Security Alerts & News
by Tymoteusz A. Góral

History
#1534 Polyglot – the fake CTB-locker
Cryptor malware programs currently pose a very real cybersecurity threat to users and companies. Clearly, organizing effective security requires the use of security solutions that incorporate a broad range of technologies capable of preventing a cryptor program from landing on a potential victim’s computer or reacting quickly to stop an ongoing data encryption process and roll back any malicious changes. However, what can be done if an infection does occur and important data has been encrypted? (Infection can occur on nodes that, for whatever reason, were not protected by a security solution, or if the solution was disabled by an administrator.) In this case, the victim’s only hope is that the attackers made some mistakes when implementing the cryptographic algorithm, or used a weak encryption algorithm.
#1533 Researchers break MarsJoke ransomware encryption
Victims infected with the MarsJoke ransomware can decrypt their files after researchers last week cracked the encryption in the CTB-Locker lookalike.

A trio of researchers from Kaspersky Lab’s Global Research and Analysis Team–Anton Ivanov, Orkhan Mamedov, and Fedor Sinitsyn–described Monday how errors in the cryptography, a/k/a Polyglot, used in the ransomware enabled them to break it.

The biggest mistake developers behind the ransomware made was in the way they implemented its pseudo-random number generator. Researchers said a weak random string in the key generator could be broken. That allowed them to search for a set of possible keys produced by the generator in just “a few minutes” on a standard PC.
#1532 Multiple Linux distributions affected by crippling bug In systemd
The following command, when run as any user, will crash systemd:

NOTIFY_SOCKET=/run/systemd/notify systemd-notify ""

After running this command, PID 1 is hung in the pause system call. You can no longer start and stop daemons. inetd-style services no longer accept connections. You cannot cleanly reboot the system. The system feels generally unstable (e.g. ssh and su hang for 30 seconds since systemd is now integrated with the login system). All of this can be caused by a command that's short enough to fit in a Tweet.
#1531 This high-tech card is being rolled out by French banks to eliminate fraud
Forget fraud, these new bank cards are about to change everything.

Your bank security is pretty broken. It’s not your fault, it’s just really hard to keep people’s money safe, especially online.

Part of the problem is that once your card details are stolen – whether through a phishing attack or by someone copying the digits on the back – fraudsters are free to go on a spending spree until you notice something’s up.

They’re getting away with millions, and it’s a problem affecting over half a million people in the first half of 2016 alone.

Normally by the time you get around to actually cancelling your card, it’s all too late.

But what if the numbers on your card changed every hour so that, even if a fraudster copied them, they’d quickly be out of date?

That’s exactly what two French banks are starting to do with their new high-tech ebank cards.
#1530 Source code powering potent IoT DDoS just went public
A hacker has released computer source code that allows relatively unsophisticated people to wage the kinds of extraordinarily large assaults that recently knocked security news site KrebsOnSecurity offline and set new records for so-called distributed denial-of-service attacks.

KrebsOnSecurity's Brian Krebs reported on Saturday that the source code for "Mirai," a network of Internet-connected cameras and other "Internet of things" devices, was published on Friday. Dale Drew, the chief security officer at Internet backbone provider Level 3 Communications, told Ars that Mirai is one of two competing IoT botnet families that have recently menaced the Internet with record-breaking distributed denial-of-service (DDoS) attacks—including the one that targeted Krebs with 620 gigabits per second of network traffic, and another that hit French webhost OVH and reportedly peaked at more than 1 terabit per second.
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12