowed the Dridex banking Trojan as the top spam contributor.

FireEye Labs recently observed a new development in the way this ransomware communicates with its control server. Recent samples of Locky are once again being delivered via “Invoice”-related email campaigns, as seen in Figure 1. When the user runs the attached JavaScript, the JavaScript will attempt to download and execute the Locky ransomware payload from hxxp:// banketcentr.ru/v8usja.

This new Locky variant was observed to be highly evasive in its network communication. It uses both symmetric and asymmetric encryption – unlike previous versions that use custom encoding – to communicate with its control server.
#732 This unusual botnet targets scientists, engineers and academics
A botnet and cyberattack campaign is infecting victims across the globe and appears to be tracking the actions of specially selected targets in sectors ranging from government to engineering.

Researchers from Forcepoint Security Labs have warned that the campaign it has dubbed 'Jaku' -- after a planet in the Star Wars universe because of references to the sci-fi saga in the malware code -- is different to and more sophisticated than many botnet campaigns.

Rather than indiscriminately infecting victims, this campaign is capable of performing "a separate, highly targeted operation" used to monitor members of international non-governmental organisations, engineering companies, academics, scientists and government employees, the researchers said.
#731 FTC orders Apple, Google, Microsoft, Blackberry, Samsung to divulge mobile security practices
The Federal Trade Commission today said it issued a 10-page letter to eight leading players in the mobile communications arena requiring them to tell the agency how they issue security updates to address vulnerabilities in smartphones, tablets, and other mobile devices.

The FTC has been critical of mobile communications vendors’ security practices in the past. In one report the FTC stated that companies, whose apps promise consumer safeguards for their data, follow through on those promises. “Specifically, the report recognizes that technology advances found in smartphones can offer the potential for increased data security and encourages all companies to provide strong protections for the data they collect.”
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12