Security Alerts & News
by Tymoteusz A. Góral

History
#764 Runkeeper is secretly tracking you around the clock and sending your data to advertisers
FitnessKeeper, the company behind running app Runkeeper, is in hot water in Europe. The company will receive a formal complaint on Friday from the Norwegian Consumer Council for breaching European data protection laws. It turns out that Runkeeper tracks its users’ location all the time – not just when the app is active – and sends that data to advertisers.

The NCC, a consumer rights watchdog, is conducting an investigation into 20 apps’ terms and conditions to see if the apps do what their permissions say they do and to monitor data flows. Tinder has already been reported to the Norwegian data protection authority for similar breaches of privacy laws. The NCC’s investigation into Runkeeper discovered that user location data is tracked around the clock and gets transmitted to a third party advertiser in the U.S. called Kiip.me.
#763 Cerber ransomware on the eise, fueled by Dridex botnets
Starting in April security experts at FireEye spotted a massive uptick in Cerber ransomware attacks delivered via a rolling wave of spam. Researchers there link the Cerber outbreaks to the fact that attackers are now leveraging the same spam infrastructure credited for making the potent Dridex financial Trojan extremely dangerous.

Cerber, which is best known for its high-creep factor in using text-to-speech to “speak” its ransom note to victims, was first spotted in the wild in February. Its typical distribution method was via exploit kits, with Magnitude and Nuclear Pack exploiting a zero day in Adobe Flash Player (CVE-2016-1019). But as recently as May 4, FireEye reports, Cerber is now part of a spam campaign linked to Dridex botnets.
#762 Latest Petya ransomware strain comes with a failsafe: Mischa
The Petya ransomware strain signaled a new escalation for crypto-malware when it surfaced in March. For the first time, ransomware went beyond encrypting files on local and shared drives and instead set its sights on locking up the Master File Table on compromised machines.

Petya did have its shortcomings and before long, researchers were able to develop a tool that recovered some files lost to infections.

The criminals behind Petya, meanwhile, have addressed another weakness where the malware would not execute if it were not granted administrative privileges in order to target the MFT. A new installer for Petya was found and disclosed on Thursday. It comes with a failsafe; if its installer is not granted the privileges it seeks, it instead installs another strain of ransomware known as Mischa.

The original Petya executable came with a manifest that requested administrator privileges, said researcher Lawrence Abrams of Bleeping Computer.
#761 France's after work email ban is one step closer to reality
France is that much closer to becoming the first country to ban after-work emails.

The country's lower parliamentary house passed a bill this week that would ban companies with 50 or more employees from sending emails outside regular work hours, BBC News reported.

It now goes to the Senate, where members will study it before sending it back to the National Assembly to enshrine it in French law.
#760 Linksys WRT routers won’t block open source firmware, despite FCC rules
New rules that affect open source firmware on Wi-Fi routers will be implemented on June 2, but not all network hardware will prevent the loading of third-party software.

Linksys has been collaborating with chipmaker Marvell and the makers of OpenWrt to make sure its latest WRT routers can comply with the new rules without blocking open source firmware, company officials told Ars.

Linksys’s effort stands in contrast with TP-Link, which said it would entirely prevent loading of open source firmware on its routers to satisfy the new Federal Communications Commission requirements.

Blocking third-party firmware is the easiest way to comply with the FCC rules, which aim to limit interference with other devices by preventing user modifications that cause radios to operate outside their licensed RF (radio frequency) parameters.

The FCC wrote its rules in response to interference with FAA Doppler weather radar systems. Routers using certain portions of the 5GHz band were already required to use dynamic frequency selection (DFS) in order to detect nearby radar systems and avoid operating on the same channel. But it’s possible for users to disable dynamic frequency selection—the FCC has called this a “major cause of harmful interference.” Most cases of interference have been caused either by disabling DFS or “devices that have been modified to operate in frequency bands in which they are not certified to operate,” the FCC says.
#759 Second bank cyber-attack detected by Swift after Bangladesh raid
A cyber-attack, similar to one that saw $81m (£56m) stolen from Bangladesh's central bank, has hit a second bank.

The warning about the second attack came from Swift, which oversees the financial messaging network that underpins global money transfers.

Swift said the target was a commercial bank but did not name the organisation or reveal if any cash had been taken.

The attack used techniques and tools resembling those used to steal cash from Bangladesh in February, it said.

Swift is used by about 11,000 financial institutions around the world to move large amounts of cash.

The attackers had a "deep and sophisticated knowledge of specific operational controls" at the targeted bank, and could have been aided in their theft by "malicious insiders", said Swift.

In both attacks the thieves sought to submit fraudulent messages to the Swift network to transfer large amounts of cash to accounts they controlled.
#758 Facebook wants to teach you how to hack
Facebook wants to teach the next generation security skills and hopes the release of the Capture the Flag (CTF) platform to the open-source community will be a valuable contribution.

Gulshan Singh, a software engineer on Facebook's threat infrastructure team said in an announcement on Wednesday the social media giant hopes to make "security education easier and more accessible," especially for students.

As a result, the company has decided to release the CTF platform as a "safe and legal" way to teach kids how to learn and refine skills related to reverse-engineering, forensics, web application security, cryptography, and binary exploitation without getting into trouble with the law.
#757 Apache incubating project promises new Internet security framework
VANCOUVER, BC -- A new incubating project at the Apache Software Foundation (ASF) promises a more secure Internet that doesn't require monolithic trust hierarchies and centralized certificate authorities. And it could eliminate the need for complex passwords, too.

At ApacheCon North America in Vancouver yesterday, telecommunications juggernaut NTT Group, along with its Silicon Valley-based innovation center NTT i3 and cryptography and cybersecurity specialist MIRACL, joined forces to contribute their security and authentication code to a new open source project: Apache Milagro (incubating).

By eliminating the need for a central trust authority and the public key infrastructure (PKI) model built 40 years ago for a client-server world, the new incubating project aims to provide a better framework for blockchain applications, cloud computing services, mobile and containerized developer applications.
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12