Security Alerts & News
by Tymoteusz A. Góral

History
#1078 Encryption bypass vulnerability impacts half of Android devices
A flaw in chipmaker Qualcomm’s mobile processor, used in 60 percent of Android mobiles, allows attackers to crack full disk encryption on the device. Only 10 percent of Android devices running Qualcomm processors are not vulnerable to this type of attack.

Researchers at Duo Labs said the vulnerability is tied to Android’s problem-plagued mediaserver component coupled with a security hole in Qualcomm’s Secure Execution Environment (QSEE). Together, these vulnerabilities could allow someone with physical access to the phone to bypass the full disk encryption (FDE).

The vulnerability, discovered by Gal Beniamini last week, builds off of earlier research by Beniamini and Duo Labs published in May. That’s when both highlighted a previously unpatched vulnerability (CVE-2016-2431) in Google’s mediaserver component. Google has since patched that vulnerability, but a large percentage of Android phones have yet to receive that update.
#1077 TPLINK loses control of two device configuration domains
Security researcher Amitay Dan warns that tplinklogin.net, a domain through which TP-LINK router owners can configure their devices, is no longer owned by the company, and that this fact could be misused by malware peddlers.
#1076 MRI software bugs could upend years of research
A whole pile of “this is how your brain looks like” MRI-based science has been potentially invalidated because someone finally got around to checking the data.

The problem is simple: to get from a high-resolution magnetic resonance imaging scan of the brain to a scientific conclusion, the brain is divided into tiny “voxels”. Software, rather than humans, then scans the voxels looking for clusters.
#1075 Scope of ThinkPwn UEFI zero-day expands
A serious hardware vulnerability, thought to be confined to UEFI drivers in Lenovo and HP laptops, has also been found in firmware running on motherboards sold by Gigabyte.

The flaw was publicly disclosed last week by researcher Dmytro Oleksiuk. No patches are yet available.

Oleksiuk said the flaw, which he calls ThinkPwn, is in the SystemSmmRuntimeRt UEFI driver, which he found on firmware in Lenovo ThinkPad laptops.

“Vulnerability is present in all of the ThinkPad series laptops, the oldest one that I have checked is X220 and the newest one is T450s (with latest firmware versions available at this moment),” Oleksiuk wrote on a Github entry. Oleksiuk published proof-of-concept exploit code for the vulnerability last week along with his disclosure.
#1074 Android Nougat prevents ransomware from resetting device passwords
The upcoming Android version, known as Android Nougat, will introduce a condition so that the invocation of the resetPassword API can only be used to set the password and not to reset the password.

This development will be effective in ensuring that malware cannot reset the lockscreen password, as the change is strictly enforced and there is no backward compatibility escape route for the threat. Backward compatibility would have allowed malware to reset the lockscreen password even on newer Android versions. With this change, there is no way for the malware to reset the lockscreen password on Android Nougat.
#1073 This Android malware has infected 85 million devices and makes its creators $300,000 a month
A strain of of Android malware has infected 85 million victims across the globe, generating at least $300,000 every month for the gang behind it, thanks to millions of pop-up adverts and app downloads.

On top of that, experts have warned that the spread of the malicious HummingBad software could be used to do even worse damage by stealing victims' data.

The mobile malware has been analysed by security researchers at Check Point after it was found on Android devices belonging to two employees at "a large financial institution". In-depth findings on the malware are laid out in the company's 'From HummingBad to Worse' report. The gang behind the malware -- thought to be located in China -- are estimated to generate around $1m every quarter from fraudulent ad revenue and the installation of bogus apps.
#1072 Identity fraud up by 57% as thieves target social media
The number of victims of identity theft rose by 57% last year, figures from fraud prevention service Cifas suggest.

The data, taken from 261 companies in the UK, suggests fraudsters are increasingly getting people's personal information from social media sites.

Cifas said Facebook, Twitter and LinkedIn had become a "hunting ground" for identity thieves.

It said there were more than 148,000 victims in the UK in 2015 compared with 94,500 in 2014.

A small percentage of cases involved fictitious identities but most fraudsters assumed the identity of a real person after accessing their name, date of birth, address and bank details. More than 85% of the frauds were carried out online.
#1071 Tor Privacy settings coming to Firefox
Mozilla works on uplifting privacy settings of the Tor browser project to the Firefox web browser to provide privacy conscious users with additional privacy-related options.

While the Tor browser is based on Firefox ESR, it is modified with additional privacy and security settings to protect users of the browser while using the program.

Considering that Tor browser is used by some in critical situations, whistleblowing, publishing news or communication, it is only natural that a stronger focus on privacy and security is necessary.

Mozilla acknowledges these modifications, and plans to integrate some of them in Firefox natively. In fact, the company has already begun to integrate some in Firefox, and plans to integrate others in the future.
#1070 Satana ransomware – threat coming soon?
Petya ransomware is quickly becoming a household name and in typical cyber-criminal fashion, copycat families are starting to emerge.

In this post, we have the benefit of analyzing “malware-in-development” and can observe its growth over the coming weeks. The ransomware is called Satana (devil/satan in Italian) and similar to the Petya and Mischa bundle, Satana works in two modes.

The first mode behaves like Petya, a dropper (that is a typical PE file) writes to the beginning of the infected disk a low-level module which is a bootloader with a tiny custom kernel.

The second mode behaves like typical ransomware and encrypts files one by one (just like Mischa).

Contrary to the Petya and Mischa bundle, these modes are not used as alternatives, but are both utilized, one after the other, to infect the system.
#1069 Don’t pay the Ransom! AVG releases six free decryption tools to retrieve your files
AVG Virus Lab is dealing a blow to the bad guys. It is pleased to announce the release of six free decryption tools for recent ransomware strains. That means users can take back what’s theirs without paying a cent in ransom.
#1068 How to detect most malicious macros without an antivirus
mraptor is a simple tool designed to detect malicious VBA macros in MS Office files, based on characteristics of the VBA code. This article explains how it works, and how it can be used in practice.
#1067 MIT's Swarm chip architecture boosts multi-core CPUs
For nearly 10 years, computer processors have been getting faster by using multiple cores rather than raising their individual speeds. This measure makes our PCs and smartphones more power-efficient, but also makes it much trickier to write programs that take full advantage of their hardware. Swarm, a new chip design developed at MIT, could now come to the rescue and unleash the full power of parallel processing for up to 75-fold speedups, while requiring programmers to write a fraction of the code.

Developed by Prof. Daniel Sanchez and team, Swarm is a 64-core chip that includes specialized circuitry for both executing and prioritizing tasks in a simple and efficient manner, taking the onus off software developers.

Writing software for a multi-core chip is a lot like coordinating a complex team project: not all tasks can be delegated, and the ones that can must be carefully split among team members. With software, this sort of planning can be complicated, time-consuming, and add substantial overheads that end up slowing the software's execution. For this reason, parallel programming is usually convenient only for large tasks that number thousands of instructions.
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12