Security Alerts & News
by Tymoteusz A. Góral

History
#1329 Google hopes to sniff out OSX badware
Google's Macintosh Operations Team has quietly been working on a whitelisting application for OS X .

Code-named Santa, the software (currently described as pre-1.0) has an SQLite database holding a list of permitted and blocked applications; a userland daemon to check the database; a kernel extension to monitor for executions; as well as a GUI and an admin command line interface (CLI).

The Chocolate Factory has both individual and fleet users in mind, since Santa's designed to let a sysadmin centrally manage a single naughty-nice database.

To try and avoid an attacker substituting any of Santa's components, the three userland components (daemon, CLI and GUI) validate each other with XPC, checking that they're using identical signing certificates.
#1328 Unsecured DNSSEC easily weaponized, researchers warn
DNSSEC is not invincible. Researchers this week described how a DNSSEC-based flood attack could easily knock a website offline and allow for the insertion of malware or exfiltration of sensitive data.

The intent of Domain Name System Security Extensions, or DNSSEC, is to bolster DNS through a series of complex digital signatures. But if it is not secured properly it can fall victim to cache poisoning and malicious redirection attacks, experts warn.

Researchers at Neustar explained in a paper, “DNSSEC: How Savvy DDoS Attackers Are Using Our Defenses Against Us” on Tuesday how DNSSEC can be reflected and leveraged by “ANY” queries to carry out DDoS attacks. “ANY” queries are favored by hackers; responses to them are exponentially larger than a normal DNS reply, researchers claim.
#1327 Locky targets hospitals In massive save of ransomware attacks
A massive Locky ransomware campaign spotted this month targets primarily the healthcare sector and is delivered in phishing campaigns. The payload, researchers at FireEye said, is dropped via .DOCM attachments, which are macro-enabled Office 2007 Word documents.

Especially hard hit are hospitals in the United States followed by Japan, Korea and Thailand, according to research published Wednesday by FireEye.

Researcher Ronghwa Chong said this blitz of macro-based Locky ransomware is a new tactic for cybercriminals who in March primarily distributed Locky ransomware via spam campaigns with the payload delivered via JavaScript attachments.
#1326 Millions of Steam game keys stolen after hacker breaches gaming site
A little over nine million keys used to redeem and activate games on the Steam platform were stolen by a hacker who breached a gaming news site last month.

The site, DLH.net, provides news, reviews, cheat codes, and forums, was breached on July 31 by an unnamed hacker, whose name isn't known but was also responsible for the Dota 2 forum breach. The site also allows users to share redeemable game keys through its forums, which along with the main site has around 3.3 million unique registered users, according to breach notification site LeakedSource.com, which obtained a copy of the database.
#1325 "Smart" electrical socket leaks your email address, can launch DDoS attacks
According to security researchers from Bitdefender, there is an insecure IoT smart electrical socket on the market that leaks your Wi-Fi password, your email credentials (if configured), and is also poorly coded, allowing attackers to hijack the device and use it for DDoS attacks.

Bitdefender didn't reveal the device's manufacturer but said the company is working on a fix, which will release in late Q3 2016.
#1324 Malware infected all Eddie Bauer stores in US, Canada
Clothing store chain Eddie Bauer said today it has detected and removed malicious software from point-of-sale systems at all of its 350+ stores in North America, and that credit and debit cards used at those stores during the first six months of 2016 may have been compromised in the breach. The acknowledgement comes nearly six weeks after KrebsOnSecurity first notified the clothier about a possible intrusion at stores nationwide.
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12