Security Alerts & News
by Tymoteusz A. Góral

History
#1456 Secret Service warns of ‘Periscope’ skimmers
The U.S. Secret Service is warning banks and ATM owners about a new technological advance in cash machine skimming known as “periscope skimming,” which involves a specialized skimming probe that connects directly to the ATM’s internal circuit board to steal card data.

According to a non-public alert released to bank industry sources by a financial crimes task force in Connecticut, this is thought to be the first time periscope skimming devices have been detected in the United States. The task force warned that the devices may have the capability to remain powered within the ATM for up to 14 days and can store up to 32,000 card numbers before exhausting the skimmer’s battery strength and data storage capacity.

The alert documents the first known case of periscope skimming in the United States, discovered Aug. 19, 2016 at an ATM in Greenwich, Conn. A second periscope skimmer was reportedly found hidden inside a cash machine in Pennsylvania on Sept. 3.
#1455 Adblock Plus finds the end-game of its business model: Selling ads
Eyeo GmbH, the company that makes the popular Adblock Plus software, will today start selling the very thing many of its users hate—advertisements. Today, the company is launching a self-service platform to sell "pre-whitelisted" ads that meet its "acceptable ads" criteria. The new system will let online publishers drag and drop advertisements that meet Eyeo's expectations for size and labeling.

"The Acceptable Ads Platform helps publishers who want to show an alternative, nonintrusive ad experience to users with ad blockers by providing them with a tool that lets them implement Acceptable Ads themselves,” said Till Faida, co-founder of Adblock Plus.

Publishers who place the ads will do so knowing that they won't be blocked by most of the 100 million Adblock Plus users. The software extension's default setting allows for "acceptable ads" to be shown, and more than 90 percent of its users don't change that default setting.
#1454 Generic OSX malware detection method explained
When it comes to detecting OS X malware, the future may not be rooted in machine learning algorithms, but patterns and heatmap visualization, a researcher posits.

In an academic paper published by Virus Bulletin on Monday, Vincent Van Mieghem, a former student at the Delft University of Technology in the Netherlands, describes how a recurring pattern he observed in OS X system calls can be used to indicate the presence of malware.

Van Mieghem wrote the paper, “Behavioral Detection and Prevention of Malware on OS X,” (.PDF) while interning at Fox-IT but has since moved on to PricewaterhouseCoopers’ cybersecurity division.
#1453 Gugi: from an SMS trojan to a mobile-banking trojan
The mobile-banking Trojan family, Trojan-Banker.AndroidOS.Gugi is interesting due to its use of the WebSocket protocol to interact with its command-and-control servers. This protocol combines the advantages of HTTP with those of commonly used sockets: there is no need to open extra ports on a device, as all the communication goes through standard port 80. At the same time, real-time data exchange is possible.

It is worth noting that even though this technology is user-friendly, it is not that popular among attackers. Among all the mobile Trojans that utilize WebSocket technology, more than 90% are related to the Gugi family.
#1452 How a third-party App Store abuses Apple’s developer enterprise program to serve adware
For bogus applications to be profitable, they should be able to entice users into installing them. Scammers do so by riding on the popularity of existing applications, embedding them with unwanted content—even malicious payloads—and masquerading them as legitimate. These repackaged apps are peddled to unsuspecting users, mostly through third-party app stores.

Haima exactly does that, and more. We discovered this China-based third-party iOS app store aggressively promoting their repackaged apps in social network channels—YouTube, Facebook, Google+, and Twitter—banking on the popularity of games and apps such as Minecraft, Terraria, and Instagram to lure users into downloading them.

Third-party app stores such as Haima rely on the trust misplaced not only by the users but also by distribution platforms such as Apple’s, whose Developer Enterprise Program is abused to deploy these repackaged apps. These marketplaces also appeal to the malefactors because they are typically less policed. Haima capitalizes on the monetization of ads that it unscrupulously pushes to its repackaged apps.
#1451 Hands-on: Blue Hydra can expose the all-too-unhidden world of Bluetooth
My new neighbor was using AirDrop to move some files from his phone to his iMac. I hadn't introduced myself yet, but I already knew his name. Meanwhile, someone with a Pebble watch was walking past, and someone named "Johnny B" was idling at the stoplight at the corner in their Volkswagen Beetle, following directions from their Garmin Nuvi. Another person was using an Apple Pencil with their iPad at a nearby shop. And someone just turned on their Samsung smart television.

I knew all this because each person advertised their presence wirelessly, either over "classic" Bluetooth or the newer Bluetooth Low Energy (BTLE) protocol—and I was running an open source tool called Blue Hydra, a project from the team at Pwnie Express. Blue Hydra is intended to give security professionals a way of tracking the presence of traditional Bluetooth, BTLE devices, and BTLE "iBeacon" proximity sensors. But it can also be connected to other tools to provide alerts on the presence of particular devices.
#1450 Allow web domain changeover: US tech firms
Major technology companies including Facebook, Google, and Twitter are urging United States Congress to support a plan for the government to cede control of the internet's technical management to the global community.

The US Commerce Department has primary oversight of the internet's management, but some Republican lawmakers are trying to block the handover to global stakeholders, which include businesses, tech experts, and public interest advocates, saying it could stifle online freedom by giving voting rights to authoritarian governments.

The years-long plan to transfer oversight of the non-profit Internet Corporation for Assigned Names and Numbers (ICANN) is scheduled to occur on October 1, unless Congress votes to block the handover. The California-based corporation operates the database for domain names such as .com and .net and their corresponding numeric addresses that allow computers to connect.
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12