Security Alerts & News
by Tymoteusz A. Góral

History
#1715 This ransomware uses your social media profiles to personalise its demands
A newly discovered form of ransomware scrapes the social media accounts and local files of victims in order to tailor a customised demand, and threatens court action if it isn't paid.

Dubbed 'Ransoc' by cybersecurity researchers at Proofpoint due to its connection with social media including Facebook, LinkedIn, and Skype, this ransomware represents yet another evolution of the malicious software which has boomed during 2016.

It isn't the first ransomware variant to use social engineering in an attempt to scare the victim into paying up, but Ransoc is unique in how it attempts to turn the users' files against them -- especially if illegally downloaded files are on the system.

Perhaps because it focuses on exploiting this fear, Ransoc doesn't encrypt the victims' files in the same way as ransomware like Locky does, but rather makes its demands via the desktop or browser after infecting the system through malvertising traffic aimed at Internet Explorer on Windows and Safari on OS X.
#1714 Metasploitable3: An intentionally vulnerable machine for exploit testing
Metasploitable3 is a free virtual machine that allows you to simulate attacks largely using Metasploit. It has been used by people in the security industry for a variety of reasons: such as training for network exploitation, exploit development, software testing, technical job interviews, sales demonstrations, or CTF junkies who are looking for kicks.
#1713 The web-shaking Mirai botnet is splintering - but also evolving
Over the last few weeks, a series of powerful hacker attacks powered by the malware known as Mirai have used botnets created of internet-connected devices to clobber targets ranging from the internet backbone company Dyn to the French internet service provider OVH. And just when it seemed that Mirai might be losing steam, new evidence shows that it’s still dangerous—and even evolving.

Researchers following Mirai say that while the number of daily assaults dipped briefly, they’re now observing development in the Mirai malware itself that seems designed to allow it to infect more of the vulnerable routers, DVRs and other internet-of-things (IoT) gadgets it’s hijacked to power its streams of malicious traffic. That progression could actually increase the total population available to the botnet, they warn, potentially giving it more total compute power to draw on.

“There was an idea that maybe the bots would die off or darken over time, but I think what we are seeing is Mirai evolve,” says John Costello, a senior analyst at the security intelligence firm Flashpoint. “People are really being creative and finding new ways to infect devices that weren’t susceptible previously. Mirai is not going away.”
#1712 Cryptsetup vulnerability grants root shell access on some Linux systems
A vulnerability in cryptsetup, a utility used to set up encrypted filesystems on Linux distributions, could allow an attacker to retrieve a root rescue shell on some systems. From there, an attacker could have the ability to copy, modify, or destroy a hard disk, or use the network to exfiltrate data.

Cryptsetup, a utility used to setup disk encryption based on the dm-crypt kernel module, is usually deployed in Debian and Ubuntu. Researchers warned late last week that if anyone uses the tool to encrypt system partitions for the operating systems, they’re likely vulnerable.

Two researchers, Hector Marco of the University of the West of Scotland and Ismael Ripoll, of the Polytechnic University of Valencia, in Spain, disclosed the vulnerability on Friday at DeepSec, a security conference held at the Imperial Riding School Renaissance Vienna Hotel in Austria.

According to the researchers, the script with the vulnerability (CVE-2016-4484) is in the Debian cryptsetup package 2:1.7.2-3 and earlier. Systems that use Dracut, an infrastructure commonly deployed on Fedora in lieu of initramfs – a simple RAM file system directory, are also vulnerable, according to the researchers. The pair say additional Linux distributions outside of Debian and Ubuntu may be vulnerable, they just haven’t tested them yet.
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12