Security Alerts & News
by Tymoteusz A. Góral

History
#1519 IEEE sets new Ethernet standard that brings 5X the speed without disruptive cable changes
As expected the IEEE has ratified a new Ethernet specification -- IEEE P802.3bz – that defines 2.5GBASE-T and 5GBASE-T, boosting the current top speed of traditional Ethernet five-times without requiring the tearing out of current cabling.

The Ethernet Alliance wrote that the IEEE 802.3bz Standard for Ethernet Amendment sets Media Access Control Parameters, Physical Layers and Management Parameters for 2.5G and 5Gbps Operation lets access layer bandwidth evolve incrementally beyond 1Gbps, it will help address emerging needs in a variety of settings and applications, including enterprise, wireless networks.
#1518 Android.Lockscreen ransomware now using pseudorandom numbers
New variants of Android.Lockscreen are using pseudorandom passcodes to prevent victims from unlocking devices without paying the ransom. Previous versions of these threats locked the screen and used a hardcoded passcode, but analysts were able to reverse engineer the code to provide victims with the passcode to unlock their devices. Attackers have also combined a custom lockscreen with the device's lockscreen to create an additional hurdle for those infected. Similar to some other mobile threats we've observed, these Trojans are being created directly on mobile devices before being distributed. Symantec detects these threats as Android.Lockscreen.
#1517 Virlock ransomware can now use the cloud to spread, say researchers
A new variant of Virlock ransomware is capable of stealthily spreading itself through cloud storage and collaboration applications, potentially enabling one infected user to inadvertently spread the file-locking malware across their enterprise network.

The Virlock variant is yet another instance of cybercriminals deploying new techniques in order to make ransomware even more effective: it's expected to cost organisations a total of $1bn during 2016 alone.

Virlock has been active for almost two years now, and security researchers at Netskope have discovered how Virlock can employ a 'fan-out' effect, spreading itself through the use of cloud sync, cloud storage, and collaboration applications.
#1516 Kaspersky Cybersecurity Index
Cyberthreats are out there. Do people know about them? Are they being targeted? Are they protected? Take a look at this global problem with the Kaspersky Index.
#1515 Firefox ready to block certificate authority that threatened Web security
The organization that develops Firefox has recommended the browser block digital credentials issued by a China-based certificate authority for 12 months after discovering it cut corners that undermine the entire transport layer security system that encrypts and authenticates websites.

The browser-trusted WoSign authority intentionally back-dated certificates it has issued over the past nine months to avoid an industry-mandated ban on the use of the SHA-1 hashing algorithm, Mozilla officials charged in a report published Monday. SHA-1-based signatures were barred at the beginning of the year because of industry consensus they are unacceptably susceptible to cryptographic collision attacks that can create counterfeit credentials. To satisfy customers who experienced difficulty retiring the old hashing function, WoSign continued to use it anyway and concealed the use by dating certificates prior to the first of this year, Mozilla officials said. They also accused WoSign of improperly concealing its acquisition of Israeli certificate authority StartCom, which was used to issue at least one of the improperly issued certificates.

"Taking into account all the issues listed above, Mozilla's CA team has lost confidence in the ability of WoSign/StartCom to faithfully and competently discharge the functions of a CA," Monday's report stated. "Therefore we propose that, starting on a date to be determined in the near future, Mozilla products will no longer trust newly issued certificates issued by either of these two CA brands."
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12