Security Alerts & News
by Tymoteusz A. Góral

History
#934 Mozilla will fund code audits for open source software
“The Fund is part of the Mozilla Open Source Support program (MOSS) and has been allocated $500,000 in initial funding, which will cover audits of some widely-used open source libraries and programs,” Chris Riley, Mozilla’s Head of Public Policy, explained.

“But we hope this is only the beginning. We want to see the numerous companies and governments that use open source join us and provide additional financial support.”

Projects that want Mozilla’s help must be open source/free software and must be actively maintained, but they have a much better probability to being chosen if the software is commonly used and is vital to the continued functioning of the Internet or the Web.
#933 “Bluetooth 5” spec coming next week with 2x more range and 4x better speed
Bluetooth 5.0, the latest version of the ubiquitous wireless standard, is set to be announced on June 16, according to an e-mail sent by Bluetooth SIG Executive Director Mark Powell.

The update will apparently be called "Bluetooth 5" without a point number in an effort to "[simplify] marketing." It's primarily of interest because the update promises to double the range and quadruple the speed of Bluetooth 4.2. It also adds "significantly more capacity to advertising transmissions," which is more exciting than it sounds because it doesn't necessarily have anything to do with what you normally think of when you think of "advertising."
#932 Lurk Banker trojan: Exclusively for Russia
One piece of advice that often appears in closed message boards used by Russian cybercriminals is “Don’t work with RU”. This is a kind of instruction given by more experienced Russian criminals to the younger generation. It can be interpreted as: “don’t steal money from people in Russia, don’t infect their machines, don’t use compatriots to launder money.”

“Working with RU” is not a great idea where cybercriminals’ safety is concerned: people from other countries are unlikely to report an incident to the Russian police. In addition, online banking is not very popular in the RU zone – at least, it is much less popular than in the West. This means that the potential income from operating in the RU zone is lower than in other zones, while the risk is higher. Hence the rule “Don’t work with RU”.

As always, there are exceptions to the rule. A rather prominent banker Trojan – Lurk – that is the subject of this paper has been used to steal money from Russian residents for several years.

We have written about this banker Trojan before. It caught our attention almost as soon as it appeared because it used a fileless spreading mechanism – malicious code was not saved on the hard drive and ran in memory only. However, until now no detailed description of Lurk had been published.
#931 JIGSAW crypto-ransomware turns customer-centric, uses chat for ransom attempts
Good customer service is part of running a successful business. It shouldn’t be a surprise that even crypto-ransomware purveyors are now thinking of ways to make the process of paying for crypto-ransomware easier. The innovation brought forth by some new JIGSAW variants? Instead of using dark web sites, it communicates to the user via… live chat.
#930 Ransomware dominates the threat landscape
So what kicked it off?

Well starting in 1989 and until 2012, there was the version here and there that would lock something, demand payment either through e-mail, snail mail (seriously, look up the AIDS Trojan) and even SMS payment.

Then we saw the huge emergence of a new form of Ransomware, you might know it as FBI or Law Enforcement ransomware, it basically locked down your screen, pretending to be from a LE organization, accused you of committing some crime and demanded you pay, usually using prepaid cards, to have your computer unlocked.
#929 Symantec: Latest intelligence for May 2016
The Latest Intelligence page has been refreshed through May 2016, providing the most up-to-date analysis of cybersecurity threats, trends, and insights concerning malware, spam, and other potentially harmful business risks. Here are some key takeaways from this latest batch of intelligence.

The Angler toolkit, which had consistently ranked second in our list of web attacks by toolkit, came out on top in May, comprising 51.2 percent of all toolkit activity. The Nuclear exploit kit, which topped April’s list, has dropped out of the top five this month, likely due to research that was published in late April, shedding light on the toolkit’s infrastructure and likely leading to disruptions. This follows the disappearance of the Spartan toolkit from our top five list in April. The Spartan toolkit had also previously topped the list of web attacks by toolkit.
#928 An interview with the Russian hacker probably selling your password right now
For the last two weeks, the tech world’s security teams have been practically under siege. On an almost daily basis, new collections of data from hundreds of millions of stolen accounts have appeared on the dark web, ripped from major web firms and sold for as little as a few hundred dollars each worth of bitcoins. And behind each of those clearance sales has been one pseudonym: “Peace_of_mind.”

“Peace_of_mind,” or “Peace,” sells data on the dark web black market TheRealDeal. His or her “store” page has a 100-percent satisfaction rating and feedback like “A+++,” and “follows up with your questions and delivers promptly.” And Peace’s growing selection of merchandise includes 167 million user accounts from LinkedIn, 360 million from MySpace, 68 million from Tumblr, 100 million from the Russian social media site VK.com, and most recently another 71 million from Twitter, adding up to more than 800 million accounts and growing.
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12