Security Alerts & News
by Tymoteusz A. Góral

#1156 Ubuntu linux forums hacked - IP address, username and email of 2M accounts compromised
There is a common misconception that all things Linux are bulletproof. The fact is, no software is infallible. When news of a Linux vulnerability hits, some Windows and Mac fans like to taunt users of the open source kernel. Sure, it might be in good fun, but it can negatively impact the Linux community's reputation -- a blemish, if you will.

Today, Canonical announces that the Ubuntu forums have been hacked. Keep in mind, this does not mean that the operating system has experienced a vulnerability or weakness. The only thing affected are the online forums that people use to discuss the OS. Still, such a hack is embarrassing, as it was caused by Canonical's failure to install a patch.

"There has been a security breach on the Ubuntu Forums site. We take information security and user privacy very seriously, follow a strict set of security practices and this incident has triggered a thorough investigation. Corrective action has been taken, and full service of the Forums has been restored. In the interest of transparency, we’d like to share the details of the breach and what steps have been taken. We apologize for the breach and ensuing inconvenience", says Jane Silber, Chief Executive Officer, Canonical Ltd.
#1155 Now ransomware is taking aim at business networks
Crypto-ransomware is becoming an increasing problem for businesses as cybercriminals are turning their attention to using these attacks to target corporate networks.

Cybercriminals are aware that this method of attack is working and are increasingly deploying it: according to a new Kaspersky Labs report on ransomware, the number of corporate users attacked with crypto-ransomware has increased by over six times with 718,000 victims in the last year compared to 131,000 during the previous 12 months.

Previously, ransomware attacks had largely ignored corporate networks, with hackers instead choosing to target home users. While home users still make up the vast majority of crypto-ransomware victims, corporate users now account for over one in ten infected.

Almost exactly half of crypto-ransomware attacks carried out between 2015 and 2016 used Teslacrypt ransomware - although the trojan is no more after it's masterkey was released to the public in May. Nonetheless, prior to that point it had infected users, encrypted their files and demanded a ransom in Bitcoin in order to release.
#1154 Juniper patches high-risk flaws in Junos OS
Juniper Networks has fixed several vulnerabilities in the Junos operating system used on its networking and security appliances, including a flaw that could allow hackers to gain administrative access to affected devices.

The most serious vulnerability, rated 9.8 out of 10 in the Common Vulnerability Scoring System, is located in the J-Web interface, which allows administrators to monitor, configure, troubleshoot and manage routers running Junos OS. The issue is an information leak that could allow unauthenticated users to gain admin privileges to the device.

The flaw was fixed in Junos OS 12.1X46-D45, 12.1X46-D46, 12.1X46-D51, 12.1X47-D35, 12.3R12, 12.3X48-D25, 13.3R10, 13.3R9-S1, 14.1R7, 14.1X53-D35, 14.2R6, 15.1A2, 15.1F4, 15.1X49-D30 and 15.1R3. A temporary workaround is to disable J-Web or to limit which IP addresses can access the interface.
#1153 Exploit kits quickly adopt exploit thanks to open source release
A security researcher recently published source code for a working exploit for CVE-2016-0189 and the Neutrino Exploit Kit (EK) quickly adopted it.

CVE-2016-0189 was originally exploited as a zero-day vulnerability in targeted attacks in Asia. The vulnerability resides within scripting engines in Microsoft’s Internet Explorer (IE) browser, and is exploited to achieve Remote Code Execution (RCE). According to the researcher’s repository, the open source exploit affects IE on at least Windows 10. It is possible that attackers could use or repurpose the attack for earlier versions of Windows.

Microsoft patched CVE-2016-0189 in May on Patch Tuesday. Applying this patch will protect a system from this exploit.
#1152 Crypto flaw made it easy for attackers to snoop on Juniper customers
As if people didn't already have cause to distrust the security of Juniper products, the networking gear maker just disclosed a vulnerability that allowed attackers to eavesdrop on sensitive communications traveling through customers' virtual private networks.

In an advisory posted Wednesday, Juniper officials said they just fixed a bug in the company's Junos operating system that allowed adversaries to masquerade as trusted parties. The impersonation could be carried out by presenting a forged cryptographic certificate that was signed by the attacker rather than by a trusted certificate authority that normally vets the identity of the credential holder.

"When a peer device presents a self-signed certificate as its end entity certificate with its issuer name matching one of the valid CA certificates enrolled in Junos, the peer certificate validation is skipped and the peer certificate is treated as valid," Wednesday's advisory stated. "This may allow an attacker to generate a specially crafted self-signed certificate and bypass certificate validation."
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12