Security Alerts & News
by Tymoteusz A. Góral

History
#1588 Android devices that contain Foxconn firmware may have a secret backdoor
Some Android devices that contain firmware created by Foxconn may be vulnerable via a debugging feature left inside the OS bootloader, which acts as a backdoor and bypasses authentication procedures for any intruder with USB access to a vulnerable phone.

Foxconn is a Taiwanese company that assembles the electronic parts of several Android smartphone manufacturers (OEMs).

The reason this backdoor exists in the bootloader, the piece of code responsible for booting up the Android OS, is because various OEMs allow Foxconn to create and supply firmware for some of the electronics they use to glue all the parts of an Android device together.
#1587 Evernote confirms a serious bug caused data loss for some Mac users
A number of Evernote users are now being alerted via email message of a serious bug that may cause data loss in certain versions of the company’s Mac application. Not all Evernote Mac users were affected by this bug, however, but those who received the email will need to update their Mac app immediately in order to protect themselves from experiencing the issue.

According to the email sent to users, the bug can cause images and other attachments to be deleted under specific conditions, when using Evernote for Mac. The company claims only “a small number of people” have been impacted by the glitch, which occurs in the version of the Mac software released in September, and less frequently, in the versions released since this June.
#1586 Almost 6,000 online shops hit by hackers
Almost 6,000 web shops are unknowingly harbouring malicious code that is stealing the credit card details of customers, suggests research.

The code has been injected into the sites by cyberthieves, said Dutch developer Willem De Groot.

He found the 5,925 compromised sites by scanning for the specific signature of the data-stealing code in website software.

Some of the stolen data was sent to servers based in Russia, he said.
#1585 Cisco patches critical bug in video conferencing server hardware
On Wednesday Cisco Systems patched a critical vulnerability found in its Cisco Meeting Server hardware, a key component in its enterprise audio, web and video conferencing service.

The flaw, according to a Cisco Security Advisory, could allow an unauthenticated remote attacker to masquerade as a legitimate user. “A successful exploit could allow an attacker to access the system as another user,” according to Cisco.
#1584 Beware of the student loan forgiveness scam spam
According to reports, 42 million people owe US$1.3 trillion in student debt in America today. With most of these student loans being government-backed, the student debt industry in America is big business and estimated to be worth $140 billion annually.

Scammers globally have been quick to take advantage of the desperate plight of graduates struggling with student debt by preying on them with seductive offers, such as student loan forgiveness. In recent research into the activities of the Ascesso (aka Tofsee) malware family (Trojan.Ascesso), Symantec observed several spam runs attempting to send out thousands of student loan forgiveness scam emails.
#1583 Google plugs 21 security holes in Chrome
Google on Wednesday patched 21 security vulnerabilities in Chrome, including a half dozen rated high severity that were reported by external researchers and were eligible for a bounty.

Bug hunters earned a total of $30,000 in bounties, with a top payout of $7,500 to an unnamed researcher for a universal cross-site scripting flaw found in Blink, the Chrome browser engine.

The Chrome 54 update (54.0.2840.59) applies to the Windows, Mac, and Linux versions of the browser. Google said in its security bulletin the updates will roll out over the next days and weeks to Chrome browsers.
#1582 Operations of a Brazilian payment card fraud group
Brazil has been designated a major hub for financially motivated eCrime threat activity. Brazilian threat actors are targeting domestic and foreign entities and individuals, with frequent targeting of U.S. assets. The country routinely places in "Top Five" lists of various global cyber crime rankings, and multiple sources claim that financially motivated threat activity in the country has increased within the past few years.

In this blog we provide insight into the tactics, techniques and procedures (TTPs) of a Brazilian cyber crime group that specializes in payment card fraud operations. The threat actors, observed by FireEye Labs, use a variety of different methods to either compromise or acquire already compromised payment card credentials, including sharing or purchasing dumps online, hacking vulnerable merchant websites and compromising payment card processing devices. Once in their possession, the actors use these compromised payment card credentials to generate further card information. The main methods used by the observed group to launder and monetize illicit funds include online purchases of various goods and services as well as ATM withdrawals.

Based on extensive observation of this group's activity, we are able to characterize their operations lifecycle starting with the initial operational setup; followed by the methods used to compromise credentials or, conversely, purchase already compromised credentials; then the process of generating new cards for subsequent abuse, which includes validation and cloning; and finally the subsequent monetization strategies.
#1581 Amazon resets customer passwords, while LeakedSource discloses massive update
Last weekend, and continuing on to earlier this week, Amazon sent password reset notifications to customers whose accounts were likely using recycled credentials. In somewhat related news, LeakedSource said on Tuesday they’ve added nearly 40 million hacked accounts to their database.
#1580 IoT devices as proxies for cybercrime
Multiple stories published here over the past few weeks have examined the disruptive power of hacked “Internet of Things” (IoT) devices such as routers, IP cameras and digital video recorders. This post looks at how crooks are using hacked IoT devices as proxies to hide their true location online as they engage in a variety of other types of cybercriminal activity — from frequenting underground forums to credit card and tax refund fraud.

Recently, I heard from a cybersecurity researcher who’d created a virtual “honeypot” environment designed to simulate hackable IoT devices. The source, who asked to remain anonymous, said his honeypot soon began seeing traffic destined for Asus and Linksys routers running default credentials. When he examined what that traffic was designed to do, he found his honeypot systems were being told to download a piece of malware from a destination on the Web.
#1579 A SSHowDowN in security: IoT devices enslaved through 12 year old flaw
A vulnerability which has existed for over a decade in OpenSSH has led to today's IoT devices being used in targeted attacks.

In what researchers call the "Internet of Unpatchable Things," a 12-year-old security flaw is being exploited by attackers in a recent spate of SSHowDowN Proxy attacks.

The Internet of Things (IoT) is an emerging market full of Wi-Fi and networked devices including routers, home security systems, and lighting products. While the idea of making your home more efficient and automating processes is an appealing one, unfortunately, vendors en masse are considering security as an afterthought for thousands of devices now in our homes, leaving our data vulnerable.
#1578 Feds strike another multi-national “tech support” scam
Federal authorities say a group of scammers that "bilked millions" from US consumers with pop-up ads and hijacked Web browsers has been sued by the Federal Trade Commission.

The scheme, which operates under the name Global Access Tech Support, used pop-up ads that told consumers their computers were "hacked, infected, or otherwise compromised," according to the FTC complaint (PDF) published yesterday. Consumers are then instructed to call a toll-free number in the message. The pop-ups "are typically designed so that consumers are unable to close or navigate around them, rendering consumers' web browser unusable."
#1577 Fighting the person should be cybersecurity best practice: Nuix
One major mistake organisations and governments are making in protecting their systems is neglecting the importance of focusing on the person at the end of the attack, according to Keith Lowry, senior vice president at Sydney-based intelligence, analytics, and cybersecurity software firm Nuix.

The 25-year cyber-veteran said that the majority of all insider threat programs he has been privy to begin with the foundation of technology, and that in reality, the foundation of a counter-insider threat program needs to start with recognising there is a person at the other end.

"It's about people using technology -- it's not about technology by itself -- and too many people focus on the fact that it's all technology and therefore the answer to it must be a piece of technology," Lowry said.
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12