Security Alerts & News
by Tymoteusz A. Góral

History
#1756 Secret Europol terror data found online
A police officer working for Europol exposed sensitive data about security investigations to the internet.

The European Union's law enforcement agency acknowledged the error ahead of a Dutch documentary's broadcast.

The TV programme Zembla said it had found more than 700 pages of confidential dossiers, including details of terrorism probes, on a hard drive linked to the net.

It said the networked drive was not password protected.

Europol said it had launched an investigation into the matter.

"Although this case relates to Europol sensitive information dating from around 10 years ago, Europol immediately informed the concerned member states," a spokesman for the law agency said.
#1755 The Internet of Things is making hospitals more vulnerable to hackers
Ransomware and denial of service attacks are just a glimpse of things to come: hospitals are the next big target for cyber-attacks and the introduction of Internet of Things (IoT) devices make healthcare even more vulnerable.

Connected medical devices can bring increased patient safety and efficiency, particularly if connected to clinical information systems, but European tech security agency Enisa is warning that introducing such technologies also increases risks.

As a result, it said, hospitals need to change their attitude towards security: "The need for improved, and even remote, patient care drives hospitals to transform by adapting smart solutions, ignoring sometimes the emerging security and safety issues. Nothing comes without a price: hospitals are the next target for cyber-attacks," Enisa warned.
#1754 Muni system hacker hit others by scanning for year-old Java vulnerability
The attacker who infected servers and desktop computers at the San Francisco Metropolitan Transit Agency (SFMTA) with ransomware on November 25 apparently gained access to the agency's network by way of a known vulnerability in an Oracle WebLogic server. That vulnerability is similar to the one used to hack a Maryland hospital network's systems in April and infect multiple hospitals with crypto-ransomware. And evidence suggests that SFMTA wasn't specifically targeted by the attackers; the agency just came up as a target of opportunity through a vulnerability scan.

In an e-mail to Ars, SFMTA spokesperson Paul Rose said that on November 25, "we became aware of a potential security issue with our computer systems, including e-mail." The ransomware "encrypted some systems mainly affecting computer workstations," he said, "as well as access to various systems. However, the SFMTA network was not breached from the outside, nor did hackers gain entry through our firewalls. Muni operations and safety were not affected. Our customer payment systems were not hacked. Also, despite media reports, no data was accessed from any of our servers."
#1753 The Tor Phone prototype: a truly private smartphone?
The Tor Project has long offered high-security alternatives for folk who are especially concerned about their privacy. But as the world goes mobile, and is increasingly accessed through smartphones, users become vulnerable to a whole new set of compromises.

That’s where the Tor Phone prototype comes in – and it’s just been significantly improved.
#1752 900,000 Germans knocked offline, as critical router flaw exploited
As many as 900,000 Deutsche Telekom customers were knocked offline on Sunday and Monday as an attempt was made to hijack broadband routers into a botnet.

Malicious hackers are commandeering vulnerable Zyxel and Speedport routers, commandeering them into a botnet which they can command to launch huge denial-of-service attacks against websites. The vulnerability exploits the TR-069 and TR-064 protocols, which are used by ISPs to manage hundreds of thousands of internet devices remotely.

In this particular case, an attack was able to fool the vulnerable routers into downloading and executing malicious code, with the intention of crashing or exploiting them. Compromised routers could then be commanded to change their DNS settings, steal Wi-Fi credentials, or bombard websites with unwanted traffic.
#1751 Firefox 0day in the wild is being used to attack Tor users
There's a zero-day exploit in the wild that's being used to execute malicious code on the computers of people using Tor and possibly other users of the Firefox browser, officials of the anonymity service confirmed Tuesday.

Word of the previously unknown Firefox vulnerability first surfaced in this post on the official Tor website. It included several hundred lines of JavaScript and an introduction that warned: "This is an [sic] JavaScript exploit actively used against TorBrowser NOW." Tor cofounder Roger Dingledine quickly confirmed the previously unknown vulnerability and said engineers from Mozilla were in the process of developing a patch.
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12