Security Alerts & News
by Tymoteusz A. Góral

#1803 First version of zandboxed Tor browser available
Developers at the Tor Project have started working on a sandboxed version of the Tor Browser, currently available as an early alpha version for Linux systems.

Sandboxing is a security mechanism employed to separate running processes. In computer security, sandboxing an application means separating its process from the OS, so vulnerabilities in that app can't be leveraged to extend access to the underlying operating system.

This is because the sandboxed application works with its own separate portion of disk and memory that isn't linked with the OS.
#1802 SWIFT confirms new cyber thefts, hacking tactics
Cyber attacks targeting the global bank transfer system have succeeded in stealing funds since February’s heist of $81 million from the Bangladesh central bank as hackers have become more sophisticated in their tactics, according to a SWIFT official and a previously undisclosed letter the organization sent to banks worldwide.

The messaging network in a Nov. 2 letter seen by Reuters warned banks of the escalating threat to their systems, according to the SWIFT letter. The attacks and new hacking tactics underscore the continuing vulnerability of the SWIFT messaging network, which handles trillions of dollars in fund transfers daily.

"The threat is very persistent, adaptive and sophisticated – and it is here to stay," SWIFT said in the November letter to client banks, seen by Reuters.
#1801 Malware found in the firmware of 26 low-cost Android devices
Security researchers have found malware hidden in the firmware of several low-end Android smartphones and tablets, malware which is used to show ads and install unwanted apps on the devices of unsuspecting users.
#1800 Beta firmware updates available for vulnerable Netgear routers
Netgear has begun pushing out beta versions of firmware updates that will address a critical vulnerability that was disclosed late last week.

The networking vendor also confirmed that many more routers in its Nighthawk line are vulnerable than originally reported. The flaw allows attackers to carry out command injection attacks, and are reportedly trivial to exploit.

“While we are working on the production version of the firmware, we are providing a beta version of this firmware release. This beta firmware has not been fully tested and might not work for all users,” Netgear said an advisory updated today. “NETGEAR is offering this beta firmware release as a temporary solution, but NETGEAR strongly recommends that all users download the production version of the firmware release as soon as it is available.”
#1799 Modern attacks on Russian financial institutions
Today, Virus Bulletin published the paper we presented in Denver earlier this year titled Modern Attacks on Russian Financial Institutions. In this paper, we review the different actors targeting financial institutions in this region and which systems they are targeting.

Over the past few years, attacks against Russian financial institutions have increased substantially. One key aspect of this trend is the specialization of the threat actors. This is clearly visible in some of the attacks that are highlighted in our paper, such as the one targeting the ruble exchange rate. In this case documented by Group-IB, fraudsters were able to control a trading terminal, which they used to issue buy and sell orders for the Russian ruble.
#1798 Android, iOS secure ID: Estonia says it's taking digital authentication to new levels
Using a mobile device to access e-services and provide digital signatures isn't new in Estonia. A very popular SIM-based mobile digital identity system, called Mobiil-ID, was introduced in 2007.

But now Estonia's certification authority Certification Centre, or SK, says it's going to launch a new digital authentication app for Android and iOS called Smart-ID early next year.

SK's CEO Kalev Pihl tells ZDNet that although the new app, developed with Norwegian tech firm Cybernetica, isn't built to replace the old system, it's seen as a way of drawing in all the potential clients who for various reasons are not using Mobiil-ID.
#1797 Apple ships iOS 10.2, fixes ‘Find my iPhone’ hole plus five lockscreen bugs
Apple just released iOS 10.2, the latest upgrade for its iDevices.

Lots of the articles you may have seen so far talk about the new features that were introduced, listed by Apple on the Software Update screen.
#1796 Three serious Linux kernel security holes patched
The good news is developers are looking very closely at Linux's core code for possible security holes. The bad news is they're finding them.

At least the best news is that they're fixing them as soon as they're uncovered.

The latest three kernel vulnerabilities are designated CVE-2016-8655, CVE-2016-6480, and CVE-2016-6828. Of these, CVE-2016-8655 is the worst of the bunch. It enables local users, which can include remote users with virtual and cloud-based Linux instances, to crash the system or run arbitrary code as root.
#1795 Fancy Bear ramping up infowar against Germany - and rest of West
US intelligence agencies have been forthright in their insistence that the Russian government was behind not only the hacking of the Democratic National Committee (DNC) and other political organizations in the US, but a concerted effort to undermine confidence in the results of the US presidential election, including attacks on state election officials' systems. But the US is not the only country that the Russian government has apparently targeted for these sorts of operations—and the methods used in the DNC hack are being applied increasingly in attempts to influence German politics, Germany's chief of domestic intelligence warned yesterday.

In a press release issued on December 8, Germany's Bundesamt für Verfassungsshutz (BfV), the country's domestic intelligence agency, warned of an ever-mounting wave of disinformation and hacking campaigns by Russia focused on increasing the strength of "extremist groups and parties" in Germany and destabilizing the German government. In addition to propaganda and disinformation campaigns launched through social media, the BfV noted an increased number of "spear phishing attacks against German political parties and parliamentary groups" using the same sort of malware used against the Democratic National Committee in the US.
#1794 Netgear users advised to stop using affected routers after severe flaw found
Several leading Netgear routers are vulnerable to a severe security flaw.

An advisory posted on Friday in Carnegie Mellon University's public vulnerability database (CERT) said that Netgear's R7000 and R6400 routers, running current and recent firmware respectively, are vulnerable to an arbitrary command injection flaw.

If exploited, the vulnerability could let an unauthenticated attacker run commands with root privileges.

The code to exploit the vulnerability -- effectively just a URL -- has been released publicly, allowing anyone to carry out attacks.
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12