Security Alerts & News
by Tymoteusz A. Góral

History
#1406 Research: Companies fear mobile devices as massive cybersecurity threat
According to an online poll conducted by Tech Pro Research in June, everyday threats like security breaches involving mobile devices are more worrisome than acts of cybercrime.
#1405 Cybercrime and cyberwar: A spotter's guide to the groups that are out to get you
Cybercriminals are as varied as other internet users: just as the web has allowed businesses to sell and communicate globally, so it has given fraudsters the ability to plunder victims anywhere and set up crime networks that, previously, would have been impossible.

The web has become central to the smooth running of most developed economies, and the types of cybercrime have changed too. While 15 years ago the majority of digital crime was effectively a form of online vandalism, most of today's internet crime is about getting rich. "Now the focus is almost entirely focused on a some kind of pay-off," says David Emm, principal security researcher at Kaspersky Lab.
#1404 How one man could have owned GitHub, and what happened next…
A WoSign customer wanted to acquire a certificate for the server name med.ucf.edu, a subdomain of the University of Central Florida’s domain ucf.edu.

The customer was duly authorised to run this subdomain, which belongs to the College of Medicine, so WoSign was correct to approve it.

However (and, in hindsight, by good fortune), the customer also accidentally applied for a certificate for www.ucf.edu, presumably having mistyped www.med.ucf.edu.

To his surprise (I am guessing at the customer’s gender here), the second application was approved as well.

This turned out to be more than just a one-off, because the customer did a second test, using a certificate in the name of another domain he had the right to control, namely anaccount.github.com (and anaccount.github.io).

Deliberately following the same faulty path that he had followed by mistake in his previous application, he ended up with a vouched-for certificate for all of github.com, github.io, and www.github.io.

As these are the primary server names for the popular source code hosting service GitHub, this would have been a blunder with serious consequences if a crook were to have spotted this trick and acquired the dodgy GitHub certificate with cybercrime in mind.
#1403 Building a new Tor that can resist next-generation state surveillance
Since Edward Snowden stepped into the limelight from a hotel room in Hong Kong three years ago, use of the Tor anonymity network has grown massively. Journalists and activists have embraced the anonymity the network provides as a way to evade the mass surveillance under which we all now live, while citizens in countries with restrictive Internet censorship, like Turkey or Saudi Arabia, have turned to Tor in order to circumvent national firewalls. Law enforcement has been less enthusiastic, worrying that online anonymity also enables criminal activity.

Tor's growth in users has not gone unnoticed, and today the network first dubbed "The Onion Router" is under constant strain from those wishing to identify anonymous Web users. The NSA and GCHQ have been studying Tor for a decade, looking for ways to penetrate online anonymity, at least according to these Snowden docs. In 2014, the US government paid Carnegie Mellon University to run a series of poisoned Tor relays to de-anonymise Tor users. A 2015 research paper outlined an attack effective, under certain circumstances, at decloaking Tor hidden services (now rebranded as "onion services"). Most recently, 110 poisoned Tor hidden service directories were discovered probing .onion sites for vulnerabilities, most likely in an attempt to de-anonymise both the servers and their visitors.
#1402 New version of Cerber ransomware distributed via malvertising
Cerber has become one of the most notorious and popular ransomware families in 2016. It has used a wide variety of tactics including leveraging cloud platforms and Windows Scripting and adding non-ransomware behavior such as distributed denial-of-service attacks to its arsenal. One reason for this popularity may be because it is frequently bought and sold as a service (ransomware-as-a-service, or RaaS).

The latest version of Cerber had functions found in earlier versions like the use of voice mechanism as part of its social engineering tactics. Similar to previous variants, Cerber 3.0 is dropped by the Magnitude and Rig exploit kits.
#1401 Dropbox hackers stole e-mail addresses, hashed passwords from 68M accounts
Dropbox hurriedly warned its users last week to change their passwords if their accounts dated back prior to mid-2012. We now know why: the cloud-based storage service suffered a data breach that's said to have affected more than 68 million accounts compromised during a hack that took place roughly four years ago.

The company had previously admitted that it was hit by a hack attack, but it's only now that the scale of the operation has seemingly come to light.

Tech site Motherboard reported—citing "sources in the database trading community"—that it had obtained four files, totalling 5GB in size, which apparently contained e-mail addresses and hashed passwords for 68,680,741 Dropbox users.
#1400 Fairware attacks targeting Linux servers
Linux server admins are reporting attacks resulting in the disappearance of the server’s web folder and websites being down indefinitely.

Posts to the forums on the BleepingComputer website corroborate a number of such attacks, most likely intrusions powered by brute-force attacks against SSH, according to one of the victims. In each instance, the web folder is deleted and a read_me file is left behind containing a link to a Pastebin page hosting a ransom note. The note demands two Bitcoin in exchange for the safe return of the files.
#1399 So much for counter-phishing training: Half of people click anything sent to them
Security experts often talk about the importance of educating people about the risks of "phishing" e-mails containing links to malicious websites. But sometimes, even awareness isn't enough. A study by researchers at a university in Germany found that about half of the subjects in a recent experiment clicked on links from strangers in e-mails and Facebook messages—even though most of them claimed to be aware of the risks.

The researchers at the Friedrich-Alexander University (FAU) of Erlangen-Nuremberg, Germany, led by FAU Computer Science Department Chair Dr Zinaida Benenson, revealed the initial results of the study at this month's Black Hat security conference. Simulated "spear phishing" attacks were sent to 1,700 test subjects—university students—from fake accounts.
#1398 Thousands of security threats happen every five minutes: Trend Micro VP
In just five minutes, files on a company's network can be encrypted and beyond its reach, according to Rik Ferguson, vice president of Security Research at Trend Micro.

Trend Micro has seen a lot of development around ransomware capabilities targeting businesses rather than consumers, Ferguson said during his keynote speech at Cloudsec Australia 2016 in Sydney on Thursday, with 1,800 new threats released out into the wild every five minutes.

Additionally, he said that more than 800,000 people are exposed to malicious URLs, exploit kits, phishing websites, malware, spam, and threats every five minutes, with almost 7,000 records on average being exposed in the same timeframe.

"Just so we can measure the speed of things, the fastest trains today ... can reach top speed of about 450km/h. That means in five minutes, you can travel close to 40 kilometres. That's an incredible distance to be able to go in a very, very short period of time," Ferguson pointed out.
#1397 SWIFT warns banks of more cyberattacks
Reports of additional attacks against banks that use SWIFT, the global financial transaction messaging network, came to light Wednesday. The attacks were reportedly persistent, sophisticated and in some cases successful, impacting an undisclosed number of financial institutions.

It’s the latest development since February when cybercriminals used SWIFT to steal $81 million in a Bangladesh Bank heist. Reports of the latest bank attacks come from a private letter obtained by the Reuters news agency sent by SWIFT to its clients informing them of the attacks and urging them to shore-up their cyber defenses.

The letter told clients that SWIFT customer “environments” have been compromised and that the possibility of a “threat is persistent, adaptive and sophisticated – and it is here to stay,” according to the Reuters.

#1396 Chrome 53 fixes address spoofing vulnerability and 32 other bugs
Google continued its onslaught of summer Chrome patches Wednesday when it pushed out version 53 of the browser, fixing 33 bugs, half of which were rated “high” severity by the company.

Google paid at least $56,500 in rewards to researchers who discovered vulnerabilities in the browser this time through. The company is still determining how much to award several researchers who found bugs, while two vulnerabilities marked Wednesday were ultimately not applicable to the company’s bug bounty program.
#1395 Hackers stole over 43 million Last.fm accounts in 2012 breach
New details about a historical hack of music website Last.fm have come to light.

Last.fm, owned by CBS (which also owns ZDNet and sister website CNET), suffered a data breach in 2012, but details of the attack were not disclosed. Reports suggested the service had an estimated 40 million users at the time.

On Thursday, breach notification site LeakedSource, which obtained a copy of the database and posted details of the hack in a blog post, said more than 43.5 million accounts were stolen.
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12