Security Alerts & News
by Tymoteusz A. Góral

#1166 Cisco patches serious flaws in router and conferencing server software
Cisco Systems released patches this week for several vulnerabilities in its IOS software for networking devices and the Cisco and WebEx conferencing servers.

The most serious vulnerability affects the Cisco IOS XR software for the Cisco Network Convergence System (NCS) 6000 Series Routers. It can lead to a denial-of-service condition, leaving affected devices in a nonoperational state.

Unauthenticated, remote attackers can exploit the vulnerability by initiating a number of management connections to an affected device over the Secure Shell (SSH), Secure Copy Protocol (SCP) or Secure FTP (SFTP).
#1165 Cerber: A case in point of ransomware leveraging cloud platforms
As cloud services become increasingly adopted by end users, cybercriminals are equally finding ways to abuse them, using them as vectors to host and deliver malware. Conversely, by targeting cloud-based productivity platforms utilized by many enterprises, the malefactors are hoping to victimize users who handle sensitive corporate data that when denied access to can mean serious repercussions for their business operations.

A case in point: the Cerber ransomware. Its latest variant—detected by Trend Micro as RANSOM_CERBER.CAD—was found to have targeted Office 365 users, particularly home users and businesses.
#1164 Pokémon GO hype: First lockscreen tries to catch the trend
ESET has discovered the first ever fake lockscreen app on Google Play, named Pokemon GO Ultimate. As its characteristics suggest, it deliberately locks the screen right after the app is started, forcing the user to restart the device. Unfortunately, in many cases a reboot is not available because the activity of the malicious app overlays all the other apps as well as system windows. The user needs to restart the device either by pulling out the battery or using Android Device Manager. After reboot, it runs in the background hidden from the victim, silently clicking on porn ads online.
#1163 Malicious macros arrive in phishing emails, steal banking information
In 2015, we saw malicious Microsoft Office macros return with a vengeance, delivering a plethora of threats ranging from ransomware to banking Trojans. Now, we’ve found cybercriminals incorporating macros into phishing attacks to steal your information through email. The campaign delivered several thousand German-language phishing emails with Excel attachments containing the macros.
#1162 This webcam malware could blackmail you into leaking company secrets
Attackers are using a new piece of malware to gather private moments of employees in order to manipulate them into leaking company secrets.

According to Gartner fraud analyst Avivah Litan, the malware, which is dubbed "Delilah", has earned the title of the world's first insider threat trojan since it allows its operators to capture sensitive and compromising footage of victims, which can then be used to extort the victim or convince them to carry out actions that would harm their employer.

Details of Delilah were shared with Litan by Israeli threat-intelligence security firm Diskin Advanced Technologies. The firm reported that the malware is being delivered via multiple popular adult and gaming sites. It's not clear from Litan's report whether the attackers are using social engineering or software vulnerabilities to install the malware.

"The bot comes with a social engineering plug in that connects to webcam operations so that the victim can be filmed without his or her knowledge," noted Litan.
#1161 Most companies still can't spot incoming cyberattacks
Four out of five businesses lack the required infrastructure or security professionals with relevant skills to spot and defend against incoming cyberattacks.

According to a new report by US cybersecurity and privacy think tank Ponemon Institute, 79 percent of cybersecurity professionals say that their organisations are struggling to monitor the internet for the external threats posed by hackers and cybercriminals.

Just 17 percent of respondents say that they have any sort of formal process in place for intelligence gathering which is applied across the whole company.

The report suggests that 38 percent of organisations don't have any policy on threat intelligence gathering at all, while 23 percent suggest their approach is "ad hoc"at best and 18 percent say they do have a formal process in place, but it isn't applied across the entire enterprise.

The Ponemon Institute claimed that businesses are on average experiencing more than one external cyberattack a month, with these repeated security breaches resulting in an annual average cost of around $3.5m.
#1160 How to steal money from Instagram, Google and Microsoft
Some account options deployed by Instagram, Google and Microsoft can be misused to steal money from the companies by making them place phone calls to premium rate numbers, security researcher Arne Swinnen has demonstrated.

Swinnen has taken advantage of Instagram‘s option to link a mobile phone number to an account in order to earn money. After several unsuccessful SMS requests from Instagram to verify the link by using a token, the service will place a call that lasts some 17 seconds to the number.

Instagram didn’t notice the real nature of the provided number, nor did it notice when the same number was provided/tied with 100 Instagram accounts. The service did limit how often the call could be replayed (once every 30 seconds), but they could be easily scheduled to happen with such a pause in between.
#1159 Two million passwords breached in Ubuntu hack
Linux users who frequent the Ubuntu forums may want to change their passwords following news that an attacker was able to breach the service and its two million users.

Jane Silber, Chief Executive Officer at Canonical,the company that maintains the service, acknowledged on Friday that a known SQL injection vulnerability in Forumrunner, an add-on in the Ubuntu forums that hadn’t been patched, led to the attack.
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12