Security Alerts & News
by Tymoteusz A. Góral

History
#1705 CrySis ransomware master decryption keys released
The threat posed by a ransomware family known as CrySis was diminished considerably on Sunday when the master decryption keys were released to the public.

Researchers at Kaspersky Lab said they have already folded the keys into the company’s Rakhni decryptor and victims of CrySis versions 2 and 3 now have a means of recovering their lost files.

The key was posted at 1 a.m. Eastern time to the BleepingComputer.com forums by a user known only as crss7777, said founder Lawrence Abrams. Abrams speculates that it could have been the ransomware developer who posted the key on the site’s CrySis support forum page; the post included a Pastebin link to a header file written in C that contains the master decryption keys and instructions on how to use them.
#1704 Australian banks dismiss Android NFC past in Apple Pay negotiations
Sorry Australians with an Android phone, but you simply don't spend enough money to make it worthwhile to develop NFC solutions for you -- that would be one way to sum up the latest joint submission from CBA, NAB, Westpac, and Bendigo Bank to seek approval from the Australian Competition and Consumer Commission (ACCC) to collectively negotiate with Apple to gain access to the NFC element within iPhones.

The joint submission [PDF] from the banks is a response to those that have gone before it from Apple and the general public that have called on the ACCC to stare down the banks.

Core to the bank's argument is the idea that the public will benefit if Apple is made to acquiesce and hand over access to its precious NFC hardware.

"Without access to the iPhone's NFC functionality, there simply will not be the same incentives and ability to innovate for the benefit of Australian customers on either the iPhone platform or other platforms," the submission from the banks concludes.
#1703 Snapchat, Skype among apps not protecting users’ privacy
Tech companies like Snapchat and Skype’s owner Microsoft are failing to adopt basic privacy protections on their instant messaging services, putting users’ human rights at risk, Amnesty International said today.

The organization’s new ‘Message Privacy Ranking’ assesses the 11 companies with the most popular messaging apps on the way they use encryption to protect users’ privacy and freedom of expression across their messaging apps.
#1702 AdultFriendFinder network hack exposes 412 million accounts
A massive data breach targeting adult dating and entertainment company Friend Finder Network has exposed more than 412 million accounts.

The hack includes 339 million accounts from AdultFriendFinder.com, which the company describes as the "world's largest sex and swinger community."

That also includes over 15 million "deleted" accounts that wasn't purged from the databases.

On top of that, 62 million accounts from Cams.com, and 7 million from Penthouse.com were stolen, as well as a few million from other smaller properties owned by the company.

The data accounts for two decades' worth of data from the company's largest sites, according to breach notification LeakedSource, which obtained the data.
#1701 Smartphone WiFi signals can leak your keystrokes, passwords, and PINs
The way users move fingers across a phone's touchscreen alters the WiFi signals transmitted by a mobile phone, causing interruptions that an attacker can intercept, analyze, and reverse engineer to accurately guess what the user has typed on his phone or in password input fields.

This type of attack, nicknamed WindTalker, is only possible when the attacker controls a rogue WiFi access point to collect WiFi signal disturbances.

Control over the WiFi access point is also imperial since the attacker must also know when to collect WiFi signals from the victim, in order to capture the exact moment when the target enters a PIN or password.

The attacker can achieve this by using the access over the WiFi access point to sniff the user's traffic and detect when he's accessing pages with authentication forms.
#1700 Russian banks hit by cyber-attack
Five Russian banks have been under intermittent cyber-attack for two days, said the country's banking regulator.

The state-owned Sberbank was one target of the prolonged attacks, it said.

Hackers sought to overwhelm the websites of the banks by deluging them with data in what is known as a Distributed Denial of Service (DDoS) attack.

Security firm Kaspersky said the attacks were among the largest it had seen aimed at Russian banks.
#1699 BlackNurse low-volume DoS attack targets firewalls
A type of denial of service attack relevant in the 1990s has resurfaced with surprising potency against modern-day firewalls. Dubbed a BlackNurse attack, the technique leverages a low-volume Internet Control Message Protocol (ICMP) -based attack on vulnerable firewalls made by Cisco, Palo Alto, SonicWall and others, according to researchers.

TDC Security Operations Center, a security firm that published a technical report (PDF) on BlackNurse this week, said the attack is more traditionally called a “ping flood attack.” In this type of assault, traffic volume doesn’t matter as much as the type of packets sent, researchers said.

According to TDC, BlackNurse is based on ICMP Type 3 (Destination Unreachable) Code 3 (Port Unreachable) requests. These are packet replies typically returned to ping sources indicating the destination port is “unreachable,” according to researchers.
#1698 OpenSSL patches high-severity DoS bug
OpenSSL on Thursday patched three vulnerabilities in its latest update, and reminded users running version 1.0.1 of the cryptographic library that that security support will end Dec. 31.

Of the three bugs, only one was rated high severity and could lead to OpenSSL crashes. Only OpenSSL 1.1.0 is affected, earlier versions are not. Users should upgrade to OpenSSL 1.1.0c.

The vulnerability was privately disclosed by Robert Swiecki, an information security engineer at Google.

The flaw affects TLS connections using ChaCha20-Poly1305, OpenSSL said; ChaCha20-Poly1305 is a ciphersuite in AEAD mode, and was recently standardized.

“TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash,” OpenSSL said. “This issue is not considered to be exploitable beyond a DoS.”
#1697 Tech support scammers bite Chrome users with forgotten 2014 bug
Tech support scammers have started exploiting a two-year-old bug in Google Chrome to trick victims into believing their PC is infected with malware.

The bug was discovered in Chrome 35 in July 2014 in the history.pushState() HTML5 function, a way of adding web pages into the session history without actually loading the page in question.

The developer who reported the issue published code showing how to add so many items into Chrome’s history list that the browser would effectively freeze.

It’s taken a while for cybercriminals to get around to exploiting this bug, but they’re now using it in a new attack reported by researcher slipstream/RoL.

From the descriptions of those who fell foul of the attack, Chrome would pop up a 'Prevent this page from creating additional dialogs' window, after which the browser would lock up.
#1696 New attack reportedly lets 1 modest laptop knock big servers offline
Researchers said they have discovered a simple way lone attackers with limited resources can knock large servers offline when they're protected by certain firewalls made by Cisco Systems and other manufacturers.

The denial-of-service technique requires volumes of as little as 15 megabits, or about 40,000 packets per second, to sever the Internet connection of vulnerable servers. The requirements are in stark contrast to recent attacks targeting domain name service provider Dyn and earlier security site KrebsOnSecurity and French Web host OVH. Those assaults bombarded sites with volumes approaching or exceeding 1 terabit per second. Researchers from Denmark-based TDC Security Operations Center have dubbed the new attack technique BlackNurse.
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12