Security Alerts & News
by Tymoteusz A. Góral

#1562 Remove ransomware infections from your PC using these free tools
Ransomware, a variety of malware which encrypts user files and demands payment in return for a key, has become a major threat to businesses and the average user alike.

Coming in a variety of forms, ransomware most often compromises PCs through phishing campaigns and fraudulent emails. Once a PC is infected, the malware will encrypt, move, and potentially delete files, before throwing up a landing page demanding a ransom in Bitcoin.

Demands for payment can range from a few to thousands of dollars. However, giving in and paying the fee not only further funds the development and use of this malware, but there is no guarantee any decryption keys given in return will work.
#1561 Europe to push new security rules amid IoT mess
The European Commission is drafting new cybersecurity requirements to beef up security around so-called Internet of Things (IoT) devices such as Web-connected security cameras, routers and digital video recorders (DVRs). News of the expected proposal comes as security firms are warning that a great many IoT devices are equipped with little or no security protections.

According to a report at, the Commission is planning the new IoT rules as part of a new plan to overhaul the European Union’s telecommunications laws. “The Commission would encourage companies to come up with a labeling system for internet-connected devices that are approved and secure,” wrote Catherine Stupp. “The EU labelling system that rates appliances based on how much energy they consume could be a template for the cybersecurity ratings.”
#1560 How Shodan helped bring down a ransomware botnet
Shodan is a search engine that looks for internet-connected devices. Hackers use it to find unsecured ports and companies use it to make sure that their infrastructure is locked down. This summer, it was also used by security researchers and law enforcement to shut down a ransomware botnet.

The Encryptor RaaS botnet offered ransomware as a service, allowing would-be criminals to get up and going quickly with their ransomware campaigns, without having to write code themselves, according to report released last week.

The ransomware first appeared in the summer of 2015. It didn't make a big impact -- in March, Cylance reported that it had just 1,818 victims, only eight of whom had paid the ransom.

But it had a few things going for it that could have spelled success.
#1559 Android battles to fix the holes where the rain gets in
Google’s security mavens have been hard at work this month, patching an impressive 78 Android flaws in the firm’s latest update.

All-told, seven issues are rated ‘critical’, including a hat-trick of kernel-level holes, a privilege flaw in the MediaTek video driver and three biggies affecting Qualcomm silicon.

Qualcomm turns out to be a bit of a theme with 31 vulnerabilities (identified by CVE numbers) mentioning the chip maker by name.

If 78 sounds like a lot of security holes to fix at once, it’s actually down on recent months. In July, the number reached an all-time high of 108, followed by another 103 in August.
#1558 Europol, IOCTA 2016. Internet Organised Crime Threat Assessment (PDF)
The 2016 Internet Organised Crime Threat Assessment (IOCTA) reports a continuing and increasing acceleration of the security trends observed in previous assessments. The additional increase in volume, scope and financial damage combined with the asymmetric risk that characterises cybercrime has reached such a level that in some EU countries cybercrime may have surpassed traditional crime in terms of reporting. Some attacks, such as ransomware, which the previous report attributed to an increase in the aggressiveness of cybercrime, have become the norm, overshadowing traditional malware threats such as banking Trojans.

The mature Crime-as-a-Service model underpinning cybercrime continues to provide tools and services across the entire spectrum of cyber criminality, from entry-level to top-tier players, and any other seekers, including parties with other motivations such as terrorists. The boundaries between cybercriminals, Advanced Persistent Threat (APT) style actors and other groups continue to blur. While the extent to which extremist groups currently use cyber techniques to conduct attacks appears to be limited, the availability of cybercrime tools and services, and illicit commodities such as firearms on
the Darknet, provide ample opportunities for this situation to change.
#1557 BadKernel vulnerability affects one in 16 Android smartphones
A security bug in Google's V8 JavaScript engine is indirectly affecting around one in 16 Android devices, impacting smartphone models from all major vendors, such as LG, Samsung, Motorola, and Huawei.

The issue at play here has been discovered and fixed in the summer of 2015 and affected the Google V8 JavaScript engine, between versions 3.20 and 4.2.

Despite this bug being public for more than a year, only in August 2016 did Chinese security researchers discover that the V8 issue also affected a whole range of Android-related products where the older V8 engine versions had been deployed.
#1556 Cloud Security Alliance lays out security guidelines for IoT development
The Cloud Security Alliance (CSA) Internet of Things (IoT) working group has published a report to guide designers and developers on basic security measures it believes must be incorporated throughout the development process.

The report, Future-proofing the Connected World: 13 Steps to Developing Secure IoT Products, says that because IoT is broad-ranging and developing at great pace, identifying controls that can be applied against IoT products is difficult, noting its main reason for compiling the report is to give designers and developers a starting point to work from.
#1555 Latest intelligence for September 2016
The RIG exploit kit was the most active web attack toolkit in September and the number of new malware variants reached its highest point of the last year.
#1554 Cisco warns of critical flaws in Nexus switches
Cisco Systems released several critical software patches this week for its Nexus 7000-series switches and its NX-OS software. The vulnerabilities can allow remote access to systems, enabling a hacker to execute code or commands on targeted devices.

According to Wednesday’s Cisco Security Advisory, both the Nexus 7000 and 7700 series switches are susceptible to overlay transport virtualization buffer overflow flaws. This bug (CVE-2016-1453) is due to “incomplete input validation performed on the size of overlay transport virtualization packet header parameters,” Cisco said.
#1553 Arrested NSA contractor may have hoarded secrets to work from home
Investigators have little doubt that a National Security Agency contractor arrested in August hoarded mountains of classified material, but so far they've found no evidence that he leaked anything to anyone, The New York Times reported Friday.

Still, even if Harold T. Martin III didn't intentionally leak anything, federal officials remain highly concerned. Martin's home computers had "minimal security protection," leaving open the possibility, however remote, that hackers broke in and stole data that could compromise vital national security programs.
#1552 Spotify ads slipped malware onto PCs and Macs
Spotify's ads crossed from nuisance over to outright nasty this week, after the music service’s advertising started serving up malware to users on Wednesday. The malware was able to automatically launch browser tabs on Windows and Mac PCs, according to complaints that surfaced online.

As is typical for this kind of malware, the ads directed users’ browsers to other malware-containing sites in the hopes that someone would be duped into downloading more malicious software. The “malvertising” attack didn’t last long as Spotify was able to quickly correct the problem.

“We’ve identified an issue where a small number of users were experiencing a problem with questionable website pop-ups in their default browsers as a result of an isolated issue with an ad on our Free tier,” Spotify said on several threads in its support forums. “We have now identified the source of the problem and have shut it down. We will continue to monitor the situation.”
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12