Security Alerts & News
by Tymoteusz A. Góral

History
#1424 Russian internet giant Rambler.ru hacked, leaking 98 million accounts
Russian internet portal and email provider Rambler.ru has become the latest victim in a growing list of historical hacks.

Breach notification site LeakedSource.com, which obtained a copy of an internal customer database, said the attack dates back to February 17, 2012.

More than 98.1 million accounts were in the database, including usernames, email addresses, social account data, and passwords, the group said in a blog post. Unlike other major breaches, those passwords were stored in unencrypted plaintext, meaning anyone at the company could easily see passwords.

The last time a breach on this scale was found using plaintext password storage was Russian social networking site VK.com, which saw 171 million accounts taken in the breach.
#1423 Pokémon-themed umbreon Linux rootkit hits x86, ARM systems
The Trend Micro Forward Looking Threat Research team recently obtained samples of a new rootkit family from one of our trusted partners. We are providing a detailed analysis of the rootkit, and also making the samples available to the industry to help others block this threat.

This rootkit family called Umbreon (sharing the same name as the Pokémon) targets Linux systems, including systems running both Intel and ARM processors, expanding the scope of this threat to include embedded devices as well. (An aside: the rootkit does appear to be named after the Pokémon of the same name. This Pokémon is known for hiding in the night, which is an appropriate characteristic for a rootkit.) We detect Umbreon under the ELF_UMBREON family.
#1422 Google Chrome fixes serious vulnerabilities, thanks to bug fighters
The latest Google Chrome browser update comes with 33 vulnerability patches, including 13 that are high-severity. It’s all thanks to community contributors and bug fighters who submitted fixes for Chrome’s bug bounty program.

Many of the vulnerabilities fixed in this release were part of the browser’s engine Blink, but some of the more high-severity discoveries were for Chrome’s built-in PDF reader, PDFium.

This big rollout of bug fixes follows another busy month, where 48 vulnerabilities were patched in July alone. Some of the bug bounty contributors netted themselves quite a bit of cash too, up to $7,500 per cross-site scripting bug caught.
#1421 German spies violated law, must delete XKeyscore database - watchdog
Germany's spies seriously violated the country's laws multiple times, according to a secret report from its federal data protection commissioner Andrea Voßhoff.

The legal analysis, leaked to Netzpolitik, was made in July 2015 following a visit by data protection officials to Bad Aibling in southern Germany, in the wake of Edward Snowden's revelations about surveillance activities there. Bad Aibling is jointly run by Germany's intelligence agency, the Bundesnachrichtendienst (BND), and the NSA.

As well as listing 18 serious legal violations, and filing 12 formal complaints—the German data watchdog's most severe legal instrument—the secret report said that the BND created seven databases without the appropriate legal approval. As a result, commissioner Voßhoff said that all seven databases should be deleted, and could not be used again.
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12