Security Alerts & News
by Tymoteusz A. Góral

History
#1629 HackerOne CEO: Every computer system is subject to vulnerabilities
Every computer system in the world is vulnerable to hackers and criminals, according to Marten Mickos, CEO of HackerOne. That's nothing new with major data breaches at Yahoo and the federal government.

But not to worry, teams of ethical hackers could be an answer to the growing cybersecurity concerns.

"There are far more ethical hackers, white hat hackers, in the world than criminals," Mickos told CNBC's "Squawk Alley" on Thursday. "So when you just invite the good guys to help you, you will always be safe. It's like a neighborhood watch. You're asking the good guys around you to help you see what's wrong with your system and help you fix it."
#1628 Mozilla turning TLS 1.3 on by default with Firefox 52
When Mozilla ships Firefox 52, on or around March 7, 2017, the browser will come with the cryptographic protocol TLS 1.3 on by default.

Martin Thomson, a principle engineer at Mozilla broke the news Wednesday in an email to Mozilla Development Platform members.

“TLS 1.3 removes old and unsafe cryptographic primitives, it is built using modern analytic techniques to be safer, it is always forward secure, it encrypts more data, and it is faster than TLS 1.2,” Thomson wrote.
#1627 Serious dirty COW Linux vulnerability under attack
A nine-year-old Linux vulnerability that affects most of the major distributions has been recently used in public attacks. The flaw, nicknamed Dirty Cow because it lives in the copy-on-write (COW) feature in Linux, is worrisome because it can give a local attacker root privileges.

While the Linux kernel was patched on Wednesday, the major distributions are preparing patches. Red Hat, for example, told Threatpost that it has a temporary mitigation available through the kpatch dynamic kernel patching service that customers can receive through their support contact.
#1626 Adding a phone number to your Google account can make it LESS secure.
Recently, account takeovers, email hacking, and targeted phishing attacks have been all over the news. Hacks of various politicians, allegedly carried out by Russian hackers, have yielded troves of data. Despite the supposed involvement of state-sponsored agents, some hacks were not reliant on complex zero-day attacks, but involved social engineering unsuspecting victims. These kinds of attacks are increasingly likely to be used against regular people.
#1625 Mirai-Fueled IoT botnet behind DDoS attacks on DNS providers
A botnet of connected things strung together by the Mirai malware is responsible for Friday’s distributed denial-of-service attacks against DNS provider Dyn. The DDoS attacks impacted Internet service on the East Coast of the United States, and were responsible for keeping Dyn and a number of its high-profile customers offline during different times during the day.

Level 3 Communications, a large service provider located in Colorado, said that it was monitoring the attacks and that it believed 10 percent of the IP-enabled cameras, DVRs, home networking gear and other connected devices compromised by Mirai were involved in Friday’s attacks.
#1624 Cisco develops system to automatically cut-off pirate video streams
Cisco says it has developed a system to disable live pirate streams . The network equipment company says its Streaming Piracy Prevention platform utilizes third-party forensic watermarking to shut down pirate streams in real-time, without any need to send takedown notices to hosts or receive cooperation from third parties.

While torrents continue to be one of the Internet’s major distribution methods for copyrighted content, it’s streaming that’s capturing the imagination of the pirating mainstream.
#1623 Russians seek answers to central Moscow GPS anomaly
MOSCOW (AP) — Joggers, taxi drivers, players of Pokemon Go and senior Russian officials are seeking an explanation of why mobile phone apps that use GPS are malfunctioning in central Moscow.

A programmer for Russian internet firm Yandex, Grigory Bakunov, said Thursday his research showed a system for blocking GPS was located inside the Kremlin, the heavily guarded official residence of Russian President Vladimir Putin.

Users of GPS have complained on social media in recent months that when they are near the Kremlin their GPS-powered apps stop working or show them to be in Moscow's Vnukovo airport, 29 kilometers (18 miles) away.

The problem has frustrated those requesting taxis via services such as Uber or looking to catch Pokemons in the popular game played on mobile devices. Large numbers of people running the Moscow marathon last month complained that their jogging apps lost track of how far they had run when they passed the Kremlin.
#1622 Hacked cameras, DVRs powered today’s massive internet outage
A massive and sustained Internet attack that has caused outages and network congestion today for a large number of Web sites was launched with the help of hacked “Internet of Things” (IoT) devices, such as CCTV video cameras and digital video recorders, new data suggests.

Earlier today cyber criminals began training their attack cannons on Dyn, an Internet infrastructure company that provides critical technology services to some of the Internet’s top destinations. The attack began creating problems for Internet users reaching an array of sites, including Twitter, Amazon, Tumblr, Reddit, Spotify and Netflix.
#1621 Using Rowhammer bitflips to root Android phones is now a thing
Researchers have devised an attack that gains unfettered "root" access to a large number of Android phones, exploiting a relatively new type of bug that allows adversaries to manipulate data stored in memory chips.

The breakthrough has the potential to make millions of Android phones vulnerable, at least until a security fix is available, to a new form of attack that seizes control of core parts of the operating system and neuters key security defenses. Equally important, it demonstrates that the new class of exploit, dubbed Rowhammer, can have malicious and far-reaching effects on a much wider number of devices than was previously known, including those running ARM chips.
#1620 Free tool protects PCs from master boot record attacks
Cisco's Talos team has developed an open-source tool that can protect the master boot record of Windows computers from modification by ransomware and other malicious attacks.

The tool, called MBRFilter, functions as a signed system driver and puts the disk's sector 0 into a read-only state. It is available for both 32-bit and 64-bit Windows versions and its source code has been published on GitHub.

The master boot record (MBR) consists of executable code that's stored in the first sector (sector 0) of a hard disk drive and launches the operating system's boot loader. The MBR also contains information about the disk's partitions and their file systems.
#1619 Dyn DDoS part 2: The hackers strike back
I told you so. I warned you we were on the verge of attacks that could knock the internet off, and now we're seeing the first of them. Dyn, a major Domain Name System (DNS) service provider, is being assaulted by a global Distributed Denial of Service (DDoS) attack. Because Dyn provides DNS services for household-name websites such as AirBnB, GitHub, Spotify, Reddit, and Twitter, these sites have essentially been down for hours.

At this point we don't know a lot about the attacks. We can presume they are massive in scale. How big is that? Try terabit-per-second DDoS levels.

According to Andrew Sullivan, Dyn fellow and chair of the Internet Architecture Board on the Internet Outage announcement mailing list, the attack is being made against "the Dyn managed DNS infrastructure, which is the anycast deployment." This is the service that major companies use to make sure their DNS services work smoothly. Without these services -- think of them as the internet's master phonebook -- you can't easily find websites.
#1618 Dyn, a managed DNS service, hit with attack, popular sites see performance issues
Dyn, which provides managed domain name service via its Anycast Network, said it has been hit by a distributed denial of service attack that has led to spotty performance by a bevy of popular sites such as Reddit and Twitter.

The DDOS attack notice was posted on Dyn's web site. The incident is affecting Dyn's customers in the US East Coast region. Although the Dyn customer sites are appearing they seem to be slow. We've received a few reports that sites were down too.
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12