Security Alerts & News
by Tymoteusz A. Góral

History
#1540 These ten cities are home to the biggest botnets
According to new data from cybersecurity researchers at Symantec, Turkey plays host to the highest botnet population in EMEA, with its most populous urban centre of Istanbul and capital city Ankara containing the highest and second highest number of botnet controlled devices in EMEA.

Behind Turkey, Italy ranks as the second-most bot-populated country, with Hungary third. That pattern is also reflected in the ranking of cities with the highest bot population with Italian capital Rome in third, followed by the Hungarian cities of Budapest and Szeged in fourth and fifth, according to the research from Norton by Symantec.

These parts of the world are an attractive target for hackers because they're markets and cities which have recently seen a huge increase in high-speed internet and connected devices but where security awareness may be lagging.
#1539 Major security flaw in Samsung Knox could give hackers 'full control' of your phone
Samsung hasn't had the best few weeks. Security experts have disclosed three vulnerabilities in the system the company created to "enhance security" of the Android operating system.

Researchers from Israeli firm Viral Security Group exposed the flaws in Samsung's Knox system, which they say "allowed full control" of a Samsung Galaxy S6 and the Galaxy Note 5 used for testing back in June.

The vulnerabilities, which require an existing flaw to operate, were reported to Samsung earlier this year. The company says it fixed them in a recent security update.
#1538 After Mozilla inquiry, Apple untrusts Chinese certificate authority
Following a Mozilla-led investigation that found multiple problems in the SSL certificate issuance process of WoSign, a China-based certificate authority, Apple will make modifications to the iOS and macOS to block future certificates issued by the company.

Although there is no WoSign root certificate in Apple's trusted certificate store, a WoSign intermediate CA certificate is cross-signed by two other CAs that Apple trusts: StartCom and Comodo. This means that until now Apple products have automatically trusted certificates issued through the WoSign intermediate CA.
#1537 OpenJPEG zero-day flaw leads to remote code execution
Cisco Talos researchers have uncovered a severe zero-day flaw in the OpenJPEG JPEG 2000 codec which could lead to remote code execution on compromised systems.

On Friday, researchers from Cisco revealed the existence of the zero-day flaw in the JPEG 2000 image file format parser implemented in OpenJPEG library. The out-of-bounds vulnerability, assigned as CVE-2016-8332, could allow an out-of-bound heap write to occur resulting in heap corruption and arbitrary code execution.

OpenJPEG is an open-source JPEG 2000 codec. Written in C, the software was created to promote JPEG 2000, an image compression standard which is in popular use and is often used for tasks including embedding images within PDF documents through software including Poppler, MuPDF and Pdfium.
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12