Security Alerts & News
by Tymoteusz A. Góral

History
#311 Snapchat employee data leaks out following phishing attack
“Last Friday, Snapchat’s payroll department was targeted by an isolated email phishing scam in which a scammer impersonated our Chief Executive Officer and asked for employee payroll information,” Snapchat explained in a blog post. “Unfortunately, the phishing email wasn’t recognized for what it was — a scam — and payroll information about some current and former employees was disclosed externally.”
#310 Largely undetected Mac malware suggests disgraced HackingTeam has returned
Researchers have uncovered what appears to be newly developed Mac malware from HackingTeam, a discovery that's prompting speculation that the disgraced malware-as-a-service provider has reemerged since last July's hack that spilled gigabytes worth of the group's private e-mail and source code.
#309 Ukraine cyber-attacks 'could happen to UK'
A recent cyber-attack on Ukraine's electricity network could be replicated in the UK, according to a member of a US investigation into the resulting blackout.
#308 ATMZombie: banking trojan in Israeli waters
On November 2015, Kaspersky Lab researchers identified ATMZombie, a banking Trojan that is considered to be the first malware to ever steal money from Israeli banks. It uses insidious injection and other sophisticated and stealthy methods. The first method, dubbed “proxy-changing”, is commonly used for HTTP packets inspections. It involves modifying browser proxy configurations and capturing traffic between a client and a server, acting as Man-In-The-Middle.
#307 IoT call home: peer-seeking webcam reveals the security dangers of internet of things
Last week security blogger Brian Krebs revealed that a popular internet-enabled security camera “secretly and constantly connects into a vast peer-to-peer network run by the Chinese manufacturer of the hardware.”
#306 JOHN MCAFEE: The NSA's backdoor has given every US secret to our enemies
While the NSA was monitoring our perceived Middle Eastern enemies, the Chinese and Russians, and god knows who else, were making off with every important secret in the US, courtesy of the NSA’s back door. The NSA failed to notice that 50% of Jupiter Network users were American, and the majority of those were within the US Government.
#305 Why you cannot trust GPS in China
When used in China, Apple’s maps are subject to “a varying offset [of] 100-600m which makes annotations display incorrectly on the map.” In other words, everything there—roads, nightclubs, clothing stores—appears to be 100-600 meters away from its actual, terrestrial position. The effect of this is that, if you check the GPS coordinates of your friends, as blogger Jon Pasden writes, “you’ll likely see they’re standing in a river or some place 500 meters away even if they’re standing right next t
#304 Mozilla breaks its own promise, allows Symantec to issue insecure certificates
Mozilla has decided to grant an exemption to its SHA-1 certificate ban and allow Symantec to issue nine new certificates for one of its clients Worldpay PLC.
#303 IRS taxpayer data theft seven times larger than originally thought
Investigators found that "390,000 additional taxpayer accounts" were affected. Fraudsters tried to target an additional 295,000 taxpayer transcripts than previously thought, but "access was not successful," the IRS said.
#302 Most software already has a “golden key” backdoor — it’s called auto update
Software updates are just another term for cryptographic single-points-of-failure.
#301 Cisco FirePOWER Management Center unauthenticated information disclosure vulnerability
The device login page in Cisco FirePOWER Management Center 5.3 through 6.0.0.1 allows remote attackers to obtain potentially sensitive software-version information by reading help files, aka Bug ID CSCuy36654.
#300 90 percent of all SSL VPNs use insecure or outdated encryption
Information security firm High-Tech Bridge has conducted a study of SSL VPNs (Virtual Private Networks) and discovered that nine out of ten such servers don't provide the security they should be offering, mainly because they are using insecure or outdated encryption.
#299 While it defies US government, Apple abides by China's orders — and reaps big rewards
Since the iPhone was officially introduced in China seven years ago, Apple has overcome a national security backlash there and has censored apps that wouldn't pass muster with Chinese authorities. It has moved local user data onto servers operated by the state-owned China Telecom and submits to security audits by Chinese authorities.
#298 Angler Exploit Kit learns new tricks, finds home on popular website
Karl Sigler, a Trustwave SpiderLabs researcher, told Threatpost his lab found the Anger Exploit Kit on a popular website for the second time in a week, exposing just under million visitors monthly to possible TeslaCrypt ransomware infections. Sigler said Trustwave researchers spotted the exploit on Extendoffice[.]com, a site that sells software for customizing Microsoft Office software applications.
#297 Tor Project accuses CloudFlare of mass surveillance, sabotaging Tor traffic
The issue, raised by a Tor Project member, revolves around a series of measures that CloudFlare implemented to fight malicious traffic coming from the Tor network. These measures are also affecting legitimate Tor users.
#296 How hackers are making the worst-case security scenario ever worse
Cybercriminals and hackers are becoming more disruptive, increasing engaging in cyberattacks with aims ranging from destroying businesses, to stealing data to taunting executives while holding them to ransom.
#295 Google envisages new hard disk format design for data centres
Google has made a call for technology manufacturers to consider developing new hard drives, intended primarily for data centre use, which abandon the traditional 3.5” dimension format in favour of taller designs.
#294 Hackers behind Ukraine power cuts, says US report
The December 2015 incident is thought to be the first known successful hack aimed at utilities. The report, written by the Department of Homeland Security, is based on interviews with staff at Ukrainian organisations that dealt with the aftermath of the attack. The DHS report did not name the suspected perpetrators.
#293 SocioSpyder: the tool bought by the FBI to monitor social media - Facebook Twitter YouTube Google+ LinkedIn
By examining public records, Motherboard has found one of the pieces of software that the Federal Bureau of Investigation (FBI) has purchased for gleaning information from sites such as Facebook, Twitter, YouTube and Google+. Motherboard also found public LinkedIn profiles for intelligence analysts which seem to reaffirm the agency's use of the tool.
#292 FighterPOS PoS malware gets worm routine
FighterPOS, a point-of-sale (PoS) malware that was used in a one-man cybercriminal operation to steal over 22,000 unique credit card numbers and affected more than 100 PoS terminals in Brazil and other countries.
#291 Porn clicker trojans keep flooding Google Play
ESET researchers have found 343 malicious porn clicker trojans, which ESET detects as Android/Clicker, on Google Play over the last seven months – and their numbers keep rising. In one of the largest malware campaigns on the Google Play Store yet, criminals continue to upload further variants of these malicious apps to the official app store for the Android mobile platform.
#290 Breached Credit Union comes out of its shell
It’s not clear yet whether the hackers who hit the credit union’s site did anything other than install the backdoor, but Kuenzler wrote that in his case the intruders indeed used their access to relay spam. The attackers could just have easily booby-trapped the credit union’s site to foist malicious software disguised as a security update when customers tried to log in at the site.
#289 Malware and skimmer, explosions and hammers: How attackers go after ATM
What was the best way to steal cash from an ATM in 2015? Skimming still remains king, but a survey of 87 members of the ATM Industry Association (ATMIA) says that card trapping and transaction reversal fraud are on the rise around the world.
#288 KeyBase keylogger usage explodes after getting leaked online
KeyBase is a spyware family that can capture keystrokes, steal data from the user's clipboard, and take screenshots of the victim's desktop at regular intervals.

The malware was created in February 2015 but was seen for the first time in June when the same Palo Alto researchers stumbled upon an unprotected server (control panel) where KeyBase was sending its screenshots.
#287 Drupal update fixes 10 vulnerabilities, one critical
Developers at Drupal addressed 10 vulnerabilities in the content management system this week, including a critical access bypass issue that could have let users access certain elements thought to be blocked, and another issue that could lead to remote code execution.
#286 Op-ed: The international politics of VPN regulation
Repressive nations are pursuing increasingly diverse strategies for curbing VPN use.
#285 Malicious websites exploit Silverlight bug that can pwn Macs and Windows
The critical code-execution vulnerability, which Microsoft patched last month, was actively exploited for two years in attack code owned by Italy-based exploit broker Hacking Team. As Ars reported last July, the Silverlight exploit came to light following a hack on Hacking Team's network that exposed gigabytes worth of private e-mails and other data. Researchers with Russian antivirus provider Kaspersky Lab later discovered the vulnerability being exploited in the wild and privately reported it
#284 Have we been hit by hackers? No idea, CIOs admit
Current security practices mean data breaches can take six months to detect, warns a new survey.
#283 PWC report: businesses are leaving themselves vulnerable due to lack of understanding over risks.
"The insidious nature of this threat is such that of the 56 percent who say they are not victims, many have likely been compromised without knowing it. A concerning trend we have observed is that of hackers managing to remain on organisations' networks for extended periods of time without being detected," says the report, which comes following another study suggesting that businesses are often unaware that they've been breached.
#282 Advertisers need four apps to identify you
A study from the French Institute for Research in Computer Science and Automation found the majority of mobile phone users can be re-identified in a dataset by as few as four of the apps they had installed on their smartphones, raising privacy concerns as platforms increasingly share app data with advertisers.
#281 G DATA Mobile Malware Report (PDF) - 758,133 new Android malware Q4 2015
G DATA security experts identified 758,133 new Android malware files in the fourth quarter of 2015.
#280 CTB-Locker/Critroni finds new legs targeting websites
After months of relative dormancy, ransomware CTB-Locker or Critroni is back and this time finding new life targeting websites. Researchers are calling this variant “CTB-Locker for Websites” because it targets websites, encrypts their content, and demands a 0.4 bitcoin ($425) ransom for access to the decryption key.
#279 Windows 10 is showing ads on your lockscreen, here's how to turn them off
Windows 10's new Spotlight feature usually shows you neat photographs and fun facts when you first start your computer. Now, it’s started showing ads. Here’s how to turn it off.
#278 Project Shield, Google’s free DDoS protection service, is now open to any news site
Project Shield is now out of its invite-only beta period to offer free DDoS protection to news publications that apply for it. In particular, it is aimed at smaller news sites who do not have the resources to pay for costly protection against cyber attacks. However, it will also be open to any independent site that appears in Google News, including larger corporate publications.
#277 Carnegie Mellon Uni. (CMU) researchers were hired by the federal government to break Tor
A federal judge in Washington has now confirmed what has been strongly suspected: that Carnegie Mellon University (CMU) researchers at its Software Engineering Institute were hired by the federal government to do research into breaking Tor in 2014. The judge also made a notable statement in his court order that "Tor users clearly lack a reasonable expectation of privacy in their IP addresses while using the Tor network."
#276 Japan considers treating bitcoins the same as real money
TOKYO -- Japanese financial regulators have proposed handling virtual currencies as methods of payment equivalent to conventional currencies, a step that would strengthen consumer protection and spur growth in the virtual economy.
#275 Siri for Mac will be one of OSX 10.12’s major new features
Apple's Siri personal assistant will finally be coming to OS X 10.12 when the OS is released later this year, according to a report from 9to5Mac.
#274 Tor users blocked or faced with CAPTCHA if IP address matches known exit node.
About 1.3 million IP addresses—including those used by Google, Yahoo, Craigslist, and Yelp—are turning users of the Tor anonymity network into second-class Web citizens by blocking them outright or degrading the services offered to them, according to a recently published research paper.
#273 Attackers can turn Microsoft's exploit defense tool EMET against itself
Hackers can easily disable the Microsoft Enhanced Mitigation Experience Toolkit (EMET), a free tool used by companies to strengthen their Windows computers and applications against publicly known and unknown software exploits.
#272 ASUS hit by FTC with 20-year audit for bungled router security
The US Federal Trade Commission has come down hard on ASUS for putting consumers at risk from router and cloud security failings.
#271 Operation Blockbuster revealed
Kaspersky Lab has joined industry alliance driven by Novetta to announce Operation Blockbuster. Just like the previous Operation SMN, this alliance brings together key players in the IT security industry, working together in an effort to disrupt and neutralize multiple cyberespionage campaigns that have been active for several years. Some of the targets of these campaigns included financial institutions, media houses and manufacturing companies, among others.
#270 Secure messaging app Telegram hits 100 million users
Messaging service now delivering 15 billion messages every day, adding 350,000 users a day.
#269 Citizen Lab: Baidu Browser transmitting IMEI, location, URLs visited, CPU model
Citizen Lab has released a security report that found a large amount of personal data is being transmitted in the open, or with bad encryption, by Baidu browser on Android and Windows.
#268 Top ten OS for ethical hackers and security researchers
A comprehensive list of most popular operating systems among hackers all around the world.
#267 Researchers create super-efficient WiFi - consumes 10,000 times less power
A team of computer scientists and electrical engineers from the University of Washington has developed an extremely power-efficient version of Wi-Fi wireless networking technology that consumes 10,000 times less power than the current Wi-Fi components, allowing Wi-Fi networking to be built into a much wider range of devices.
#266 Cross-site scripting (XSS) enabled on 1000 major sites – including financial
A CloudFlare engineer has discovered that 1000 of the top one million websites, including bitcoin holding sites and trading sites, are running a default setting that enables the biggest security menace on the internet – cross-site scripting.
#265 Mousejack attacks abuse vulnerable wireless keyboard, Mouse dongles
Researchers at Bastille Networks today said that non-Bluetooth devices from seven manufacturers including Logitech, Dell and Lenovo are vulnerable to so-called Mousejack attacks that would allow a hacker within 100 meters to abuse this attack vector and install malware or use that machine as pivot point onto the network.
#264 Justice Department wants Apple to extract data from 12 other iPhones
The U.S. Department of Justice is pursuing additional court orders that would force Apple to help federal investigators extract data from twelve other encrypted iPhones that may contain crime-related evidence, according to The Wall Street Journal.
#263 Japan's critical infrastructure under 'escalating' cyber-attack
The research arm of security company Cylance, SPEAR, has released a report entitled Operation Dust Storm that details cyber-attacks, starting in 2010 and spanning multiple years and vectors, against major industries spread across Japan, South Korea, the United States, Europe and several other Southeast Asian countries.
#262 Lockdroid ransomware variants created directly on Android mobile devices
Symantec has seen several variants of a known ransomware family (Android.Lockdroid.E) that were developed on Android devices using the Android integrated development environment (AIDE). The surge in adoption of these new development techniques has been limited to a small subset of Android ransomware groups. However, the ability to create malware on mobile devices may open up new avenues in the future creation of malware.
#261 German police allowed to use its own “federal Trojan”
The German Interior Ministry has approved for investigative use a spying Trojan developed by the German Federal Criminal Police (a so-called “federal Trojan”). In fact, it could end up being used as early as this week.
#260 New Silverlight attacks appear in angler exploit kit
Exploits for a vulnerability in Microsoft Silverlight have found their way into the dangerous Angler Exploit Kit a little more than a month after it was patched.
#259 IRS Warns Tax-Related Phishing, Malware Surging
A 400 percent surge in tax-related phishing and malware incidents is making this tax season the most treacherous yet for taxpayers. According to an Internal Revenue Service bulletin, this year’s attacks include the tried-and-true email phishing, but also newer forms of attacks that include bogus text messages and attempts to trick people into handing over credentials to third-party tax preparation service accounts.
#258 Google takes on Facebook messaging: New Android push aims at richer SMS
Google and a group of the world's largest telecoms providers are teaming up on an Android initiative to accelerate Rich Communications Services (RCS) adoption.
#257 uKnowKids.com database error exposed sensitive information on 1,700 kids
On Monday, it was disclosed that the child monitoring service had a misconfigured MongoDB installation, which left sensitive details about the children who were enrolled exposed for months. The database exposing the children's records was discovered by researcher Chris Vickery
#256 Chinese devs abuse free Apple app-testing certs to install pirated apps
A Chinese iOS application recently found on Apple's official store contained hidden features that allow users to install pirated apps on non-jailbroken devices. Its creators took advantage of a relatively new feature that lets iOS developers obtain free code-signing certificates for limited app deployment and testing.
#255 Airport Experiment Shows That People Recklessly Connect to Any Open WiFi Hotspot
In just four hours, researchers were surprised that more than 2,000 users connected to these hotspots based solely on their name (SSID), throwing all security practices to the side just for the sake of free Internet access.
#254 HTTP GZIP leaks data on the general location of Tor websites
Jose Carlos Norte, developer for the eyeOS virtual desktop project, has discovered an obscure setting in the HTTP GZIP compression format that may help authorities identify the timezone and general location of a Tor-based server.
#253 Linux kernel bug delivers corrupt TCP/IP data to Mesos, Kubernetes, Docker containers
The Linux Kernel has a bug that causes containers that use veth devices for network routing (such as Docker on IPv6, Kubernetes, Google Container Engine, and Mesos) to not check TCP checksums.
#252 Source code for Android banking malware leaked
Source code for the potent Android malware GM Bot has been leaked to underground forums, according to IBM security experts. The impact, IBM X-Force threat intelligence says, will be an uptick in GM Bot variants and the number of attacks targeting financial applications on Android-based devices.
#251 Australia is the leading country where users are attacked by mobile banking Trojans
The modifications of Acecard were written by the same cybercriminals who earlier created Backdoor.AndroidOS.Torec.a, the first TOR Trojan for Android, as well as Trojan-Ransom.AndroidOS.Pletor.a, the first encryptor for mobile devices. All three Trojans run on Android.
#250 Russian bank employees received fake job offers in targeted email attack Trojan.Ratopak
Employees at six Russian banks were sent spoofed emails delivering Trojan.Ratopak in a narrow, targeted attack.
#249 MWC 2016: Mastercard rolls out selfie and fingerprints ID checks
Credit card firm Mastercard has confirmed it will accept selfie photos and fingerprints as an alternative to passwords when verifying IDs for online payments.
#248 Web Authentication Working Group will finally kill passwords
The W3C, which creates standards that guide the future of the Web, has formed a new group with one goal: remove the need for passwords entirely by creating a better way to log in.
#247 Beware of Backdoored Linux Mint ISOs
Yesterday a blog post on “The Linux Mint Blog” caught our attention. Apparently criminals managed to compromise a vulnerable instance of WordPress which the project used to run their website. The attackers modified download links pointing to backdoored ISO files of Linux Mint 17.3 Cinnamon edition. This “should only impact people who downloaded this edition on February 20th”, the author of the blog stated.
#246 Google AdWords switching to 4 ads on top, none on sidebar
It seems that Google is rolling out a change to Google AdWords that sees 4 ads at the top of the search results, none on the sidebar at all, and an additional 3 ads at the bottom of the search results. This replaces the usual mix of top, bottom and sidebar-heavy AdWords ads, depending on the specific search result.
#245 New Open Connectivity Foundation will further innovation of the Internet of Things
The OCF will create a set of open specifications and protocols to enable devices from a variety of manufactures to securely and seamlessly interact with one another. Regardless of the manufacturer, operating system, chipset or transport – devices that adhere to the OCF specifications will simply work together.
#244 Joomla sites join WordPress as TeslaCrypt ransomware target
“The group behind the WordPress ‘admedia’ campaign is now apparently targeting Joomla sites,” said Brad Duncan, security researcher at Rackspace. “We are starting to see the same traffic characteristics in infections that are associated with Joomla sites – as we did with the WordPress campaign,” Duncan said.
#243 Tor: 'Mystery' spike in hidden addresses
Prof Woodward noted there had not been a similar increase in .onion sites in the history of the Tor network.

"Something unprecedented is happening, but at the moment that is all we know," he told the BBC.
#242 Exposed VNC server discovered in comodo gear
Publicly disclosed yesterday on the Google Project Zero site, Ormandy said that a tech support application called GeekBuddy installed with Comodo Internet Security also drags along with it a VNC server that is enabled by default.
#241 AirDroid patches vulnerability exposing Android data
A critical vulnerability impacting 50 million Android users running the popular AirDroid application has been patched. AirDroid, an app that allows you link an Android device to a computer and send SMS messages, run apps and add contacts via a Wi-Fi connected web browser, released the patch Jan. 29.
#240 Christopher Ahlberg on tracking Hackers through patterns across forums (VIDEO)
Threatpost editor Mike Mimoso talks with Christopher Ahlberg, CEO, Recorded Future about tracking cybercriminals through patterns on hacker forums.
#239 How does HSBC's voice recognition banking service work? (VIDEO)
HSBC is taking a big step toward biometric banking by launching voice recognition and touch security in the UK. Ben Thompson has been finding out how the service will work.
#238 Hard Drive Reliability Review for 2015
By the end of 2015, the Backblaze datacenter had 56,224 spinning hard drives containing customer data. These hard drives reside in 1,249 Backblaze Storage Pods. By comparison 2015 began with 39,690 drives running in 882 Storage Pods. We added 65 Petabytes of storage in 2015 give or take a Petabyte or two. Not only was 2015 a year of growth, it was also a year of drive upgrades and replacements. Let’s start with the current state of the hard drives in our datacenter as of the end of 2015 and then
#237 McAfee will break iPhone crypto for FBI in 3 weeks or eat shoe on live TV
In an op-ed for Business Insider titled "I'll decrypt the San Bernardino phone free of charge so Apple doesn't need to place a back door on its product," libertarian presidential candidate and former antivirus developer John McAfee waded into the ongoing battle of words between Apple and the FBI with some choice words of his own.
#236 Hack disarms SimpliSafe’s home wireless security systems
More than a quarter million homes protected by SimpliSafe wireless security systems are vulnerable to hackers who can deactivate the alarm anytime, according to IOActive, a Seattle-based security consulting firm.

IOActive published a proof of concept report on Wednesday that outlines how it disarmed SimpliSafe’s wireless home security systems. The hack, according IOActive researcher Andrew Zonenberg, is able to eavesdrop on wireless transmission between SimpliSafe components and capture PIN e
#235 App vulnerabilities, patching, and ransomware 2016 key security risks: HPE
ccording to Hewlett Packard Enterprise, application vulnerabilities, patching, and malware monetisation are the three key risks a business needs to pay close attention to as 2016 brings more cunning threat actors to the landscape.
#234 Samsung, Oracle to provide updated Apache tools for enterprise developers
Samsung and Oracle are working to give developers an updated Apache Cordova plug-in tool to make cloud-based enterprise solutions as they continue an enterprise alliance that parallels that of Apple and IBM's.
#233 Trojan Cidox, Bebloh used by spammers tailoring spam for Brazil, India and Japan
Japan is the latest country to be targeted with regionalized spam emails used to deliver malware. Symantec has observed several spam email campaigns in recent months targeting countries around the world, including Brazil and two campaigns in India. These campaigns usually feature emails that claim to be from a company or organization from within the targeted country.
#232 Boy arrested in Glasgow over alleged FBI computer hack
A 15-year-old boy has been arrested in Glasgow over alleged computer hacking, with reports suggesting the target was the FBI network in the United States.
#231 Twitter admits to password recovery bug affecting thousands of users
Twitter has applied a fix to what it described as a "password recovery bug" that has exposed nearly 10,000 accounts on the microblogging site.
#230 DLink DSL2750B firmware 1.01-3 - remote command execution no auth required
It's also possible to retrieve admin password, wifi passphrase etc
#229 Instagram bug could have allowed others to read your direct messages
Unauthorized users couldn’t actually reply to these messages; trying to do so would simply display their own accounts. But they could see what-you-probably-thought-was-private information – not least, who you were swapping messages with, their profile photo, and some of the message (but not the photo itself).
#228 Instagram tightens security with 2factor authentication
Instagram will soon let users hack-proof their accounts with two-factor authentication, following the footsteps of other big social networks like Facebook and Twitter.
#227 When phone verification and recycled numbers collide, Lyft leaks user data
A bizarre security flaw involving recycled phone numbers is allowing some users of the taxi-hailing app Lyft to access other riders’ accounts, exposing names, e-mail addresses, complete ride histories, and credit card information.
#226 Locky, crypto-ransomware rides in on malicious Word document macro
Several security researchers have discovered a new type of malware that jumps onto the ransomware bandwagon, encrypting victims' files and then demanding a payment of half a bitcoin for the key. Named "Locky," the malware depends on a rather low-tech installation method to take root in a user's system: it arrives courtesy of a malicious macro in a Word document.
#225 Google and WhatsApp chiefs back Apple in backdoor fight
The CEOs of Google and WhatsApp have thrown their support behind Apple's decision to fight against a US Federal Court order requiring the company to develop a special version of iOS to help the FBI access data on a terror suspect's iPhone.
#224 Wearable warning: IEEE highlights top security risks for fitness trackers
The report, “WearFit: Security Design Analysis of a Wearable Fitness Tracker”, argues poorly designed wearables are a security threat. The IEEE report says the popularity of wearables coupled with the amount of sensitive personal data they collect and share with third-parties make them an attractive target. IEEE’s focus for this report is on fitness trackers worn on the wrist that track heart rate, physical activity, have sensors such as accelerometers and can use a third-party device’s connecti
#223 Honeypots illustrate scores of vulnerabilities in medical devices
In the eyes of many, including Scott Erven, a medical device security advocate who spoke at last week’s Security Analyst Summit, the healthcare sector is a good 10 to 15 years behind the retail sector when it comes to security.
#222 The Secret Behind CryptoWall’s Success - IMPERVA report (PDF)
The team was very interested in peeling the layers in the financial transactions and seeing how far we could go with information available in the open. They wanted to find out if there were indeed many criminals behind the ruthless ransomware or just a handful of very organized gangs. Also, much of the data analyzed is from before the FBI, in October 2015, advised victims to pay up to recover the data.
#221 Apple rejects order to unlock gunman's iPhone
Tim Cook: We oppose this order, which has implications far beyond the legal case at hand
#220 How to bypass LG V10 smartphone’s fingerprint security in just 30 seconds
A troubling vulnerability has been uncovered that may make you think twice about ever even temporarily allowing a friend, partner or acquaintance to use your new LG V10 Android smartphone.
#219 How to Safely Store a Password in 2016
Proactively upgrading legacy hashes is a security win over an opportunistic strategy (rehashing when the user logs in, but leave the insecure hashes in the database for inactive users): With a proactive strategy, if your server gets compromised before everyone logs in again, their passwords are already using an acceptable algorithm.
#218 Russian cyberspy group uses simple yet effective Linux Trojan
A cyberespionage group of Russian origin known as Pawn Storm is infecting Linux systems with a simple but effective Trojan program that doesn't require highly privileged access.
#217 FBI: Apple ordered to unlock San Bernardino gunman's iPhone
A court order demands Apple help circumvent security software on Farook's iPhone, which the FBI said contains crucial information.
#216 Australia: WA Parliament experiences cybersecurity breach: Report
it has been reported that the phone, internet, and email systems at Western Australia's Parliament House are down as the result of a cyber breach that occurred Tuesday night.
#215 Massive US-planned cyberattack against Iran went well beyond Stuxnet
The Stuxnet computer worm that destroyed centrifuges inside Iran's Natanz uranium enrichment site was only one element of a much larger US-prepared cyberattack plan that targeted Iran's air defenses, communications systems, and key parts of its power grid, according to articles published Tuesday.
#214 Critical glibc vulnerability puts all Linux machines at risk
Glibc, the GNU C library at the core of last year’s GHOST vulnerability, is vulnerable to another critical flaw affecting nearly all Linux machines, as well as API web services and major web frameworks where the code runs. The flaw, CVE-2015-7547, is a stack-based buffer overflow in the glibc DNS client-side resolver that puts Linux machines at risk for remote code execution. The flaw is triggered when the getaddrinfo() library function is used, Google said today in its advisory.
#213 Dridex: Financial Trojan aggressively spread in millions of spam emails each day
Symantec analysis of recent Dridex spam campaigns found that they are operating on a vast scale, with millions of new emails being sent out on a daily basis. The attackers behind Dridex are disciplined and professional. They operate on a standard working week, continually refine the malware, and put significant effort into disguising their spam campaigns as legitimate emails.
#212 Mandated encryption backdoors? Such a bad idea, says ENISA cybersecurity agency
European cybersecurity agency ENISA has come down firmly against backdoors and encryption restrictions, arguing they only help criminals and terrorists while harming industry and society.
#211 Online security? Just let me Google that
That's the stark warning following a survey by security company Palo Alto Networks which directly asked C-Level executives about their knowledge surrounding security issues and 13% said they only "kind of" understand what defines an online security risk to a businesses. Worryingly, many in leadership roles also said they still have to use Google to help explain cyber security risk.
#210 Disabled PadCrypt ransomware includes live chat
Discovered by a Swiss researcher at abuse.ch, PadCrypt is the first ransomware family to include the capability for real-time interaction with the attackers. The malware’s known command-and-control servers, annaflowersweb[.]com, subzone3[.]2fh[.]co, and cloudnet[.]online are down, and for now PadCrypt is not a major threat.
#209 WhiteHat Hacker stole crypto keys from an offline laptop in another room
The method is a so-called side-channel attack: an attack that doesn't tackle an encryption implementation head on, such as through brute force or by exploiting a weakness in the underlying algorithm, but through some other means. In this case, the attack relies on the electromagnetic outputs of the laptop that are emitted during the decryption process, which can then be used to work out the target's key.
#208 The best antivirus software for Android Report
#207 Libgraphite Font Processing Vulnerabilities
An exploitable denial of service vulnerability exists in the font handling of Libgraphite. A specially crafted font can cause an out-of-bounds read potentially resulting in an information leak or denial of service; A specially crafted font can cause a buffer overflow resulting in potential code execution; An exploitable NULL pointer dereference exists in the bidirectional font handling functionality of Libgraphite. A specially crafted font can cause a NULL pointer dereference resulting in a cras
#206 Hollywood hospital held to ransom by hackers
Ransomware is a growing menace for computer users - but when a hospital is targeted, it makes the disruption far more serious. Computer systems at Hollywood Presbyterian Medical Center have been offline for more than a week following a ransomware attack. According to local news sources, hackers were said to have demanded $3.4m to provide the codes to unlock the stolen data.
#205 VMware reissues vCenter server patch
The original vulnerability, CVE-2015-2342, was a poorly configured JMX RMI service in vCenter Server that was remotely accessible. The flaw allowed unauthenticated attackers connect to the service and use it to run code on the server; versions 5.5, 5.1 and 5.0 are affected, VMware said. VCenter Server is used by organizations to manage their virtual server environments. Friday’s advisory from VMware said that the original patch for CVE-2015-2342 was incomplete, and an additional patch is require
#204 Password cracking attacks on Bitcoin wallets net $103,000
Hackers have siphoned about $103,000 out of Bitcoin accounts that were protected with an alternative security measure, according to research that tracked six years' worth of transactions. Account-holders used easy-to-remember passwords to protect their accounts instead of the long cryptographic keys normally required
#203 Symantec Blog: Latest Intelligence for January 2016
The Latest Intelligence for January 2016 shows an increase in fake offer social media scams and a decrease in spear-phishing activity.
#202 VIDEO: what ATM jackpotting malware is
Kaspersky Lab security researchers Santiago Pontirol and Roberto Martinez explain how ATM malware works in Latin America and why it’s difficult to discover ‘jackpotting’ malware. Kaspersky Security Analyst Summit 2016 on Tenerife, Spain.
#201 VoIP phone software bug 'eavesdrops and makes premium calls'
The problem affects voice-over-internet-protocol (Voip) phones, commonly used by businesses. Just by running a couple of lines of code on a website visited by the phone user, the researchers demonstrated how premium-rate calls could be made. A security expert said such bugs could make "millions" for the perpetrators.
#200 Mazar Bot actively targeting Android devices
Researchers at Heimdal Security said on Friday the bot is being sent to Android users via SMS and MMS messages and if the victim executes the APK, the bot roots the phone and gives the attacker extensive capabilities on the compromised device.
#199 Alert: Cisco ASA Software IKEv1 and IKEv2 Buffer Overflow Vulnerability
A vulnerability in the Internet Key Exchange (IKE) version 1 (v1) and IKE version 2 (v2) code of Cisco ASA Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code. The vulnerability is due to a buffer overflow in the affected code area. An attacker could exploit this vulnerability by sending crafted UDP packets to the affected system. An exploit could allow the attacker to execute arbitrary code and obtain full control of the
#198 Valentine's Day app downloads provide perfect opportunity for attack
Attackers can take advantage of February’s increased download rates for apps related to Valentine's Day and dating to spread malware.
#197 Warning: Bug in Adobe Creative Cloud deletes Mac user data without warning
The deletions happen whenever Mac users log in to the Adobe service after the update has been installed, according to officials from Backblaze, a data backup service whose users are being disproportionately inconvenienced by the bug. Upon sign in, a script activated by Creative Cloud deletes the contents in the alphabetically first folder in a Mac's root directory. Backblaze users are being especially hit by the bug because the backup service relies on data stored in a hidden root folder called
#196 64bit iPhone and iPad get stuck in a loop when set to January 1, 1970
Take a 64-bit iOS device—iPhone 5S or newer, iPad Air or newer, iPad Mini 2 or newer, sixth generation iPod touch or newer—laboriously set its date to January 1, 1970, and reboot. Congratulations: you now have a shiny piece of high-tech hardware that's stuck at the boot screen, showing nothing more than the Apple logo... forever.
#195 ISPs want “flexible” privacy rules that let them “innovate” with customer data
Broadband industry lobby groups urged the Federal Communications Commission on Thursday not to impose privacy rules that dictate "specific methods" of protecting customer data, since that would prevent "rapid innovation."
#194 Tribunal rules computer hacking by GCHQ is not illegal
GCHQ (UK Government Communications Headquarters) is operating within the law when it hacks into computers and smart phones, a security tribunal has ruled.
#193 Big data privacy must be fixed before the revolution can begin
Big data is an asset which can create tens of thousands of jobs and generate hundreds of billions for the economy, but the opportunity can't be taken until concerns about privacy and security have been overcome.
#192 Women may write better code, study finds
The US researchers analysed nearly 1.4 million users of the open source program-sharing service Github. They found that pull requests - or suggested code changes - made on the service by women were more likely to be accepted than those by men.
#191 Your smart, IoT toaster really will be spying on you for the government
The boom in Internet of Things (IoT) devices -- especially those ones with poor security -- is going to be good news for spies, according the director of US intelligence.
#190 KillDisk and BlackEnergy Are Not Just Energy Sector Threats
New intelligence on BlackEnergy expands previous findings on the first wide-scale coordinated attack against industrial networks. Based on our research that we will further outline below, attackers behind the outages in two power facilities in Ukraine in December likely attempted similar attacks against a mining company and a large railway operator in Ukraine.
#189 A Worldwide Survey of Encryption Products Report (PDF)
In 1999, a group of researchers from George Washington University attempted to survey the worldwide market for encryption products [HB+99]. The impetus for their survey was the ongoing debate about US encryption export controls. By collecting information about 805 hardware and software encryption products from 35 countries outside the US, the researchers showed that restricting the export of encryption products did nothing to reduce their availability around the world, while at the same time put
#188 Fraudsters Tap Kohl’s Cash for Cold Cash
Scam artists have been using hacked accounts from retailer Kohl’s.com to order high-priced, bulky merchandise that is then shipped to the victim’s home. While the crooks don’t get the stolen merchandise, the unauthorized purchases rack up valuable credits called “Kohl’s cash” that the thieves quickly redeem at Kohl’s locations for items that can be resold for cash or returned for gift cards.
#187 Netflix finishes its massive migration to the Amazon cloud
Netflix has been moving huge portions of its streaming operation to Amazon Web Services (AWS) for years now, and it says it has finally completed its giant shift to the cloud. “We are happy to report that in early January of 2016, after seven years of diligent effort, we have finally completed our cloud migration and shut down the last remaining data center bits used by our streaming service,” Netflix said in a blog post that it plans to publish at noon Eastern today.
#186 Chrome on Android to get physical with new IoT beacon support
Google's next version of Chrome will allow developers to send notifications and URLs from Bluetooth beacon-equipped objects. The new feature supports the Physical Web, a project that envisages every object, from movie posters to parking meters, being capable of broadcasting a URL that direct smartphones to a relevant web page or app.
#185 VTech 'is responsible' for kids' data says UK watchdog
The UK's data watchdog has said that VTech's new terms and conditions would not absolve it of liability in the case of future hack attacks. It emerged earlier this week that the toy company had changed its terms to say that families using its software did so at their "own risk".
#184 Qualcomm promises gigabit LTE speeds with Snapdragon X16 modem
New Snapdragon X16 modem, which together with the WTR5975 transceiver boasts Category 16 LTE download speeds of up to 1Gbps.
#183 Netflix malware and phishing campaigns help build emerging black market
Netflix’s popularity has sharply grown since its creation in 1997. The company recently launched its streaming service globally. It is now available in more than 190 regions around the world. This success has attracted the attention of attackers. We have observed malware and phishing campaigns targeting Netflix users’ information. The details are then added to a growing black market that claims to provide cheaper access to the service.
#182 New report contends mandatory crypto backdoors would be futile
The report, prepared by security researchers Bruce Schneier, Kathleen Seidel, and Saranya Vijayakumar, identified 865 hardware or software products from 55 countries that incorporate encryption. Of them, 546 originated from outside the US. The most common non-US country was Germany, a country that has publicly disavowed the kinds of backdoors advocated by FBI Director James Comey and other US officials. Although the Obama administration is no longer asking Congress for legislation requiring them
#181 Google takes wider action on 'right to be forgotten'
Under the "right to be forgotten" ruling, EU citizens may ask search engines to remove information about them. Now, removed results will not appear on any version of Google when viewed from Europe. EU privacy regulators previously asked the firm to do this. Until now, search results removed under the "right to be forgotten" were only omitted from European versions of Google - such as google.co.uk or google.fr.
#180 IoT Reality: Smart Devices, Dumb Defaults / CISCO about ComfortLink
Cisco researchers found that the ComfortLink devices allow attackers to gain remote access and also use these devices as a jumping off point to access the rest of a user’s network. Trane has not yet responded to requests for comment.
#179 Remtasu is disguising itself as a tool to appropriate Facebook accounts
Win32/Remtasu.Y variants are the most common in Latin America, mainly in Colombia but also in Turkey, Thailand, and other countries. One of the latest campaigns has been associated with a malicious tool supposedly aimed at obtaining Facebook account passwords.
#178 Rooting Malware Found in 3rd Party App Stores
Malicious apps were recently seen making the rounds in some third-party app stores. They spoof popular apps, increasing the chances of getting selected and downloaded. These include popular mobile games, mobile security apps, camera apps, music streaming apps, and so on. They even share the exact same package and certification with their Google Play counterpart.
#177 Banks remain a tempting target for cyber criminals
The ThreatMetrix Cybercrime Report for Q4 2015 found there has been a 40 per cent increase in cybercriminal activity against banks over the past 12 months, which includes more than 100 million attempts at fraud during this period: 21 million of these attempts came in just 90 days between October and December.
#176 Internet of Things (IoT) to be used as spy tool by governments
James Clapper, the US director of national intelligence, told lawmakers Tuesday that governments across the globe are likely to employ the Internet of Things as a spy tool, which will add to global instability already being caused by infectious disease, hunger, climate change, and artificial intelligence.
#175 Cyber-thieves steal Pin codes from US Revenue
The US government's tax collection agency has said attackers fooled its computers into generating more than 100,000 tax return Pin codes. The codes could have been used to seek payouts had the scam not been detected. The Internal Revenue Service (IRS) said no personal taxpayer data had been compromised or disclosed by its systems.
#174 Google alpha-tests cloud events feature
Google is testing out a feature that allows changes in cloud services to automatically trigger other events, making it easier for developers to build richer services.
#173 Gmail to warn you if your friends aren’t using secure email
The alterations are fairly subtle: when you receive a message from, or are on the brink of sending a message to, someone using a service that doesn’t support encryption, you’ll see a broken lock in the top-right of the screen. Clicking on the icon will bring up a pop-up alert with an explanation and a warning to perhaps consider removing the offending recipient.
#172 Amazon's new cloud engine has a zombie apocalypse clause
Under section 57.10 of the AWS service terms, it notes that Lumberyard is not intended for use with life-critical or safety-critical systems, "however, this restriction will not apply in the event of the occurrence (certified by the United States Centers for Disease Control or successor body) of a widespread viral infection transmitted via bites or contact with bodily fluids that causes human corpses to reanimate and seek to consume living human flesh, blood, brain or nerve tissue and is li
#171 Loki - Simple Indicators of Compromise Scanner (IOC)
Scanner for Simple Indicators of Compromise. Detection is based on four detection methods: File Name IOC, Yara Rule Check, Hash check, C2 Back Connect Check.
#170 Hearthstone add-ons, cheating tools come with data-stealing malware
Hearthstone, a free-to-play card game based on World of Warcraft, has been indirectly targeted by malware authors. These attackers have created third-party programs that supposedly benefit Hearthstone players, but in reality can compromise their computers with malicious software.
#169 Poseidon: a targeted attack boutique specializing in global cyber-espionage
Poseidon’s practice of being a ‘custom-tailored malware implants boutique’ kept security researchers from connecting different campaigns under the umbrella of a single threat actor. This approach entails crafting campaigns components on-demand and sometimes fabricating entirely unique malicious artifacts.
#168 Microsoft Security Bulletin Summary for February 2016
This month the vendor is releasing 13 bulletins, six of which are rated Critical.
#167 How satellites could soon play a bigger role in broadband
A series of three new satellites will provide faster internet speeds across the globe, delivering a more than twice the total combined network capacity of the 400 commercial communications satellites in space today.
#166 Xero partners with Microsoft to enable big data collection
Cloud accounting firm Xero has teamed up with Microsoft to provide an avenue for its customers to collect and collate its own big data across Xero's software and other integrated business applications, via Microsoft Power BI.
#165 Symantec: Cybercriminals target social networks to do their dirty work
In 2014, Symantec observed a 70 percent increase in scams distributed via social media, which often spreads rapidly because people are more likely to click something posted by a friend. Criminals hijacked the power of “social proof” – the idea that we attribute more value to something if it’s shared or approved by others.
#164 Windows 10 updates finally get some release notes
Until now, it has been hard to know exactly what each update and upgrade contains. While security fixes were enumerated—as they have been for Patch Tuesday for many years—information about the non-security portion of the updates was scant. Microsoft's public release notes for each update package were virtually non-existent—and this in spite of the company producing internal documentation to tell its OEM partners what was changing. After pushback from IT departments and end users alike, the compa
#163 Huge number of Apple Mac apps vulnerable to hijacking, and a fix is elusive
The vulnerability is the result of apps that use a vulnerable version of Sparkle along with an unencrypted HTTP channel to receive data from update servers. It's the result of functions built into the WebKit rendering engine that allows JavaScript execution. As a result, attackers with the ability to manipulate the traffic passing between the end user and the server—say, an adversary on the same Wi-Fi network—can inject malicious code into the communication. A security engineer who goes by the n
#162 Google AdWords display ads going all-HTML, will ban Flash in 2017
tarting on June 30, 2016, Google will no longer accept new Flash display ads from advertisers. On January 2, 2017, even old Flash ads will be blocked from appearing, making Google's ad network mostly Flash-free. The one exception seems to be video ads, as Google notes that "video ads built in Flash will not be impacted at this time."
#161 NCR: Network cable card skimming attacks in the US
NCR has received reliable reports of NCR and Diebold ATMs being attacked through the use of external skimming devices. These devices are plugged into the ATM network cables and intercept customer card data. Additional devices are attached to the ATM to capture the PIN. A keyboard overlay was used to attack an NCR ATM, a concealed camera was used on the Diebold ATM. PIN data is then likely transmitted wirelessly to the skimming device.
#159 Poseidon APT Group identified as first portuguese-speaking campaign
Experts with Kaspersky Lab’s Global Research and Analysis Team, who today at the Kaspersky Lab Security Analyst Summit disclosed research on the group and the malware it spreads, say there’s enough evidence surrounding the attacks to suggest it’s the first ever Portuguese-speaking attack group.
#158 Check your Google security and get 2 free GBs of Google Drive for free
A quick and easy security checkup for 2GBs of free cloud storage.
#157 Java “RAT-as-a-Service” backdoor openly sold through website to scammers
A family of Java-based malware that has given attackers a backdoor into Windows, Linux, Mac OS X, and Android devices since 2013 has risen from the dead once again as a "commercial" backdoor-as-a-service.
#156 Hack on DoJ and DHS downplayed
A hacker, or hacking group, published via Twitter what they said were records of 9,000 DHS employees. According to technology news site Motherboard, the hacker has said he will soon share the personal information of 20,000 DoJ employees, including staff at the FBI.
#155 Clever bank hack allowed crooks to make unlimited ATM withdrawals
Banking malware is using techniques once reserved for state-sponsored hacking gangs.
#154 Dyre: Operations of bank fraud group grind to halt following takedown
The cybercrime group controlling the Dyre financial fraud Trojan appears to have suffered a major blow following a Russian law enforcement operation in November. Symantec telemetry has confirmed a virtual cessation of the group’s activities. Dyre (detected by Symantec as Infostealer.Dyre) is spread through email spam campaigns and no Dyre-related spam campaigns have been observed since November 18. Detections of the Dyre Trojan and associated malware have also dropped dramatically since mid-Nove
#153 T9000 malware records Skype calls, screenshots and text messages to steal data
Once T9000 has infected a system, its main goal is to collect information about the targeted victim which is does by compromising Skype video calling software. After the malware has hooked into Skype, it records video calls, audio calls, and chat messages then stores them in a directory specially created by the Trojan called "Intel", which the attackers can mine for data.
#152 ADWIND a cross-platform rat - malware (PDF report)
At the end of 2015 Kaspersky became aware of an unusual malware program, discovered in an attempted attack on a bank in Singapore. Analysis of the file attached to a spear-phishing email that had been sent to the bank revealed the name of the malware: JSocket. Later on we found that this malware has many names: Adwind RAT (Remote Access Tool), AlienSpy, Frutas, jFrutas, Unrecom, Sockrat, JSocket, jRat. The rich features of the malware, including its ability to run on Windows, Mac OS and Linux, a
#151 Barclays Bank joins Interpol cyber-crime fighting centre
Interpol said its agreement with Barclays will broaden joint efforts in cyber-security through intelligence sharing, training and awareness about cyber-threats mitigation, and providing recommendations for public and private institutions on strengthening their cyber-resilience.
#150 UK-US deal would allow MI5 to get chat, mails directly from US companies
The agreement would help to resolve the difficult situation for US Internet companies, which are increasingly under pressure from the UK government to provide intercepts or stored data for domestic investigations of terrorist and criminal activities, but forbidden from doing so by US laws.
#149 Metel bank robbers borrowing from APT attacks
Today at the Security Analyst Summit, researchers from Kaspersky Lab Global Research & Analysis Team unveiled details on two new criminal operations that have borrowed heavily from targeted nation-state attacks, and also shared an update on a resurgent Carbanak gang, which last year, it was reported, had allegedly stolen upwards of $1 billion from more than 100 financial companies. - See more at: https://threatpost.com/spree-of-bank-robberies-show-cybercriminals-borrowing-from-apt-attacks/11
#148 Oracle patched bug that could result in 'complete compromise' of Windows
The security loophole is named CVE-2016-0603 and the bug fix has been released to address a vulnerability which can be exploited when Java version 6, 7, or 8 is installed on a Windows platform. The weakness is remotely exploitable, allowing attackers to compromise a network without the need for usernames or passwords.
#147 Kaspersky Security Analyst Summit 2016: The Live Blog
#146 Cisco 2016 Annual Security Report
With the Cisco 2016 Annual Security Report, which analyzes advances by security industry and criminals, see how your peers assess security preparedness in their organizations and gain insights into where to strengthen your defenses.
#145 Neutrino Exploit Kit Not Responding – Bug or Feature?
Exploit kits often employ measures to keep security researchers and other unwanted visitors away from their servers, but most of the time these measures are handled on the HTTP level- with web servers redirecting you away or returning fake error codes; implementing this logic on a TCP level as Neutrino did is a fairly smart move on their part: generally speaking when a server doesn't respond to you at all you tend to assume that it's down.
#144 Dridex malware exploit distributes Avira installer—hack suspected
Avira researchers still don't know how the mixup happened, but their chief theory is that a whitehat hacker compromised some of the Dridex distribution channels and replaced the normal malicious executables with a digitally signed Avira installer. As a result, when targets opened attachments contained in spam e-mails sent by Dridex servers, the would-be marks were instead prompted to run a program designed to protect computers from the very likes of the Dridex threat.
#143 Scareware campaign targets Apple Mac OS X machines
A unique scareware campaign targeting Mac OS X machines has been discovered, and it’s likely the developer behind the malware has been at it a while since the installer that drops the scareware is signed with a legitimate Apple developer certificate.
#142 Dell's cloud BIOS security checks your PC is malware free as it boots
Its new Dell Data Protection Endpoint Security Suite Enterprise includes post-boot BIOS verification which it's claimed will enable customers to ensure that their PCs remain free from malware during the initial startup process.
#141 PayPal blocks VPN, SmartDNS provider’s payments over copyright concerns
PayPal has stopped accepting payments for Canadian outfit UnoTelly—a provider of VPN and SmartDNS services—because these might be used to facilitate copyright infringement.

UnoTelly said in an update on its website that Paypal had "severed payment processing agreement unilaterally and without prior warning." It added: "Paypal indicated that UnoTelly is not allowed to provide services that enable open and unrestricted Internet access."
#140 Kaspersky Security Bulletin. Spam and phishing in 2015
According to Kaspersky Lab, in 2015:
* the proportion of spam in email flows was 55.28%, which is 11.48 percentage points lower than in 2014;
*79% of spam emails were no more than 2 KB in size;
*15.2% of spam was sent from the US;
*146,692,256 instances that triggered the ‘Antiphishing’ system were recorded;
*Russia suffered the highest number of phishing attacks, with 17.8% of the global total;
*Japan (21.68 %) took the lead in the ranking of unique users attacked by phishers;
*34
#139 Netgear Management System Vulnerable to RCE, Path Traversal Attacks
Netgear’s ProSafe Network Management System suffers from two vulnerabilities, an arbitrary file upload and a path traversal, which could let a remote attacker execute code and download files.
#138 Apple iPhone, iPad at risk of new lock screen passcode bypass flaw
A security researcher has published details of a newly-discovered flaw that can allow an attacker to quickly bypass iPhone and iPad lock screens. Disclosed on Thursday, the "high"-rated vulnerability is said to affect iPhones 5 and 6, and iPad 2 tablets running iOS 8.2 and later. It's not clear if other devices are affected.
#137 Fake Adobe Flash Update OS X Malware
The "Installer" for the fake Flash update will install various scare ware (I observed a couple different varieties when re-running the installer), and it actually installs an up to date genuine version of Flash as well.
#136 Motorola Security Cam with flaws that let attackers hack video and network
Alex Farrant and Neil Biggs, both of the research team for Context Information Security in the U.K, analyzed Motorola’s Focus 73, an outdoor security camera. Images and video taken by the camera can be delivered to a mobile phone app.
#135 Mysterious spike in WordPress hacks silently delivers ransomware to visitors
It's still not clear how, but a disproportionately large number of websites that run on the WordPress content management system are being hacked to deliver crypto ransomware and other malicious software to unwitting end users.
#134 Europe’s top court mulls legality of hyperlinks to copyrighted content
Europe's highest court is considering whether every hyperlink in a Web page should be checked for potentially linking to material that infringes copyright, before it can be used. Such a legal requirement would place an unreasonable burden on anyone who uses hyperlinks, thereby destroying the Web
#133 Hackers targeted 20 million Alibaba customer accounts
Inputting login details from a stolen database of 99 million, they found nearly 21 million of the usernames were also being used for Taobao accounts.
#132 Auction site eBay 'fixes' bug but only partially
EBay says it has partially fixed a vulnerability on its online auction site that could have allowed hackers to trick users into downloading malware.
#131 Ericsson announces gigabit-speed 4G LTE software solution
Ericsson has announced plans overnight to use new software to upgrade commercial 4G long-term evolution (LTE) networks worldwide to enable peak speeds of up to 1 gigabit per second.
#130 Google will slap big red warning on legit sites hosting bad ads
Google is casting a wider net with its Safe Browsing technology to protect Chrome users, not just from deceptive websites but also from deceptive ads on legitimate sites. Using the new capabilities, Safe Browsing will target deceptive embedded content, such as ads that pose as a trusted entity and present messages such as a system warning, or bogus security alert for Chrome and third-party media players.
#129 GPS error caused '12 hours of problems' for companies
Several companies were hit by hours of system warnings after GPS satellites broadcast the wrong time, according to time-monitoring company Chronos. The company observed problems last week, after noticing some GPS time signals were 13 microseconds out. Such a discrepancy is considered severe and several Chronos telecoms clients faced "12 hours" of system errors.
#127 Former Energy Department employee admits trying to spear phish coworkers
A former Department of Energy employee has pleaded guilty to federal charges that he attempted to infect 80 current DOE employees with malware so foreign hackers could take control of computer systems that held sensitive information related to nuclear weapons, officials said Wednesday.
#126 Enhanced Mitigation Experience Toolkit (EMET) v5.5 is now available
The Enhanced Mitigation Experience Toolkit (EMET) benefits enterprises and all computer users by helping to protect against security threats and breaches that can disrupt businesses and daily lives. It does this by anticipating, diverting, terminating, blocking, or otherwise invalidating the most common actions and techniques adversaries might use to compromise a computer.
#125 Chromodo browser disables same-origin policy
Google researcher Tavis Ormandy has disclosed that the Chromodo browser installed with Comodo Internet Security disables the same-origin policy by default. The same-origin policy is a fundamental tenet of web security, ensuring that scripts access data from a second webpage only if the two pages have the same origin.
#124 eBay has no plans to fix “severe” bug that allows malware distribution
Using a highly specialized coding technique known as JSF*CK, hackers can work around this safeguard. The technique allows eBay users to insert JavaScript into their posts that will call a variety of different payloads that can be tailored to the specific browser and device of the visitor.
#123 WordPress update fixes SSRF, open redirect vulnerability
The update pushed out on Tuesday addresses two main issues. Until yesterday an attacker could have potentially carried out a server-side request forgery (SSRF) attack that could have made it appear that the server was sending certain requests, possibly bypassing access controls.
#122 Oracle expands UK cloud data center
Oracle is set to expand its UK cloud offering with the introduction of new Platform-as-a-Service (PaaS) and Infrastructure-as-a-Service (IaaS) software to be hosted in its Slough data center.
#121 ENISA Threat Landscape 2015
The report is the result of an analysis of cyber-threats that have been encountered in the last 12 months, that is, approximately between December 2014 and December 2015. ETL 2015 is the fourth in a series of reports issued yearly by ENISA. It provides an analysis of the state and the dynamics of the cyber-threat environment: the Cyber-Threat Landscape.
#120 Google lays bare security flaws in Malwarebytes (250 million users)
Malwarebytes says it could take three to four weeks to fix security flaws found by Google in its popular anti-malware product.
#119 eBay vulnerability exposes users to phishing, data theft
The vulnerability exists in the site’s online sales platform, according to Roman Zaikin, a researcher with Check Point. With it, an attacker could bypass the site’s code validation and execute malicious JavaScript on users via their browser, or mobile app, the firm warned Tuesday.
#118 New tool: Microsoft Policy Analyzer
Policy Analyzer is a utility for analyzing and comparing sets of Group Policy Objects (GPOs). It can highlight when a set of Group Policies has redundant settings or internal inconsistencies, and can highlight the differences between versions or sets of Group Policies. It can also compare GPOs against current local policy settings and against local registry settings. And you can export its findings to a Microsoft Excel spreadsheet.
#117 From Linux to Windows, new family of x-platform desktop backdoor discovered
The backdoor for Linux-based operating systems comes packed via UPX and is full of features to monitor the victim’s activities, including code to capture audio and take screenshots.
#116 Crypto flaw was so glaring it may be intentional eavesdropping backdoor
Network tool contained hard-coded prime number that wasn't prime after all. An open source network utility used by administrators and security professionals contains a cryptographic weakness so severe that it may have been intentionally created to give attackers a surreptitious way to eavesdrop on protected communications, its developer warned Monday.
#115 URLZone Back, Targeting Banks in Japan
After a good two to three years of relative silence, the gang behind the banking Trojan URLZone has become more active over the past few months and taken aim at banks across Europe and beginning last month, Japan.
#114 UK radio disturbance caused by satellite network bug
A BBC spokesman confirmed that the decommissioning of a GPS satellite led to difficulties for listeners receiving digital radio signals.
#113 Google doubles Cloud Compute local SSD capacity: Now it's 3TB per VM
Google Cloud Compute Engine customers running big databases can now attach up to 3TB of high IOPS local solid-state drive (SSD) to a single virtual machine. The new capacity, which Google has launched in beta, doubles the previous limit of four local SSD 375GB partitions attached to each machine to eight partitions, amounting to a total of 3TB compared with the previous 1.5TB limit.
#112 $500 zero-day ransomware attack takes Lincolnshire council offline for nearly a week
IT systems at Lincolnshire County Council have returned to normal nearly a week after they were hit with ransomware. The local authority was infected after a user opened an email which caused malware to attack its computer systems. Systems have now been restored and Lincolnshire says no data was stolen in the attack.
#111 Android security: Google kills remote hacker bug, patches seven critical flaws
Google has fixed a critical bug in Android that can be remotely exploited by an email, MMS, or link to a webpage that contains a specially-crafted media file.
#110 Critical WiFi Flaw Patched on Android
The patch addresses multiple vulnerabilities in the Broadcom Wi-Fi driver that could be abused to allow for remote code execution. The patches were pushed out in builds LMY49G or later to Nexus devices and shared on Jan. 4 with carrier and manufacturer partners. The fixes are expected to be released to the Android Open Source Project in the next two days.
#109 Microsoft’s new way of cooling its data centers: Throw them in the sea
Microsoft has demonstrated an experimental prototype of a new approach: instead of pumping water around the data center, put the data center in the water. Project Natick is a research project to build and run a data center that's submerged in the ocean.
#108 Nokia shows off 8Gbps over 50m copper runs in Germany
Nokia has partnered with Deutsche Telekom to demonstrate that its latest XG-Fast technology is capable of delivering 11Gbps over a 50-metre run on two bonded pairs of Category 6 cable under laboratory conditions. Using a standard drop cable, Nokia said XG-Fast is capable of aggregate rate in excess of 8Gbps on 50-metre runs.
#107 Default settings in Apache may decloak Tor hidden services
Websites that rely on the Tor anonymity service to cloak their server address may be leaking their geographic location and other sensitive information thanks to a setting that's turned on by default in many releases of Apache, the world's most widely used Web server.
#106 Feds don’t need crypto backdoor to spy — your TV and toothbrush will do
"The audio and video sensors on IoT devices will open up numerous avenues for government actors to demand access to real-time and recorded communications," according to a Berkman Center for Internet & Society report published Monday.
#105 Microsoft debuts new bring-your-own Windows Server license - Azure Hybrid Use
A single processor-based Windows Server license allows users to use Windows Server on up to 16 cores in Azure.
#104 Using IPv6 with Linux? You’ve likely been visited by Shodan and other scanners
Network administrators have discovered a clever way that scanners are piercing the IPv6 cloak of obscurity. By setting up an IPv6-based network time protocol service most Internet-connected devices rely on to keep their internal clocks accurate, the operators can harvest huge numbers of IPv6 addresses that would otherwise remain unknown. The server operators can then scan hundreds or thousands of ports attached to each address to identify publicly available surveillance cameras, unpatched server
#103 US and European Union fail to strike deal on new Safe Harbor pact
Efforts to secure a new data transfer pact between the US and the European Union failed to meet a January 31 deadline set by national privacy regulators in the 28-member-state bloc.
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12