Security Alerts & News
by Tymoteusz A. Góral

History
#1048 Foxit patches 12 vulnerabilities in PDF reader
Foxit patched a dozen vulnerabilities in its PDF reader software this week, more than half of which could allow an attacker to directly execute arbitrary code on vulnerable installations of the product.

The company released version 8.0 of its Foxit Reader and Foxit PhantomPDF on Monday, addressing vulnerabilities in builds 7.3.4.311 and earlier of the product. Details around the issues weren’t publicly disclosed until two days later, on Wednesday, in coordination with the Zero Day Initiative. Like most PDF vulnerabilities, user interaction is required

Like most PDF vulnerabilities, user interaction is required to exploit any of the vulnerabilities, meaning an attacker would have to trick a user into either visiting a malicious page or opening a malicious PDF file. While eight of the vulnerabilities can directly result in remote code execution, technically all of the vulnerabilities could be used to execute code; some just need to be chained together with other vulnerabilities to do so.
#1047 YSTS X: The highlights of the COOLEST security conference in Brazil
One day after BSides LatAm, it was the turn of another security conference in Brazil: You Shot The Sheriff, now in its tenth edition. Happening on one of the coolest days in Sao Paulo, the event took place at Villa Bisutti, where the whole event was very well organised.

The welcome coffee was a good opportunity to meet some friends and also make new ones, as the majority of the security professionals from Brazil and also other countries were attending the event.

Luiz, Nelson and Willian opened the event by talking about the difference between the first edition to the tenth, showing that it has become much more mature and professional but is still a challenge to make it happen. They also talked of their work to keep the event the same size, as they believe that increasing the number of attendees could decrease of the quality of the event, something they work hard to improve with each edition.

After that, Anchises Moraes from RSA opened the talks by presenting about the stone age and the computing era, comparing the information gathered from paintings on cave walls that could lead us to an understanding of what happened at that time, to the information that we are storing on internet that will stay visible to the next generation.
#1046 Android Trojan malware makes hackers $500,000
A prolific piece of Trojan smartphone malware which installs malicious apps, games, and continually pushes pop-up adverts onto victim's phones is making its creators as much as $500,000 per day.

Hummer was first discovered by the Cheetah Mobile Security Research Lab in 2014, but the malware initially lay dormant for many months. However, a blog post by the security researchers details how Hummer started infecting hundreds of thousands of phones in summer last year, before exploding into 2016.

Every time the Trojan installs a new application on the infected devices, it's thought the developers make $0.50. While that may sound like a small amount, the proliferation of Hummer means its creators make big bucks.
#1045 Facebook malware: tag me if you can
On the morning of 26th June, news of a phishing campaign hit the Israeli media. Thousands of Facebook users complained that they had been infected by a virus through their accounts after they received a message from a Facebook friend claiming they had mentioned them in a comment.

Kaspersky Lab decided to investigate. We quickly discovered that the message had in fact been initiated by attackers and unleashed a two-stage attack on recipients. We also found that the attack was not confined to Israel, but was hitting targets worldwide.

The first stage of the attack started when the user clicked on the “mention”. A malicious file seized control of their browsers, terminating their legitimate browser session and replacing it with a malicious one that included a tab to the legitimate Facebook login page. This was designed to lure the victim back into the social network site.

Upon logging back into Facebook the victim’s session was hijacked in the background and a new file was downloaded. This represented the second stage of the attack, as embedded in this file was an account-takeover script that included a privacy-settings changer, account-data extractor and other tools that could be used for further malicious activity, such as spam, identity theft and generating fraudulent ‘likes’ and ‘shares’. Further, the malware infection loop began again as malicious notifications were sent to all the victim’s Facebook friends.
#1044 Ransomware attacks may trigger breach notifications
A powerful California congressman is pushing the federal government to treat ransomware attacks on medical facilities as data breaches and require notifications of patients.

The pressure is coming from Rep. Ted Lieu (D-Calif.) and follows comments from officials at the Department of Health and Human Services about the department’s plan to issue guidance to health care organizations about ransomware attacks. The Office for Civil Rights section of HHS, which has responsibility for health information privacy, will provide guidance on how to handle ransomware attacks, and Lieu is eager to ensure that the guidance specifically addresses how ransomware attacks relate to data breach regulations.

Ransomware typically is thought of as a consumer threat, encrypting victims’ files and demanding payments in order to get the decryption key. But more and more ransomware variants are targeting enterprises, as attackers have figured out that forcing large payments from one company is more efficient than squeezing smaller payments out of hundreds of individual victims. The SamSam ransomware variant, which has some worm-like behavior, has been seen attacking businesses specifically. A large-scale ransomware infection on a corporate network can have myriad consequences, but in a health-care organization it can have a variety of privacy and regulatory ramifications, too.
#1043 OWASP Application Security Verification Standard 3.0.1 (PDF)
The Application Security Verification Standard is a list of application security requirements or tests that can be used by architects, developers, testers, security professionals, and even consumers to define what a secure application is.
#1042 Dangerous keyboard app has more than 50 million downloads
The Flash Keyboard app has been downloaded more than 50 million times -- but is capable of some extremely dangerous behaviors.

"It looked like it was a convenient keyboard that had some nice features," said Bill Anderson, chief product officer at mobile security company OptioLabs. "The marketing copy in the app store looked great."

For a while, the app was in the top 20 downloads for the Google Play Store, he added.

"The problem was that it asked for just about every permission that an app could ask for," he said. "It was an especially long list. And surprisingly, most people said yes. But the permissions were so excessive that it turned this thing into a potentially marvelous way to hack phones."
#1041 Thirty percent of Android devices susceptible to 24 critical vulnerabilities
At Google I/O 2016, there was a lot of excitement about the pending release of the latest Android operating system Android N and its many features. Dave Burke, VP of Engineering (Android) at Google, announced that among those features would be automatic system updates.

With automatic updates, your phone will automatically download the newest software update available in the background and install it the next time you restart it. So automatic updates sound great, but you might be asking, what’s the big deal? In order to answer that question, let me provide a brief background on the history of updating when it comes to Android devices.
#1040 KSN Report: Mobile ransomware in 2014-2016
From April 2014 to March 2015, Kaspersky Lab security solutions for Android protected 35,413 users from mobile ransomware. A year later the number had increased almost four-fold to136,532 users. The share of users attacked with ransomware as a proportion of users attacked with any kind of malware also increased: from 2.04% in 2014-2015 to 4.63% in 2015-2016. The growth curve may be less that that seen for PC ransomware, but it is still significant enough to confirm a worrying trend.

The geography of mobile ransomware is quite similar to the one for PC ransomware, with a few notable differences. In 2014-2015 the percentage of mobile users attacked with ransomware was fairly low, much lower than that seen for PCs.
#1039 A massive financial crime and terrorism database has leaked
A database of heightened-risk individuals and organizations, some of which are thought to be involved in financial crime, corruption, and terrorism, has leaked.

The so-called World-Check Risk Screening database contains 2.2 million names of people and companies, according to Chris Vickery, a security researcher at MacKeeper, who said on a Reddit thread that he acquired the database.

The database dates back to mid-2014, and it contains names, dates, places of birth, and other sensitive information, which is collected from law enforcement records, political information, articles, blog posts, and social media, among other sources.
#1038 WiFi wave2 gets multi-gigabit, multi-user boost with upgrades to 802.11ac
The Wi-Fi Alliance industry group is now certifying products that can deliver multi-gigabit speeds and improve coverage in dense networks by delivering data to multiple devices simultaneously.

The new certification program, announced today, focuses on the so-called "Wave 2" features of the 802.11ac specification. 802.11ac is a few years old, but it includes several important features that were not available at launch. One such feature is MU-MIMO (multi-user, multiple-input, and multiple-output), which we wrote a feature on in May 2014. MU-MIMO is powered by multi-user beamforming technology that lets wireless access points send data streams to at least three users simultaneously. Without MU-MIMO, routers stream to just one device at a time but switch between them very fast so that users don't notice a slowdown except when lots of devices are on the network.
#1037 Google's 'FASTER' 9000km, 60Tbps transpacific fiber optics cable completed
After nearly two years of construction, Google along with a consortium of telecom providers announced the completion of the FASTER broadband cable system that links Japan and the United States. The cable system is the fastest of its kind and stretches nearly 9,000 km across the bottom of the Pacific Ocean.

At 60 Terabits per second, FASTER will help “support the expected four-fold increase in broadband traffic demand between Asia and North America.” The system uses a six-fiber pair cable and the latest 100Gbps digital coherent optical transmission technology.
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12