Security Alerts & News
by Tymoteusz A. Góral

History
#1358 Opera brings its free VPN service to Android
Earlier this year, Opera launched its free and unlimited VPN service for iOS; today it is bringing the same functionality to Android. Like the iOS version, the Android app is based on Opera’s acquisition of SurfEasy in 2015 and allows you to surf safely when you are on a public network.

While Opera’s marketing mostly focuses on safety, Opera VPN also allows you to appear as if you are in the U.S., Canada, Germany, Singapore and The Netherlands, so it’s also a way to route around certain geo-restrictions without having to opt for a paid service.

In addition to its VPN features, the service also allows you to block ad trackers. Somewhat ironically, though, the app itself will show you some pretty unintrusive ads.

“The Opera VPN app for Android sets itself apart from other VPNs by offering a completely free service­ without a data limit, no log­in required, advanced Wi­Fi protection features and no need for a subscription,” says Chris Houston, the president of Opera’s SurfEasy VPN division, in today’s announcement.
#1357 New collision attacks against 3DES, Blowfish allow for cookie decryption
RC4 apparently is no longer the lone pariah among smaller cryptographic ciphers. Already broken and set for deprecation by the major browser and technology makers, RC4 could shortly have company in Triple-DES (3DES) and Blowfish.

Researchers are set to present new attacks against 64-bit ciphers that allow for the recovery of authentication cookies from 3DES-protected traffic in HTTPS and the recovery of usernames and passwords from OpenVPN traffic, which is secured by default by Blowfish.
#1356 Wildfire ransomware code cracked: Victims can now unlock encrypted files for free
Victims of the Wildfire ransomware can get their encrypted files back without paying hackers for the privilege, after the No More Ransom initiative released a free decryption tool.

No More Ransom runs a web portal that provides keys for unlocking files encrypted by various strains of ransomware, including Shade, Coinvault, Rannoh, Rakhn and, most recently, Wildfire.

Aimed at helping ransomware victims retrieve their data, No More Ransom is a collaborative project between Europol, the Dutch National Police, Intel Security, and Kaspersky Lab.
#1355 How good is Tibet's Beijing-backed search engine?
A Tibetan search engine, backed by the Chinese authorities, has been launched.

Yongzim claims to be better at handling complex searches involving several words in the language than any alternative.

But a spokesman for the government in exile, the Central Tibetan Administration, told the BBC it viewed it as a "platform to promote propaganda to legitimise the illegal occupation of Tibet."

Tibet is governed as an autonomous region of China. Beijing claims a centuries-old sovereignty over the Himalayan region, yet the allegiances of many Tibetans lie with the exiled spiritual leader, the Dalai Lama, seen by China as a separatist threat.

Exile groups and non-governmental organisations (NGOs) around the world accuse Beijing of suppressing the region's culture and tradition with the Tibetan language being a big part of it.
#1354 2015–16 annual DDoS threat landscape report
From April 1, 2015, through March 31, 2016, Imperva Incapsula mitigated an average of 445 attacks per week targeting its customers. As evidenced by the graph below (figure 1), over that period the number of both network and application layer attacks doubled during the year.

Application layer assaults accounted for the majority (60 percent). But looking closer, their relative number has been trending downward—dropping by more than five percent year over year. If this continues, network layer attacks could be as commonplace as their application layer counterparts by 2018.
#1353 Juniper confirms leaked NSA exploits affect its firewalls
Juniper has confirmed that an initial analysis of malware linked to the National Security Agency appears to affect its firewalls.

But the company said it would not release a security advisory or patches until it knew exactly what it was dealing with.

A group calling itself the Shadow Brokers claimed to have stolen a set of hacking tools from a group dubbed the Equation Group. The Shadow Brokers described the tools as "cyber weapons" used to attack targets running vulnerable networking hardware, allowing its operators to conduct surveillance.
#1352 Has your internet provider been compromised? Malicious insiders are helping cybercriminals hack telecoms firms
Be they disaffected insiders or victims of blackmail, staff at telecommunications firms are providing cybercriminals with the information required to carry out cyberattacks against their employers.

With the sector a top target for hackers -- as demonstrated by last year's TalkTalk hack -- Kapersky Lab's Threat Intelligence Report for the Telecommunications Industry warns telecoms providers that they need to do more to protect themselves from cyber threats, from both outside and inside their networks.

According to the report, 28 percent of all cyberattacks and 38 percent of all targeted attacks involve malicious activity by company insiders -- although not everyone involved in passing corporate credentials and other inside information to hackers are willing participants in the criminal schemes.
#1351 Android Nougat winners and losers: Will your phone get an upgrade to Google's latest OS?
The days of the Nexus 5 and 2013 Nexus 7 receiving the latest version of Android are officially over with the release of Android 7.0 Nougat.

Android 7.0 will be rolling out over the next few weeks to the Nexus 6, Nexus 5X, Nexus 6P, Nexus 9, Nexus Player, Pixel C, and General Mobile 4G (Android One). The LG-made Nexus 5, which launched with Android 5.0 Lollipop in late 2013, and the Asus-made 2013 Nexus 7, which launched with Android 4.3 Jelly Bean in July 2013, will be parked for good at Android 6.0 Marshmallow.
#1350 Timing of browser-based security alerts could be better
Multitasking may be the way of the connected world, but as it turns out, it’s not conducive to secure behavior online.

Academics from Brigham Young University and the University of Pittsburgh came to that conclusion after using functional magnetic resonance imaging (fMRI) to study how the brain reacts to dealing with more than one task simultaneously. The experiments were conducted under the context of browser-based security alerts and determined that poorly timed popup alerts are largely ignored.
#1349 GozNym banking trojan targeting German banks
GozNym’s Euro trip rolls on. Fresh from targeting banks in Poland, the banking Trojan has reportedly begun taking aim at banks in Germany.

For many, August marks the long, dog days of summer but developers behind GozNym appear to be working hard. According to numbers published by IBM’s X-Force team this week, researchers have seen a 3,550 percent hike in the Trojan this month over numbers it saw in July. The surge marks a 526 percent rise when compared to the total number of attacks since the Trojan’s iteration.
#1348 NSA-linked Cisco exploit poses bigger threat than previously thought
Recently released code that exploits Cisco System firewalls and has been linked to the National Security Agency can work against a much larger number of models than many security experts previously thought.

An exploit dubbed ExtraBacon contains code that prevents it from working on newer versions of Cisco Adaptive Security Appliance (ASA), a line of firewalls that's widely used by corporations, government agencies, and other large organizations. When the exploit encounters 8.4(5) or newer versions of ASA, it returns an error message that prevents it from working. Now researchers say that with a nominal amount of work, they were able to modify ExtraBacon to make it work on a much newer version. While Cisco has said all versions of ASA are affected by the underlying vulnerability in the Simple Network Messaging Protocol, the finding means that ExtraBacon poses a bigger threat than many security experts may have believed.
#1347 Wildfire, the ransomware threat that takes Holland and Belgium hostage
Wildfire spreads through well-crafted spam e-mails. A typical spam e-mail mentions that a transport company failed to deliver a package. In order to schedule a new delivery the receiver is asked to make a new appointment, for which a form has to be filled in, which has to be downloaded from the website of the transport company.

Three things stand out here. First, the attackers registered a Dutch domain name, something we do not see very often. Second, the e-mail is written in flawless Dutch. And thirdly, they actually put the address of the targeted company in the e-mail. This is something we do not see very often and makes it for the average user difficult to see that this is not a benign e-mail.
#1346 Massive data leak hits French submarine company
French shipbuilder DCNS has been hit by a massive data leak affecting a major submarine contract for the Indian navy.

The leak of more than 22,000 pages exposes detailed information about the combat capability of the Scorpene class vessels.

It is not clear who first obtained the confidential documents, which were made public by the Australian media.

Earlier this year DCNS won Australia's largest-ever defence contract to build a fleet of advanced submarines.

Details about the Shortfin Barracuda submarine class that will be built for Australia were not contained in the leak.
#1345 University hit 21 times in one year by ransomware
Universities and NHS trusts in England have been hit hard by ransomware in the last year, according to Freedom of Information requests carried out by two cybersecurity firms.

Bournemouth University, which boasts a cybersecurity centre, has been hit 21 times in the last 12 months.

Twenty-eight NHS Trusts said they had been affected.

Ransomware is a form of computer malware which encrypts files and then demands a ransom for their release.

It can travel via email or hide in downloadable files and programmes from corrupted sites and applications, and the ransom is usually payable in bitcoins.

Cybersecurity firm SentinelOne contacted 71 UK universities. Of the 58 which replied, 23 said they had been attacked in the last year.
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12