Security Alerts & News
by Tymoteusz A. Góral

History
#1429 "Catastrophic" DDoS attack pummels Linode servers over labor day weekend
Linode, one of the world's top providers of virtual private servers (VPS), battled over the weekend with a DDoS attack that targeted its Atlanta data center and that the company has described as "catastrophic."

The attack, aimed at the company's Atlanta data center, started on Saturday, September 3, around 21:00 UTC, and got the Linode team scrambling for answers.

Three and a half hours later, Linode engineers were informing customers that they experienced "a catastrophic DDoS attack which is being spread across hundreds of different IP addresses in rapid succession, making mitigation extremely difficult."

During all this time, connectivity to the service was down, affecting Linode customers such as Clojars, a repository of open source Clojure libraries that relies on the Linode infrastructure.

The attack started subsiding by Monday, September 5, around 21:30 UTC. The attack's start and end date were perfectly timed to fit the US Labor Day extended holiday weekend.
#1428 Cry ransomware uses UDP, Imgur, Google Maps
Ransomware purporting to come from a phony government agency, something called the Central Security Treatment Organization, has been making the rounds, researchers say.

The ransomware, which is already known by a number of names including Cry, CSTO ransomware, or Central Security Treatment Organization ransomware, uses the User Datagram Protocol (UDP) to communicate and the photo sharing service Imgur and Google Maps to carry out its infections to an extent, as well.

A security researcher who goes under the guise MalwareHunterTeam discovered the malware last Thursday.
#1427 Hackers “find Twitter exploit” and resurrect banned accounts
This should be a Halloween tale: Twitter accounts long dead and buried have been resurrected by a Frankenstein-like bunch of hackers.

We don’t know where they got the jolt of lightning to make these things burst from the grave, but as Business Insider reports, a hacking group calling itself Spain Squad allegedly seized Twitter accounts including @Hell, @Hitler, @Nazi, @ak47, and @1337: many of which had been previously suspended, while others had been inactive for quite some time.

The @Ziter account, claiming affiliation with Spain Squad, on Friday was offering a slew of accounts for sale, including those above as well as @botnet, @darknet, @LizardSquad, and @bypass.

As of Monday morning, Twitter hadn’t commented, though it had reburied the zombie accounts, suspending them yet again.
#1426 Google fixes final 'Quadrooter' flaws with new security patch
What took Google a month to fix took others just a couple of weeks.

In the latest round of Android security fixes released Tuesday, the company fixed two remaining flaws that were part of the so-called "Quadrooter" set of vulnerabilities announced last month.

Quadrooter was particularly troublesome because the set of four flaws (hence the name "quad") affected at least 900 million Android devices. These high-risk vulnerabilities would allow a dedicated and well-trained attacker to gain complete access to an affected phone and its data.
#1425 Banking trojan, Gugi, evolves to bypass Android 6 protection
Almost every Android OS update includes new security features designed to make cybercriminals’ life harder. And, of course, the cybercriminals always try to bypass them.

We have found a new modification of the mobile banking Trojan, Trojan-Banker.AndroidOS.Gugi.c that can bypass two new security features added in Android 6: permission-based app overlays and a dynamic permission requirement for dangerous in-app activities such as SMS or calls. The modification does not use any vulnerabilities, just social engineering.
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12