Security Alerts & News
by Tymoteusz A. Góral

History
#1174 Apple fixes vulnerabilities across OSX, iOS, Safari
Apple fixed dozens of vulnerabilities in its software on Monday, including 60 vulnerabilities in its operating system, OS X, and 43 in its mobile operating system, iOS.

The OS X update graduates the desktop and server operating system to OS X El Capitan v10.11.6 and applies to anyone running OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, or OS X El Capitan v10.11.

The updates mostly fix a number of glitches and bugs under the hood of the OS. As usual, the bulk of them apply to software libraries like OpenSSL, LibreSSL, and libxml2. Apple updated each library to their most recent versions to mitigate the issues.

Meanwhile 21 of the vulnerabilities could lead to arbitrary code execution, six with kernel privileges, and two that could go on and lead to the compromise of user information.
#1173 REPORT: Organizations must respond to increasing threat of ransomware
It’s a nightmare scenario for any IT manager, receiving a phone call to hear that hundreds of computers have been infected with ransomware, knocking critical systems offline and putting their organization’s entire operations at risk.

That’s what happened to one large organization earlier this year, when it found itself the victim of a carefully planned and executed ransomware attack. What was uncovered from our investigation was a perfect example of an emerging form of corporate-specific attack. While most ransomware gangs have focused on widespread, indiscriminate campaigns, a number of groups have begun deliberately targeting specific organizations in a bid to completely cripple operations and extract a massive ransom.

Many of these attacks employ the same high level of expertise we see in cyberespionage attacks, using a toolbox that includes exploits of software vulnerabilities and legitimate software utilities to break into and traverse an organization’s network.
#1172 Google Chrome malware leads to sketchy Facebook likes
Ever wonder how your mild-mannered friend’s Facebook feed suddenly got packed with lewd clickbait? That’s the question Maxime Kjaer was determined to answer when he noticed a friend’s Facebook feed peppered with Likes for sketchy link bait such as “Basic Kissing Tips”.

“Intrigued, I decided to go down the rabbit hole and see what this was all about,” wrote Kjaer, a 19-year-old computer science student at Swiss Federal Institute of Technology in Switzerland, in a blog post Monday.

What he found was what he called a “glaring security hole” in the Google Chrome Webstore that allowed malware authors to infect Chrome browsers via a bogus age verification extension.
#1171 Nominations for Pwnie Awards 2016
Awarded to the researchers who discovered or exploited the most technically sophisticated and interesting server-side bug. This includes any software that is accessible remotely without using user interaction.
#1170 Use Tor? Riffle promises to protect your privacy even better
Privacy-minded people have long relied on Tor for anonymity online, but a new system from MIT promises better protection and faster performance.

Dubbed Riffle, the new system taps the same onion encryption technique after which Tor is named, but it adds two others as well. First is what's called a mixnet, a series of servers that each permute the order in which messages are received before passing them on to the next server.

If messages arrive at the first server in the order A, B, C, for example, that server would send them to the second server in a different order, such as C, B, A. The second server would them reshuffle things again when sending the messages on. The advantage there is that a would-be attacker who had tracked the messages’ points of origin would have no idea which was which by the time they exited the last server.
#1169 CGI script vulnerability ‘Httpoxy’ allows man-in-the-middle attacks
An old scripting vulnerability that impacts a large number of Linux distributions and programing languages allows for man-in-the-middle attacks that could compromise web servers. The vulnerability, which affects many PHP and CGI web-apps, was revealed Monday in tandem with the release of a bevy patches from impacted companies and platforms.

Researchers at SaaS distributor VendHQ named the vulnerability Httpoxy. It affects server-side web applications that run in Common Gateway Interface (CGI) or CGI-like environments, such as some FastCGI configurations, along with programing languages PHP, Python, and Go.

“This is a very serious flaw, if you’re one of the few still reliant on CGI and PHP for generating web pages,” said Dominic Scheirlinck, principal engineer VendHQ, and one of several researchers from the firm that discovered Httpoxy. The vulnerability is rated as “medium” by the firm and is easily exploitable.
#1168 Criminals plant banking malware where victims least expect it
A criminal gang recently found an effective way to spread malware that drains online bank accounts. According to a blog post published Monday, they bundled the malicious executable inside a file that installed a legitimate administrative tool available for download.

The legitimate tool is known as Ammyy Admin and is used to provide remote access to a computer so someone can work on it even when they don't have physical access to it. According to Monday's blog post, members of a criminal enterprise known as Lurk somehow managed to tamper with the Ammyy installer so that it surreptitiously installed a malicious spyware program in addition to the legitimate admin tool people expected. To increase their chances of success, the criminals modified the PHP script running on the Ammyy Web server, suggesting they had control over the website.
#1167 Carbanak gang tied to Russian security firm?
Among the more plunderous cybercrime gangs is a group known as “Carbanak,” Eastern European hackers blamed for stealing more than a billion dollars from banks. Today we’ll examine some compelling clues that point to a connection between the Carbanak gang’s staging grounds and a Russian security firm that claims to work with some of the world’s largest brands in cybersecurity.

The Carbanak gang derives its name from the banking malware used in countless high-dollar cyberheists. The gang is perhaps best known for hacking directly into bank networks using poisoned Microsoft Office files, and then using that access to force bank ATMs into dispensing cash. Russian security firm Kaspersky Lab estimates that the Carbanak Gang has likely stolen upwards of USD $1 billion — but mostly from Russian banks.
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12