Security Alerts & News
by Tymoteusz A. Góral

#1596 VeraCrypt 1.18 Security Assessment (PDF)
This report describes the results of the security assessment of VeraCrypt 1.18 made by Quarkslab between Aug. 16 and Sep. 14, 2016 and funded by OSTIF. Two Quarkslab engineers worked on this audit, for a total of 32 man-days of study.
#1595 Hacked Republican website skimmed donor credit cards for 6 months
A website used to fund the campaigns of Republican senators was infected with malware that for more than six months collected donors' personal information, including full names, addresses, and credit card data, a researcher said.

The storefront for the National Republican Senatorial Committee was one of about 5,900 e-commerce platforms recently found to be compromised by malicious skimming software, according to researcher and developer Willem de Groot. He said the NSRC site was infected from March 16 to October 5 by malware that sent donors' credit card data to attacker-controlled domains. One of the addresses—jquery-code[dot]su—is hosted by dataflow[dot]su, a service that provides so-called bulletproof hosting to money launderers, sellers of synthetic drugs and stolen credit card data, and other providers of illicit wares or services.
#1594 Free SSL providers spark unprecedented growth in encrypted traffic
If recent telemetry from Mozilla is indeed representative of the Internet, then it would appear that half of all traffic in transit is encrypted, a more than 10 percent jump from last December.

The emergence of free Certificate Authorities such as Let’s Encrypt, and similar gratis HTTPS certificate services offered by Cloudflare, Amazon and others has resulted in unprecedented growth of encrypted traffic.

“SSL was too difficult for too long, and in the last year, it’s gotten a lot easier,” said Josh Aas, executive director of the Internet Security Research Group and former Mozilla developer. “A lot of people know they want to use SSL, but the cost and difficulty has been a problem.”
#1593 TrickBot banking trojan could be Dyre rewrite
Despite the fact that the criminals allegedly behind the creation and distribution of the Dyre banking Trojan are in a Russian jail, a new piece of malware in the wild has enough similarities to Dyre that researchers are wondering whether there’s a connection.

The new malware is called TrickBot and for now, it’s targeting banks in Australia given a number of webinjects found in the code. TrickBot looks like a rewrite of Dyre, researchers at Fidelis Cybersecurity said, cautioning that while there are some similar aspects between the two, such as the loader used by both, there are a number of new features in TrickBot that cast some doubt on the connection.
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12