Security Alerts & News
by Tymoteusz A. Góral

#1793 Sony closes backdoors in IP-enabled cameras
Sony, in late November, provided a firmware update for a popular IP-enabled camera line used by enterprises and law enforcement alike that closed off remote administration backdoors. The backdoors could be abused to draft these devices into botnets or allow for manipulation of images and advancement into the network.

The update for the Sony IPELA Engine IP Cameras was made available Nov. 28, more than a month after it was privately disclosed by SEC-Consult researcher Stefan Viehbock.

“An attacker can use cameras to take a foothold in a network and launch further attacks, disrupt camera functionality, send manipulated images/video, add cameras into a Mirai-like botnet or to just simply spy on you,” SEC-Consult wrote today in its public disclosure. The company said 80 different Sony cameras were backdoored.
#1792 Researchers find fresh fodder for IoT attack cannons
New research published this week could provide plenty of fresh fodder for Mirai, a malware strain that enslaves poorly-secured Internet of Things (IoT) devices for use in powerful online attacks. Researchers in Austria have unearthed a pair of backdoor accounts in more than 80 different IP camera models made by Sony Corp. Separately, Israeli security experts have discovered trivially exploitable weaknesses in nearly a half-million white-labeled IP camera models that are not currently sought out by Mirai.

In a blog post published today, Austrian security firm SEC Consult said it found two apparent backdoor accounts in Sony IPELA Engine IP Cameras — devices mainly used by enterprises and authorities. According to SEC Consult, the two previously undocumented user accounts — named “primana” and “debug” — could be used by remote attackers to commandeer the Web server built into these devices, and then to enable “telnet” on them.
#1791 Zeus variant ‘Floki bot’ targets PoS data
Researchers have observed an uptick in attacks using the banking malware Floki Bot against U.S., Canadian and Brazilian banks, and insurance firms.

Floki Bot, which uses code from the once notorious Zeus banking Trojan, has evolved and unlike its predecessor, is targeting point-of-sale systems via aggressive spear phishing campaigns and the RIG exploit kit.

Cisco Talos and Flashpoint security researchers coordinated the release of reports on Floki Bot on Wednesday. Both firms warn the malware is quickly gaining popularity within Dark Web criminal forums.

“Floki Bot is currently being actively bought and sold on several darknet markets,” wrote Cisco Talos in its report released Wednesday. “It will likely continue to be seen in the wild as cybercriminals continue to attempt to leverage it to attack systems in an aim to monetize their efforts.”
#1790 Bluetooth 5 official: Faster data transfer, increased range for seamless IoT
The Bluetooth Special Interest Group on Wednesday announced the next generation of Bluetooth, called Bluetooth 5, is set for new devices in the coming months.

First shown this summer, Bluetooth 5 is said to have doubled data-transfer speeds, quadrupled network range, and eight times broadcast message capacity over Bluetooth 4. Bluetooth 5 also includes updates to reduce interference with other Bluetooth devices.

The new standard comes as smart home devices, fitness trackers, and more rely heavily on the wireless standard during the Internet of Things (IoT) era. Now, on Wednesday, technology firms can begin work to release products with Bluetooth 5.
#1789 PowerShell threats surge: 95.4 percent of analyzed scripts were malicious
Malicious PowerShell scripts are on the rise, as attackers are using the framework’s flexibility to download their payloads, traverse through a compromised network, and carry out reconnaissance. Symantec analyzed PowerShell malware samples to find out how much of a danger they posed.

Of all of the PowerShell scripts analyzed through the BlueCoat Malware Analysis sandbox, 95.4 percent were malicious. This shows that externally sourced PowerShell scripts are a major threat to enterprises.
#1788 Goldeneye ransomware: the resumé that scrambles your computer twice
Hindsight is a wonderful thing.

With hindsight, few of us would ever fall victim to ransomware: most ransomware attacks rely on talking us past at least one security speed bump…

…and those speed bumps sometimes seem very obvious after the event.

Nevertheless, even the most careful and self-confident of us – and all of us who haven’t been hit by ransomware – need to admit that there are times when we’ve behaved online in a way that ended well, but more by accident than by design.

In other words, we’ve all opened emails and attachments that turned out to be unwanted but didn’t lead to malware, only to wonder afterwards quite what it was about the email or the document that made us trust it.
#1787 Here are some best practices for preventing DDoS attacks
Distributed denial-of-service (DDoS) made lots of headlines in late October when a massive DDoS attack on Domain Name System (DNS) service provider Dyn temporarily disrupted some of the most popular sites on the internet.

As with any other major cyber security breach, the attack likely has many boards of directors and CEOs wondering whether their organization might be next, and what can be done to defend against such incidents.

DDoS attacks are clearly on the rise. A report by content delivery network provider Akamai earlier this year said such incidents are increasing in number, severity and duration. It noted a 125 percent increase in DDoS attacks year over year and a 35 percent jump in the average attack duration.
#1786 Ransomware gives free decryption keys to victims who infect others
Researchers say they have uncovered ransomware still under development that comes with a novel and nasty twist.

Infected victims of the ransomware known as Popcorn Time, have the option to either pay up, or they can opt to infect two others using a referral link. If the two new ransomware targets pay the ransom, the original target receives a free key to unlock files on their PC.

“I have never seen anything like this in ransomware. This is definitely a first,” said Lawrence Abrams who runs and who was first to report on the Popcorn Time ransomware.
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12