Security Alerts & News
by Tymoteusz A. Góral

#1191 IoT insecurity: Pinpointing the problems
It’s a coin toss whether or not that Internet of Things device you depend on is secure. Those unacceptable 50/50 odds come from a survey by IOActive where technology professionals were asked about the security of connected devices from thermostats, security cameras to alarm systems.

Those numbers may be hard to swallow, but recent headlines concerning connected devices, sensors and controls – ranging from SCADA, IoT and M2M – suggests that what might seem like chicken-little opinions about IoT security may not be too far from the reality.

A study by HP’s security unit Fortify found that 70 percent of popular consumer IoT devices are easily hackable. When Kaspersky Lab examined industrial controls systems exposed to the Shodan search engine it found seven percent of 172,982 ICS components vulnerable to attack had “critical” issues.
#1190 Nearly six million fraud and cyber crimes last year, ONS says
Almost six million fraud and cyber crimes were committed last year in England and Wales, the Office for National Statistics has said.

It estimated there were two million computer misuse offences and 3.8 million fraud offences in the 12 months to the end of March - suggesting fraud is the most common type of crime.

Most related to bank account fraud.

It is the first time fraud questions have been added to the official Crime Survey for England and Wales.

The figures are separate from the ONS headline estimate that a total of 6.3 million crimes were perpetrated against adults in the year to March - a 6% fall in the number of crimes compared to the previous year.
#1189 Tinder safe dating spam uses safety to scam users out of money
In recent weeks, we have noticed spam activity on Tinder claiming to promote safety in online dating in messages to users. This is used as a lure to funnel affiliate money into the scammers’ pockets.

It’s the latest spam trend to hit the mobile dating app. Since 2013, we have published a few blogs detailing the rise of spam bots on the popular mobile dating application, Tinder. While Tinder has changed its service recently with the introduction of a premium offering, the app remains a popular destination for spammers.
#1188 Jackware: When connected cars meet ransomware
2016 is already being dubbed “The Year of Ransomware” and ransomware features prominently in my upcoming “Mid-Year Threat Review” webinar. In that webinar I will also be talking about the IoT (Internet of Things) and more specifically the IoIT (the Internet of Insecure Things); mainly because risks arising from the latter are on the rise. Don’t get me wrong, I’m not saying that the IoIT currently poses as big a threat as ransomware does. But part of my job is to look beyond the present – and I’m concerned that a future headline will read: “The Year of Jackware.”

I define jackware as malicious software that seeks to take control of a device, the primary purpose of which is not data processing or digital communications. A car would be such a device. A lot of cars today do perform a lot of data processing and communicating, but their primary purpose is to get you from A to B. So think of jackware as a specialized form of ransomware. With regular ransomware, such as Locky and CryptoLocker, the malicious code encrypts documents on your computer and demands a ransom to unlock them. The goal of jackware is to lock up a car or other device until you pay up.
#1187 Hidden 'backdoor' in Dell security software gives hackers full access
Security researchers are warning Dell security management software admins to patch their systems after finding six high-risk vulnerabilities.

One of the highest-rated "critical" flaws involves a hidden default account with an easily-guessable password in Dell's Sonicwall Global Management System (GMS), a widely-used software used to centrally monitor and manage an enterprise's array of networked security devices.

The vulnerability could allow an attacker "full control" of the software and all connected appliances, such as virtual private networking (VPN) appliances and firewalls.
#1186 CrypMIC ransomware wants to follow CryptXXX’s footsteps
They say imitation is the sincerest form of flattery. Take the case of CrypMIC—detected by Trend Micro as RANSOM_CRYPMIC—a new ransomware family that mimics CryptXXX in terms of entry point, ransom notes and payment site UIs. CrypMIC’s perpetrators are possibly looking for a quick buck owing to the recent success of CryptXXX.

CrypMIC and CryptXXX share many similarities; both are spread by the Neutrino Exploit Kit and use the same format for sub-versionID/botID (U[6digits] / UXXXXXX]) and export function name (MS1, MS2). Both threats also employed a custom protocol via TCP Port 443 to communicate with their command-and-control (C&C) servers.
#1185 Update now: Macs and iPhones have a Stagefright-style bug!
Stagefright was one of 2015’s most newsworthy BWAINs (Bugs with an Impressive Name): a security hole, or more accurately a cluster of holes, in Android’s libstagefright multimedia software component.

Multimedia objects such as images, video and audio are often stored in files with complex formats.

That, in turn, means lots of clever programming to read them in, decode them, decompress them into memory and prepare them for display.

And, as you probably know only too well, the more complex a program gets; the more calculations it needs to do based on numbers extracted from untrusted files; the more it needs to mess around allocating and deallocating memory and shuffling data between memory buffers…

…the more likely it is that some sort of buffer overflow or integer overflow bug will show up.
#1184 Facebook malware – the missing piece
In our last blogpost, Facebook malware: tag me if you can, we revealed a phishing campaign led by Turkish-speaking threat actors who exploited social networks to spread a Trojan that compromises the victim’s machine and captures its entire browser traffic. The report did not address the issue of lateral movement because Kaspersky Lab researchers were still investigating it.

After two weeks of research, Kaspersky Lab researcher Ido Naor, and Dani Goland, the CEO & co-founder of Israel-based company Undot, managed to extract the proverbial needle from a haystack: a Facebook vulnerability that allowed an attacker to replace the comment identifier parameter attached to each web/mobile Facebook comment with an identifier that was reserved for embedded plugins usually located on third-party websites (where they allowed visitors to comment with their Facebook identity).
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12