Security Alerts & News
by Tymoteusz A. Góral

History
#1468 BkSoD by ransomware: HDDCryptor uses commercial tools to encrypt network shares and lock HDDs
While most ransomware we’ve seen only target specific file types or folders stored on local drives, removable media and network shares, we were able to uncover a ransomware family that does not discriminate: HDDCryptor. Detected as Ransom_HDDCRYPTOR.A, HDDCryptor not only targets resources in network shares such as drives, folders, files, printers, and serial ports via Server Message Block (SMB), but also locks the drive. Such a damaging routine makes this particular ransomware a very serious and credible threat not only to home users but also to enterprises.
#1467 Pay-to-click ad service hacked, 6.6M plaintext passwords dumped
How would you like to earn money just by sitting at home in front of a computer and viewing ads?

Us neither.

What if you could earn $1.20 an hour?

We’re not sure how you’d manage to cover the costs of your internet connection at that rate, but if you could somehow get online for free, and you were ready to work a solid 12 hours a day, 7 days a week, you could get out with close to $6000 a year.

In many parts of the world, that’s serious money, so we’re not surprised that people are willing to do it.

One online service that will pay you at that sort of rate is a company called ClixSense, which basically pays you for viewing ads, completing online surveys, categorising images or videos, making Google searches, and so on.

ClixSense also runs an affiliate network, so you can earn commission on the earnings of new members whom you bring to the party, as a way of keeping the ClixSense click-machine fuelled with clickers.
#1466 Cisco patches critical WebEx meetings server vulnerability
Cisco warned customers of 12 vulnerabilities across its product line this week, including a critical vulnerability in the software that powers its conferencing product, WebEx Meetings Server.

The company stressed on Wednesday that version 2.6 of its WebEx Meetings Server is vulnerable to a remote command execution vulnerability. If exploited, the bug could enable an attacker to inject arbitrary commands on a system with elevated privileges.

The issue, the most pressing among all the fixes pushed by Cisco this week, stems from the insufficient sanitization of user-supplied data, according to an advisory published by the company on Wednesday. U.S. CERT also published an alert today with links to all 12 Cisco advisories.
#1465 Signal bug lets attackers tamper with encrypted messages—patch now
Signal, the mobile messaging app recommended by NSA leaker Edward Snowden and a large number of security professionals, just fixed a bug that allowed attackers to tamper with the contents of encrypted messages sent by Android users.

The authentication-bypass vulnerability was one of two weaknesses found by researchers Jean-Philippe Aumasson and Markus Vervier in an informal review of the Java code used by the Android version of Signal. The bug made it possible for attackers who compromised a Signal server or were otherwise able to monitor data passing between Signal users to replace a valid attachment with a fraudulent one. A second bug possibly would have allowed attackers to remotely execute malicious code, but a third bug made limited exploits to a simple remote crash.

"The results are not catastrophic, but show that, like any piece of software, Signal is not perfect," Aumasson wrote in an e-mail. "Signal drew the attention of many security researchers, and it's impressive that no vulnerability was ever published until today. This pleads in favor of Signal, and we'll keep trusting it."
#1464 Neverquest trojan gets big summer update
The once prolific bank Trojan Neverquest has received a major code revamp over the summer and is now armed with modifications that can more adeptly hijack a victim’s PC, inject code into webpages and steal credentials. The update represents a significant enough change to the malware that researchers have dubbed the latest samples Neverquest2.

Over the past several months Arbor Networks’ Security Engineering and Response Team (ASERT), along other members of the security research community, have been tracking the slow and steady improvements added to Neverquest. There is consensus that the team behind the Trojan is gearing up for a new Neverquest2 assault.
#1463 Ransomware getting more targeted and expensive
I shared a meal not long ago with a source who works at a financial services company. The subject of ransomware came up and he told me that a server in his company had recently been infected with a particularly nasty strain that spread to several systems before the outbreak was quarantined. He said the folks in finance didn’t bat an eyelash when asked to authorize several payments of $600 to satisfy the Bitcoin ransom demanded by the intruders: After all, my source confessed, the data on one of the infected systems was worth millions — possibly tens of millions — of dollars, but for whatever reason the company didn’t have backups of it.

This anecdote has haunted me because it speaks volumes about what we can likely expect in the very near future from ransomware — malicious software that scrambles all files on an infected computer with strong encryption, and then requires payment from the victim to recover them.
#1462 DualToy Windows trojan attacks Android and iOS Devices
A Windows Trojan called DualToy has been discovered that can side load malicious apps onto Android and iOS devices via a USB connection from an infected computer.

Researchers from Palo Alto Networks said DualToy has been in existence since January 2015, and it originally was limited to installing unwanted apps and displaying mobile ads on Android devices. About six months later, the Trojan morphed and began targeting iOS devices by installing a third-party App Store in hopes of nabbing iTunes usernames and passwords.

When DualToy began to spread in January 2015, it was only capable of infecting Android devices… We observed the first sample of DualToy capable of infecting iOS devices on June 7, 2015. Later in 2016, a new variant appeared,” wrote senior malware researcher Claud Xiao in a technical description of the Trojan.
#1461 Google is giving you $200,000 to hack the Nexus 6P and 5X
If you’ve always wanted to get into hacking, now’s the time.

Today Google is launching the Project Zero Security Contest and awarding over $300,000 in prizes to anyone who can hack Nexus 6P and 5X knowing only the devices’ phone number and email address.
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12