Security Alerts & News
by Tymoteusz A. Góral

History
#1592 These free ransomware decryption tools have rescued data from 2,500 locked devices
A set of free ransomware decryption tools has helped 2,500 people rescue their data, depriving cyber-crooks of more than €1.35 million in ransom.

The tools -- part of the No More Ransom project -- were launched three months ago by the Dutch National Police, Europol, Intel Security, and Kaspersky Lab.

During the first two months, more than 2,500 people have managed to decrypt their devices without having to pay criminals, using the main decryption tools on the site (CoinVault, WildFire, and Shade), Europol said. On average 400,000 people visit the website every day.

"This has deprived cybercriminals of an estimated €1.35 million in ransoms," said Europol.
#1591 Fantastic malware and where to find them
We, as malware analysts, are always in need for new samples to analyze in order to learn, train or develop new techniques and defenses. I’m sharing here my private collection of repositories, databases and lists which I use on a daily basis. Some of them are updated frequently and some of them are not. The short description under each link wasn’t written by me, it was written by the owners of the repositories.
#1590 Android banking trojan asks for selfie with your ID
In the first half of 2016 we noticed that Android banking Trojans had started to improve their phishing overlays on legitimate financial apps to ask for more information. Victims were requested to provide “Mother’s Maiden Name,” “Father’s Middle Name,” “Maternal Grandmothers Name,” or a “Memorable Word.” Attackers used that data to respond to security questions and obtain illegal access to the victims’ bank accounts.

Recently the McAfee Labs Mobile Research Team found a new variant of the well-known Android banking Trojan Acecard (aka Torec, due to the use of Tor to communicate with the control server) that goes far beyond just asking for financial information. In addition to requesting credit card information and second-factor authentication, the malicious application asks for a selfie with your identity document—very useful for a cybercriminal to confirm a victim’s identity and access not only to banking accounts, but probably also even social networks.
#1589 Beware of all-powerful DDoS malware infecting cellular gateways, feds warn
This week, the US government-backed ICS-CERT warned that the troubling new generation of computer attacks is powered by malware that can infect cellular modems used to connect automotive and industrial equipment to the Internet.

An advisory published Wednesday listed five industrial control devices manufactured by Sierra Wireless that are vulnerable to malware known as Mirai when default passwords that ship with the equipment aren't changed on the gateways. The advisory referenced a separate notice from Sierra Wireless (PDF) that reported infections have succeeded against actual devices by connecting to the ACEmanager, a graphical interface used to remotely administer and configure them.
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12