Security Alerts & News
by Tymoteusz A. Góral

History
#953 Russian government hackers penetrated DNC, stole opposition research on Trump
Russian government hackers penetrated the computer network of the Democratic National Committee and gained access to the entire database of opposition research on GOP presidential candidate Donald Trump, according to committee officials and security experts who responded to the breach.

The intruders so thoroughly compromised the DNC’s system that they also were able to read all email and chat traffic, said DNC officials and the security experts.

The intrusion into the DNC was one of several targeting American political organizations. The networks of presidential candidates Hillary Clinton and Donald Trump were also targeted by Russian spies, as were the computers of some GOP political action committees, U.S. officials said. But details on those cases were not available.
#952 RAA ransomware composed entirely of JavaScript
We’ve already seen ransomware take on many forms this year, but researchers this week claim they’ve noticed a new strain unlike any they’ve seen prior–a type composed entirely of JavaScript.

The ransomware, dubbed RAA by researchers, has been circulating through attachments masquerading as Word .doc files according to Lawrence Abrams, who wrote about the malware late Monday night on his site BleepingComputer.com.

Initially discovered by two security researchers, @JAMES_MHT and @benkow_, RAA encrypts files using code from CryptoJS, an open source library that’s easy to use and handles cipher algorithms like AES, DES, and so on. In this instance, RAA scans victims’ machines and encrypts select files with AES-256.
#951 Fix coming for Flash vulnerability under attack
Adobe today said it will patch Flash Player this week, addressing a vulnerability being exploited in “limited, targeted attacks.”

The flaw, CVE-2016-4171, exists in versions of Flash prior to, and including, 21.0.0.242 on Windows, Macintosh, Linux and ChromeOS platforms.

“Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system,” Adobe said in its notification.
#950 AI, big data and the iPhone: Here's how Apple plans to protect your privacy
Artificial intelligence and big data are white hot technologies but both need to analyse vast amounts of data to work effectively: now Apple is trying to see if it is possible to use both without compromising its tough stance on protecting users' privacy.

At the company's World Wide Developers' Conference in San Francisco the company announced a number of initiatives around machine learning and data analytics.

Apple said it will use a deep learning technology called long short-term memory to make its Quicktype keyboard able to offer more intelligent options during conversations. For example, automatically offering up information about where you are from in Maps, if the question crops up in a chat with a friend.

It is also using deep learning and computer vision to allow the iPhone to provide facial recognition so users can sort pictures of different people into albums. It's applying the same kind of technology to object and scene recognition as well -- doing 11 billion computations per photo to be able to understand what is in each image -- which can then be used to search for them later. Apple said it is also using artificial intelligence to analyse a user's photo library to cluster images by location, people or scenes into a new 'memories' tab.
#949 DLink patches weak crypto in mydlink devices
Browser makers and other tech companies have gone to great pains to beef up weak crypto libraries, in particular those that are exposed to fallback attacks such as POODLE.

Attackers exploiting these vulnerabilities are able to dial back the encryption protecting communication to SSLv2 and SSLv3, for example, forcing servers to fall back to these weaker versions of the protocol should a more secure connection fail. With attacks such as POODLE, an attacker that successfully forces a fallback could steal private keys and decrypt traffic.

As more of these weaker versions of the libraries are replaced, more and more continue to pop up in embedded and connected devices.
#948 Siemens firmware updates patch SIMATIC vulnerabilities
Siemens has provided firmware updates addressing vulnerabilities in two popular products lines, the SIMATIC WinCC flexible, and the SIMATIC S7-300 CPU family.

The SIMATIC S7-300 flaw is a denial-of-service issue that could be remotely exploited to cause the device to go into defect mode, an advisory from the Industrial Control System Cyber Emergency Response Team (ICS-CERT) said. Admins would need to perform a cold restart to recover affected systems.

SIMATIC S7-300 CPUs with Profinet support prior to V3.2.12, and SIMATIC S7-300 CPUs without Profinet support prior to V3.3.12 are affected, Siemens said.
#947 Android ransomware hits Smart TVs
Security researchers have discovered a variant of the FLocker Android ransomware that not only infects mobile devices, but also can infect smart TVs running certain versions of the operating system.

The FLocker ransomware has been active for more than a year now, and it is many ways a typical piece of mobile ransomware. It is designed to scare victims into paying a ransom–$200 in this case–by locking the infected device and throwing up a screen that accuses the victim of some fictitious crime. The ransomware doesn’t appear to encrypt files on an infected device, but it locks the screen so the user can’t open any other apps or take any other actions until paying the ransom.

Researchers at Trend Micro said they have seen various versions of FLocker over the last year and the activity level of the ransomware has varied. The newest version of the malware, however, includes the ability to infect art TVs, many of which run Android.
#946 Programmer automates his job for 6 years, finally gets fired, forgets how to code
Reddit user FiletOfFish1066 just got fired from his programming job. The reason and circumstances will completely blow your mind, though. FiletOfFish1066 (FOF) worked at a well-known tech company in the Bay Area and for six full years did nothing except play League of Legends, browse Reddit, work out in a gym, and basically do whatever he felt like doing. Guess how much his company paid him to basically do nothing for a full six years? $95,000 per year on average.

“From around 6 years ago up until now, I have done nothing at work. I am not joking. For 40 hours each week I go to work, play League of Legends in my office, browse reddit, and do whatever I feel like. In the past 6 years I have maybe done 50 hours of real work. So basically nothing. And nobody really cared. The tests were all running successfully. I shit you not, I had no friends or anything at work either, so nobody ever talked to me except my boss and occasionally the devs for the software I was testing.” -Reddit via Payscale Career News
#945 ATM insert skimmers in action
KrebsOnSecurity has featured several recent posts on “insert skimmers,” ATM skimming devices made to fit snugly and invisibly inside a cash machine’s card acceptance slot. I’m revisiting the subject again because I’ve recently acquired how-to videos produced by two different insert skimmer peddlers, and these silent movies show a great deal more than words can tell about how insert skimmers do their dirty work.

Last month I wrote about an alert from ATM giant NCR Corp., which said it was seeing an increase in cash machines compromised by what it called “deep insert” skimmers. These skimmers can hook into little nooks inside the mechanized card acceptance slot, which is a generally quite a bit wider than the width of an ATM card.

“The first ones were quite fat and were the same width of the card,” said Charlie Harrow, solutions manager for global security at NCR. “The newer ones are much thinner and sit right there where the magnetic stripe reader is.”
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12