Security Alerts & News
by Tymoteusz A. Góral

#1370 Experts challenge Skyhigh's patent for cloud-based encryption gateway
Skyhigh Networks, Inc., announced today that it has received a patent for using a hosted gateway to encrypt and decrypt data moving between users and cloud services such as Office 365, but some experts say that the technology is neither new nor unique.
#1369 New open source ransomware based on hidden tear and EDA2 may target businesses
In a span of one to two weeks, three new open source ransomware strains have emerged, which are based on Hidden Tear and EDA2. These new ransomware families specifically look for files related to web servers and databases, which could suggest that they are targeting businesses.

Both Hidden Tear and EDA2 are considered as the first open source ransomware created for educational purposes. However, these were quickly abused by cybercriminals. RANSOM_CRYPTEAR.B is one of the many Hidden Tear spinoffs that infect systems when users access a hacked website from Paraguay. Magic ransomware (detected as RANSOM_MEMEKAP.A), based on EDA2, came soon after CRYPTEAR.B’s discovery.

One factor that contributed to the proliferation of this ransomware type is the ease and convenience it offers to cybercriminals—they don’t have to be technically skilled to build their own ransomware from scratch. Before the source codes of Hidden Tear and EDA2 were taken down, these were publicly available and cybercriminals only had to modify the code based on their needs.
#1368 Sony finally enables 2FA for PlayStation Network users
Years after a catastrophic data breach brought Sony's PlayStation Network to its knees, the company has finally implemented two-factor authentication to limit the risk of such a disaster happening again.

PlayStation and PSP owners who have signed up to the network can now enable two-factor authentication on their accounts. Two-factor authentication (2FA) goes beyond the traditional password and permits users to connect their accounts to mobile devices -- and when they wish to access their account, a code is sent to their smartphone or tablet which must also be submitted.

While this extra step is voluntary, 2FA does make compromising accounts more difficult as cyberattackers would also need to compromise your mobile device or be able to capture these codes, which means brute-force attacking user and password credentials would not be enough on its own.
#1367 NSO group’s iPhone zero-days used against a UAE human rights defender
Ahmed Mansoor is an internationally recognized human rights defender, based in the United Arab Emirates (UAE), and recipient of the Martin Ennals Award (sometimes referred to as a “Nobel Prize for human rights”). On August 10 and 11, 2016, Mansoor received SMS text messages on his iPhone promising “new secrets” about detainees tortured in UAE jails if he clicked on an included link. Instead of clicking, Mansoor sent the messages to Citizen Lab researchers. We recognized the links as belonging to an exploit infrastructure connected to NSO Group, an Israel-based “cyber war” company that sells Pegasus, a government-exclusive “lawful intercept” spyware product. NSO Group is reportedly owned by an American venture capital firm, Francisco Partners Management.

The ensuing investigation, a collaboration between researchers from Citizen Lab and from Lookout Security, determined that the links led to a chain of zero-day exploits (“zero-days”) that would have remotely jailbroken Mansoor’s stock iPhone 6 and installed sophisticated spyware. We are calling this exploit chain Trident. Once infected, Mansoor’s phone would have become a digital spy in his pocket, capable of employing his iPhone’s camera and microphone to snoop on activity in the vicinity of the device, recording his WhatsApp and Viber calls, logging messages sent in mobile chat apps, and tracking his movements.
#1366 VMware patches flaws in identity and cloud products
VMware this week patched a single vulnerability that pops up in two of its products that allows an attacker to elevate privileges on a compromised machine.

The virtualization company patched CVE-2016-5335 in its Identity Manager and vRealize Automation software.

“Exploitation of this issue may lead to an attacker with access to a low-privileged account to escalate their privileges to that of root,” VMware said in advisory VMSA-2016-0013.
#1365 Keystroke recognition uses WiFi signals to snoop
A group of academic researchers have figured out how to use off-the-shelf computer equipment and a standard Wi-Fi connection to sniff out keystrokes coming from someone typing on a keyboard nearby. The keystroke recognition technology, called WiKey, isn’t perfect, but is impressive with a reported 97.5 percent accuracy under a controlled environment.

WiKey is similar to other types of motion and gesture detection technologies such as Intel’s RealSense. But what makes WiKey unique is that instead of recognizing hand gestures and body movement, it can pick up micro-movements as small as keystrokes.
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12