Security Alerts & News
by Tymoteusz A. Góral

#1380 Pacemaker hacking fears rise with critical research report
Pacemakers, defibrillators and other medical devices made by a leading medical equipment maker are vulnerable to potentially “catastrophic” cyberattacks. With relatively little effort tens of thousands of cardiac devices made by St. Jude Medical are vulnerable to attack, according a report released by private equity firm Muddy Waters Capital with help from medical researchers at MedSec.

The report claims major cybersecurity flaws are riddled throughout St. Jude Medical device portfolio and are tied to the company’s Merlin@home home monitoring units that “greatly open up the STJ ecosystem to attacks,” according to the report (PDF) released Thursday.

“These units (Merlin@home) are readily available on Ebay, usually for no more than $35. Merlin@homes generally lack even the most basic forms of security, and as this report shows, can be exploited at every level of the technology stack of St. Jude’s Cardiac Devices,” authors of the report wrote.
#1379 Trident: Trio of iOS zero-days being exploited in the wild
Three zero-day vulnerabilities in Apple’s iOS mobile operating system are being exploited in the wild in targeted attacks. The vulnerabilities, collectively dubbed “Trident”, can be exploited by attackers to remotely jailbreak Apple iOS devices and install malware.
#1378 Inside ‘The attack that almost broke the internet’
In March 2013, a coalition of spammers and spam-friendly hosting firms pooled their resources to launch what would become the largest distributed denial-of-service (DDoS) attack the Internet had ever witnessed. The assault briefly knocked offline the world’s largest anti-spam organization, and caused a great deal of collateral damage to innocent bystanders in the process. Here’s a never-before-seen look at how that attack unfolded, and a rare glimpse into the shadowy cybercrime forces that orchestrated it.

The following are excerpts taken verbatim from a series of Skype and IRC chat room logs generated by a group of “bullet-proof cybercrime hosts” — so called because they specialized in providing online hosting to a variety of clientele involved in spammy and scammy activities.
#1377 Japan to train personnel to counter cyberattacks on infrastructure
The Japanese government will set up an institute during the next fiscal year to train specialists to counter cyberattacks on electricity distribution and other important infrastructure systems.

Prime Minister Shinzo Abe’s government plans to allocate funds for the program in an extra budget soon to be compiled as it seeks to prevent a large-scale blackout during the Tokyo Olympics and Paralympics in 2020 or leaks of sensitive information on power plant designs, a government source said.
#1376 EU copyright reform proposes search engines pay for snippets
The European Commission is currently working on major updates to existing copyright legislation, to reform copyright law to reflect digital content. One feature of this reform would allow media outlets to request payment from search engines, such as Google, for publishing snippets of their content in search results.

The working paper recommends the introduction of an EU law that covers the rights to digital reproduction of news publications. This would essentially make news publishers a new category of rights holders under copyright law, thereby ensuring that “the creative and economic contribution of news publishers is recognized and incentivized in EU law, as it is today the case for other creative sectors.”
#1375 Fantom ransomware encrypts your files while pretending to be Windows update
A new ransomware called Fantom was discovered by AVG malware researcher Jakub Kroustek that is based on the open-source EDA2 ransomware project. The Fantom Ransomware uses an interesting feature of displaying a fake Windows Update screen that pretends Windows is installing a new critical update. In the background, though, Fantom is secretly encrypting a victim's files without them noticing.

Unfortunately, there is no way to currently decrypt the Fantom Ransomware and usual methods for get EDA2 based ransomware keys are not available with this variant. For those who wish to discuss this ransomware or need support, you can use the Fantom Ransomware Help Support Topic.
#1374 RIPPER ATM malware and the 12 million baht jackpot
On Aug. 23, 2016, FireEye detected a potentially new ATM malware sample that used some interesting techniques not seen before. To add more fuel to an existing fire, the sample was uploaded to VirusTotal from an IP address in Thailand a couple of minutes before the Bangkok Post newspaper reported the theft of 12 million baht from ATMs at banks in Thailand.

In this blog, FireEye Labs dissects this new ATM malware that we have dubbed RIPPER (due to the project name “ATMRIPPER” identified in the sample) and documents indicators that strongly suggest this piece of malware is the one used to steal from the ATMs at banks in Thailand.
#1373 Hacker who stole 2.9 million credit card numbers is Russian lawmaker’s son
On Thursday, a federal jury in Seattle found Roman Seleznev guilty of stealing millions of credit card numbers and selling them online to other fraudsters. Seleznev, 32, is the son of Russian Parliament member Valery Seleznev.

Seleznev, who occasionally went by the moniker “Track2” online (a reference to one of the information strips on the back of a magnetic stripe card"), had been hacking into restaurant and retail Point of Sale (PoS) systems since at least October 2009 and continued until October 2013.

According to a 2014 indictment from the Department of Justice, Seleznev and potentially others who are unknown to the investigators “developed and used automated techniques, such as port scanning, to identify computers and computer systems that were connected to the Internet [and] were dedicated to or involved with credit processing by retail businesses.”
#1372 Mozilla launches free website security scanning service
In order to help webmasters better protect their websites and users, Mozilla has built an online scanner that can check if web servers have the best security settings in place.
threat intelligence

Dubbed Observatory, the tool was initially built for in-house use by Mozilla security engineer April King, who was then encouraged to expand it and make it available to the whole world.

She took inspiration from the SSL Server Test from Qualys' SSL Labs, a widely appreciated scanner that rates a website's SSL/TLS configuration and highlights potential weaknesses. Like Qualys' scanner, Observatory uses a scoring system from 0 to 100 -- with the possibility of extra bonus points -- which translates into grades from F to A+.
#1371 Opera warns Sync users of possible data breach
On Friday, Opera, the Norwegian company responsible for the popular browser, warned users that the Opera Sync service might have been compromised. In response, the company issued a forced password reset for all Sync users.

Opera sent the emails to Sync user base after they detected "signs of an attack where access was gained to the Opera sync system," the company said.

"This attack was quickly blocked. Our investigations are ongoing, but we believe some data, including some of our sync users’ passwords and account information, such as login names, may have been compromised."
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12