Security Alerts & News
by Tymoteusz A. Góral

History
#773 Microsoft is adding more ads to the Windows 10 Start menu
Microsoft is planning to double the amount of promoted apps in the Start menu with the upcoming Anniversary Update to Windows 10. The software maker revealed at its WinHEC conference last week that the amount will increase from five currently up to 10 in the Anniversary Update that's due to roll out in July. Promoted apps are typically used on new PCs as links to encourage Windows 10 users to download Store apps, and different apps are promoted in different countries.
#772 Hacker fans give Mr. Robot website free security checkup
The USA Network show Mr. Robot has drawn a good deal of praise for its accurate (relative to other TV shows) portrayal of hacking and computer security. So, naturally, the site for the show has drawn a slightly different sort of adoring fan—"white hat" hackers looking for security holes.

On May 10, USA Network launched a new site for Mr. Robot promoting the July debut of the series' second season—a JavaScript-powered page that uses text input and mimics a Linux shell (complete with a GRUB bootup message). On the same day, as Forbes' Thomas Fox-Brewster reported, a hacker operating under the name Zemnmez reported a cross-site scripting (XSS) vulnerability in the Mr. Robot site that could have been used to trick the site's visitors into giving up their Facebook profile data. Zenmez sent an e-mail about the vulnerability to Mr. Robot writer Sam Esmail; within a few hours, according to NBC Universal (USA Network's corporate parent), the vulnerability was removed.
#771 That time a patient’s heart procedure was interrupted by a virus scan
A heart patient undergoing a medical procedure earlier this year was put at risk when misconfigured antivirus software caused a crucial lab device to hang and require a reboot before doctors could continue.

The incident, described in an alert issued by the Food and Drug Administration, highlights the darker side of using computers and computer networks in mission-critical environments. While a computer crash is little more than an annoyance for most people at home or in offices, it can have far more serious consequences in hospitals, power generation facilities, or other industrial settings.

The computer system at issue in the FDA alert is known under the brand name Merge Hemo and is sold by Hartland, Wisconsin-based Merge Healthcare. It comprises a patient data module and a monitor PC that are connected by a serial cable. It's used to provide doctors with real-time diagnostic information from a patient undergoing a procedure known as a cardiac catheterization, in which doctors insert a tube into a blood vessel to see how well the patient's heart is working.
#770 Breach of Nulled.io crime forum could cause a world of pain for members
A website that openly facilitated the brokering of compromised passwords, stolen bitcoins, and other sensitive data has been hacked, exposing login data, IP addresses, e-mail addresses, purchase histories, and private messages for some 500,000 members.

Nulled.io, a hacker forum that used the tagline "expect the unexpected," was compromised earlier this month in a hack that exposed virtually all of the private data associated with it, security researchers said. As of publication time, more than a week later, the resulting 1.3 gigabyte compressed archive file remained available on a popular data breach sharing site on the clear Web. It was easily accessible to anyone, including hacking victims, fellow hackers, and law enforcement agents. The dump was discovered by analysis firm Risk Based Security and confirmed by Troy Hunt, operator of the have i been pwned? breach disclosure service.

"When services such as Nulled.io are compromised and data is leaked, often it exposes members who prefer to remain anonymous and hide behind screen names," the Risk Based Security blog post stated. "By simply searching by e-mail or IP addresses, it can become evident who might be behind various malicious deeds. As you can imagine, this can lead to significant problems for forum users."
#769 Malware attacks on two banks have links with 2014 Sony Pictures hack
Bangladesh Bank, a commercial bank in Vietnam and ... Sony Pictures are the unlikely bedfellows in a tale of cyber intrigue uncovered by security researchers at BAE Systems.

Researchers Sergei Shevchenko and Adrian Nish have found some links between malware involved in the 2014 attack on Sony Pictures and attacks on two banks involving the theft of credentials for the SWIFT financial transfer network.

The U.S. Federal Bureau of Investigation said North Korea was to blame for the Sony attack (although security experts are divided on the matter).

So is North Korea seeking to boost its foreign currency reserves? Or is someone else conducting a false flag operation -- or just reusing old code?

The link between two pieces of malware used in attacks on Bangalore Bank and on a commercial bank in Vietnam is unambiguous. Shevchenko and Nish decompiled them and found that they used an identical function to wipe a file from an infected computer. The function first fills the file with random characters to ensure nothing can be recovered from the sectors it occupies on the disk, then changes the file's name to a random string before deleting it.
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12