Security Alerts & News
by Tymoteusz A. Góral

History
#1387 BASHLITE family of malware infects 1 million IoT devices
More than one million consumer web-connected video cameras and DVRs are compromised by bot herders who use the devices for DDoS attacks, researchers say.

According to Level 3 Threat Research Labs, a small malware family that goes by the names Lizkebab, BASHLITE, Torlus and Gafgyt is behind a web of botnets carrying out the attacks.

“This research shocked us,” said Dale Drew, chief security officer at Level 3 Communications. “We picked fairly well-known and average botnets and challenged ourselves to find as many interesting things as we could. At a high level we were surprised. When we looked at BASHLITE malware, for example, we found it was tied to botnets far more organized and structured than we had previously thought.”
#1386 Officials blame “sophisticated” Russian hackers for voter system attacks
The profile of attacks on two US state voter registration systems this summer presented in an FBI "Flash" memo suggests that the states were hit by a fairly typical sort of intrusion. But an Arizona official said that the Federal Bureau of Investigation had attributed an attack that succeeded only in capturing a single user's login credentials to Russian hackers and rated the threat from the attack as an "eight on a scale of ten" in severity. An Illinois state official characterized the more successful attack on that state's system as "highly sophisticated" based on information from the FBI.
#1385 How tech is helping a casino catch the cheats (VIDEO)
In the past, casinos would employ agents to observe gamblers' behaviour and watch out for cheats, but now technology is playing a role.

BBC Click's Dan Simmons was offered a rare opportunity to find out how one casino uses its own technology to catch cheats.
#1384 Locky ransomware now downloaded as encrypted DLLs
The Locky ransomware family has emerged as one of the most prominent ransomware families to date, being sold in the Brazilian underground and spreading via various exploits. Locky has, over time, become known for using a wide variety of tactics to spread–including macros, VBScript, WSF files, and now, DLLs.

Recently we encountered a new Locky variant (detected as RANSOM_LOCKY.F116HM) that used old tactics on the surface, but with some key technical changes. The emails that were used to distribute it were fairly pedestrian as far as these messages go, although it was part of a large-scale spam campaign.
#1383 FBI detects breaches in US state voting systems
The FBI is urging US election officials to increase computer security after it uncovered evidence that hackers have targeted two state election databases in recent weeks, according to a confidential advisory.

The warning was in an August 18 flash alert from the FBI's Cyber Division. Reuters obtained a copy of the document.

Yahoo News first reported the story on Monday, citing unnamed law-enforcement officials who said they believed foreign hackers caused the intrusions.
#1382 Meet USBee, the malware that uses USB drives to covertly jump airgaps
In 2013, a document leaked by former National Security Agency contractor Edward Snowden illustrated how a specially modified USB device allowed spies to surreptitiously siphon data out of targeted computers, even when they were physically severed from the Internet or other networks. Now, researchers have developed software that goes a step further by turning unmodified USB devices into covert transmitters that can funnel large amounts of information out of similarly "air-gapped" PCs.

The USBee—so named because it behaves like a bee that flies through the air taking bits from one place to another—is in many respects a significant improvement over the NSA-developed USB exfiltrator known as CottonMouth. That tool had to be outfitted with a hardware implant in advance and then required someone to smuggle it into the facility housing the locked-down computer being targeted. USBee, by contrast, turns USB devices already inside the targeted facility into a transmitter with no hardware modification required at all.
#1381 Cyber security should be expanded to other departments other than IT: CII-KPMG report
Cyber threats today are no longer restricted to a company’s communications and IT domains, calling for more than just technical controls to avert attacks and protect the business from future risks and breaches, a new report said. According to the joint report of the Confederation of Indian Industry (CII) and KPMG, cyber security today embraces multiple units of an organization like human resource, supply chain, administration and infrastructure. It, therefore, requires governance at the highest levels. “It is vital to keep pace with the changing regulatory and technology landscape to safeguard and advance business objectives. Working backwards by identifying and understanding future risks, predicting risks and acting ahead of competition, can make a company more robust,” said Richard Rekhy, Chief Executive Officer, KPMG, India.
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12