Security Alerts & News
by Tymoteusz A. Góral

History
#1057 Locky variant Zepto debuts with big spam push
Ransomware called Zepto is raising concerns with security experts because of its close ties to the more mature and prolific Locky ransomware. Zepto was spotted about a month ago, but a recent wave of spam containing Zepto-laced attachments detected on June 27 is heightening fears of widespread infections.

“We are watching Zepto very carefully. It’s closely tied to Locky, sharing many of the same attributes,” said Craig Williams, senior technical leader and global outreach manager at Cisco Talos. “There is still a lot to learn about Zepto. As far as we can tell, it’s either a new variant of Locky or an entirely new ransomware with many copycat Locky features,” he said.

Cisco Talos, which published its findings on Zepto Thursday, said 137,731 spam messages have been found this week that contain the Zepto ransomware malicious attachment. The Zepto name comes from the .zepto suffix used as the extension for encrypted files.
#1056 Siemens patches password reconstruction vulnerability in SICAM PAS
The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) cautioned users who work in electrical substations to update certain builds of energy automation software this week.

ICS-CERT claims two vulnerabilities exist in the Siemens SICAM Power Automation System, or PAS, that could enable an attacker to reconstruct passwords and obtain sensitive information under certain conditions.

Siemens, the German industrial automation technology company that manufactures the software, released an update to address the first vulnerability this week. Users are being encouraged to update to version 8.07 of SICAM PAS to mitigate that issue.
#1055 Mozilla releases first nightly build of Servo, its next-generation browser engine
As promised, Mozilla has released the first Nightly build of Servo, its new browser engine. This is the first tech demo of Servo, which Jack Moffitt, Servo project lead at Mozilla, described to us in March as “a next-generation browser engine focused on performance and robustness.”

Packages for macOS and Linux are available to download from here: Servo Developer Preview Downloads. Mozilla promises that Windows and Android packages will be available “soon.” And because this is Mozilla, you can check out all the code yourself over on GitHub.

To make the Servo engine easy to interact with, Mozilla has bundled an HTML-based browser UI. It is not yet fully web compatible, but when you first run Servo, you’ll see a new tab page showcasing tech demos and sites that Servo renders well.
#1054 You can now browse through 427 million stolen MySpace passwords
An anonymous hacker managed to obtain an enormous number of user credentials in June 2013 from fallen social networking giant MySpace — some 427 million passwords, belonging to approx. 360 million users. In May 2016, a person started selling that database of passwords on the dark web. Now, the entire database is available online for free.
#1053 The first big Internet of Things security breach is just around the corner
The only reason these flaws aren't being exploited right now is that hacker currently have little interest, even though these devices are "trivial" to attack, he said. But don't get too comfortable.

"Very soon, we're likely to see a big breach. It's quite probable that some really shiny, cool, new product is going to come along in the next year which will see massive adoption by consumers and enterprises. When that happens, I think attacker interest will rise," he continued, adding "the speed of that market means we're building up to that moment."

Lyne isn't the only one who believes a big IoT security breach is coming: cybersecurity expert Bruce Schneier also fears that one is coming sooner rather than later - and that connected cars could be a particularly dangerous target.

"When you start thinking about a car, you quickly realise the integrity and vulnerability threats are much worse than confidentiality threats and there's real risks to life and property here," he said, speaking at the recent InfoSecurity Europe conference in London.
#1052 Brazilians migrate from WhatsApp to Telegram, cybercriminals follow suit
Staple product offerings like online banking Trojans and tutorials for aspiring cybercriminals are still being peddled in the Brazilian underground market. While old crimeware remain the same, we observed that these young and brazen cybercriminals (two words that aptly describe the Brazilian cybercriminals of today), have switched communication platforms. After the temporary shutdown on WhatsApp last December, cybercriminals changed messaging tools to avoid unwanted attention from law enforcement agencies. Although this shift may be coincidental, the secure messaging features of Telegram, a cloud-based messenger similar to WhatsApp, may make it ripe for abuse.

Brazilian courts required WhatsApp to provide information in relation to criminal investigations at the end of 2015. A court order was issued to telecom providers to block access to WhatsApp, due to failure to abide, forcing users (including cybercriminals) to look for new means to communicate with others. Prior to enforcing the order, WhatsApp had 93 million users in Brazil. This has since dwindled when users moved to Telegram.
#1051 Massachusetts General Hospital confirms third-party breach
A breach at Massachusetts General Hospital has potentially compromised the information of roughly 4,300 dental patients, the hospital warned Wednesday.

MGH was quick to point out that the data leaked wasn’t stored or maintained on its systems but those of a third-party vendor that assists the hospital in managing dental patients at several practices, including the hospital.

The compromised database belongs to Patterson Dental Supply Inc., a medical supplies company headquartered in St. Paul, Minn. An unauthorized individual accessed electronic files, some which included data on MGH dental patients, on PDSI’s systems back in February, the statement reads.
#1050 Netherlands gets first nationwide 'Internet of Things'
Connecting everyday objects to networks, allowing them to send and receive data, is widely seen as the next major evolution of the Internet and one that may transform how many businesses operate and people live.

The rollout of a low data rate (LoRa) mobile communications network is critical to connect objects as many may not be able to link up with home or work Wi-Fi networks to gain Internet access.

"As from today the KPN LoRa network is available throughout The Netherlands," KPN said in a statement.

"This makes The Netherlands the first country in the world to have a nationwide LoRa network for Internet of Things (IoT) application."
#1049 LizardStresser IoT botnet part of 400Gbps DDoS attacks
LizardStresser, a distributed denial of service botnet, has found new life leveraging hundreds of internet-based webcams in attacks against Brazilian-based banks, government agencies as well as a handful of U.S.-based gaming companies.

Researchers at the Arbor’s Security Engineering and Response Team (ASERT) say publicly released source code of the LizardStresser botnet in 2015, by the Lizard Squad DDoS group, is behind the attacks. In a report released this week, ASERT says an unknown group of cybercriminals are running this latest iteration of the LizardStresser botnet via approximately 100 command-and-control servers, manipulating about 1,300 webcams and launching attacks as large as 400Gbps.

It’s unclear whose webcams are being hijacked in the attacks, but researchers say the cams that are part of this LizardStresser botnet are running either the x86, ARM or MIPS CPU architecture – all commonly used on embedded IoT devices.
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12