Security Alerts & News
by Tymoteusz A. Góral

#514 Apple releases iOS 9.3.1 with fix for unresponsive links
Apple, on Thursday, rolled out a minor update to iPhone, iPad, and iPod devices. The update, dubbed iOS 9.3.1, brings with it a fix for a software glitch that caused many apps -- including Safari, and Chrome -- to freeze and crash when trying to open a link. The issue was related to Universal Link, a feature Apple first introduced with iOS 9. Many reported that some apps including were abusing this capability, causing the Universal Link database to overload.
#513 Patch out for 'ridiculous' Trend Micro command execution vulnerability
Password Manager, Maximum Security and Premium Security are all at risk. A bug in its software meant that Trend Micro accidentally left a remote debugging server running on customer machines.

The flaw, discovered by Google’s Project Zero researcher Tavis Ormandy, opened the door to command execution of vulnerable systems (running either Trend Micro Maximum Security, Trend Micro Premium Security or Trend Micro Password Manager).
#512 Cybercriminals are overcoming barriers to cooperate on making malware more dangerous
Kaspersky researchers say Russian and Brazilian cybercriminals are trading tools and techniques to target their respective local victims.
#511 Most prevalent Android ransomware in the west arrives in Japan
Android.Lockdroid ransomware expands to Asia by targeting Japan first. The malware poses as a system update and locks the device from use.
#510 Cyber criminals 'hacked law firms'
Cyber criminals have been targeting major law firms in what may have been an attempt to gather data for insider trading deals, according to reports. The Wall Street Journal said that a number of US companies had had their computer systems compromised.
#509 Weakness in iOS enterprise hooks could let bad apps sneak in
Security researchers at Check Point Software claim to have found a weakness in Apple's mobile device management (MDM) interface for iOS devices that could be exploited to gain complete access to devices. Dubbed "SideStepper," the approach could allow an attacker to hijack enterprise management functions and bypass Apple's application security.
#508 UK cops tell suspect to hand over crypto keys in US hacking case
At a court hearing earlier this month, the UK's National Crime Authority (NCA) demanded that Lauri Love, a British computer scientist who allegedly broke into US government networks and caused "millions of dollars in damage," decrypt his laptop and other devices impounded by the NCA in 2013, leading some experts to warn that a decision in the government's favor could set a worrisome precedent for journalists and whistleblowers.
#507 Meet Remaiten – a Linux bot on steroids targeting routers and potentially other IoT devices
ESET researchers are actively monitoring malware that targets embedded systems such as routers, gateways and wireless access points. Recently, we discovered a bot that combines the capabilities of Tsunami (also known as Kaiten) and Gafgyt. It also provides some improvements as well as a couple of new features. We call this new threat Linux/Remaiten. So far, we have seen three versions of Linux/Remaiten that identify themselves as versions 2.0, 2.1 and 2.2. Based on artifacts found in the code, the authors call this new malware “KTN-Remastered” or “KTN-RM”.
#506 Root servers were not targets of 2015 DDoS attack
Matt Weinberg and Duane Wessels are scheduled to deliver a talk at DNS-OARC 24 in Buenos Aires where they will present their review of the malicious UDP traffic absorbed by the A- and J-Root servers under VeriSign’s control. In their slides, Weinberg and Wessels identify two domains, 336901[.]com and 916yy[.]com, as the real targets with attacks peaking near five million queries per second for each domain on the A and J root servers. Both domains are registered to individuals in China, according to Whois data. The researchers also speculate that the attacks could have originated from a botnet pushing the BillGates or WebTools malware, both of which are known to generate DNS attacks.
#505 CloudFlare: 94 percent of the Tor traffic we see is “per se malicious”
In a company blog post entitled "The Trouble with Tor," CloudFlare CEO Matthew Prince says that 94 percent of the requests the company sees coming across the Tor network are "per se malicious." He explains:

"That doesn’t mean they are visiting controversial content, but instead that they are automated requests designed to harm our customers. A large percentage of the comment spam, vulnerability scanning, ad click fraud, content scraping, and login scanning comes via the Tor network. To give you some sense, based on data from Project Honey Pot, 18% of global email spam, or approximately 6.5 trillion unwanted messages per year, begin with an automated bot harvesting email addresses via the Tor network."
#504 Microsoft extends its Windows Hello login security features to apps and the web
Microsoft is bringing to Windows apps (and even the web) some of the convenience and security of being able to use the same tech it uses to keep enterprise laptops safe. The idea here is to let you use the same technology that powers “Windows Hello” — the login security feature of Windows 10 that supports fingerprint scanners, facial recognition and even iris scanners — to log into other services, as well.
#503 Microsoft launches Bot Framework to let developers build their own chatbots
Microsoft today is introducing the Bot Framework, a new tool in preview to help developers build their own chatbots for their applications. There is also a new bot directory full of sample bots — like the BuildBot — that Microsoft is showing off today at the company’s Build developer conference in San Francisco.
#502 Ubuntu’s bash and Linux command line coming to Windows 10
Windows 10 Anniversary Update will include the ability to run the popular bash shell from Unix, along with the rest of a typical Unix command-line environment.
#501 Apple’s Safari Technology Preview is a stable test platform for users and devs
The Technology Preview offers several new features that are included in the nightly builds of WebKit but not in the stable version of Safari. It offers "one of the most complete implementations of ECMAScript 6," the latest version of the standard behind JavaScript; the B3 JIT JavaScript compiler, a new compiler described specifically for JavaScript; a "revamped IndexedDB implementation that is more stable and more standards compliant;" and support for Shadow DOM.
#500 1,400+ vulnerabilities found in CareFusion’s Pyxis SupplyStation, automated medical supply system
Security researchers have discovered 1,418 vulnerabilities in CareFusion’s Pyxis SupplyStation system – automated cabinets used to dispense medical supplies – that are still being used in the healthcare and public health sectors in the US and around the world.
#499 Repeated DDoS attacks force Coinkite bitcoin wallet to close down web service
Coinkite, one of the earliest Web-based Bitcoin wallet services, has announced today plans to discontinue its service and focus on a hardware-based Bitcoin products, all because of a barrage of relentless DDoS attacks.
#498 Seven surprising ways technology is changing your shopping experience
From payments mechanisms to customer services, retailers must find new and interesting ways to keep shoppers happy. Industry experts at the recent RBTE 2016 conference in London revealed seven surprising ways IT-led transformation continues to impact the sector.
#497 To SQL or NoSQL? That’s the database question
It's increasingly apparent that for many, it's no longer an issue of SQL vs. NoSQL. Instead, it's SQL and NoSQL, with both having their own clear places—and increasingly being integrated into each other. Microsoft, Oracle, and Teradata, for example, are now all selling some form of Hadoop integration to connect SQL-based analysis to the world of unstructured big data.
#496 How one hacker exposed thousands of insecure desktops that anyone can remotely view
Badly configured software used on thousands of machines can let hackers into X-ray scanners, industrial control systems, doctors' servers storing medical records, and more.
#495 More than 14,000 college printers in the US are open to hackers
Last week, the notorious hacker and troll Andrew Auernheimer showed just how easy it is to use insecure internet-connected printers to spread hateful racist propaganda. The hacker, also known as Weev, said he used two lines of code to make 20,000 printers, many in colleges and universities, spit out an anti-semitic flyer all over the United States.
#494 Apple's response to the FBI's San Bernardino iPhone hack
"From the beginning, we objected to the FBI's demand that Apple build a backdoor into the iPhone because we believed it was wrong and would set a dangerous precedent. As a result of the government's dismissal, neither of these occurred. This case should never have been brought."
#493 Taiwan targeted with new cyberespionage back door Trojan
Backdoor.Dripion was custom developed, deployed in a highly targeted fashion, and used command and control servers disguised as antivirus company websites.
#492 The FBI is seeking help from US firms as it investigates the MSIL/Samas ransomware
The FBI is analysing a strain of ransomware called MSIL/Samas that tries to encrypt data across entire networks rather than single computers. The plea comes as security firms warn about other novel strains of the fast-growing, data-scrambling cyber-threats.
#491 Petya ransomware encrypts master file table
Researchers at BleepingComputer said on Friday that the malware is spreading in emails that contain a Dropbox link that will lead to a file that installs the ransomware. The malware replaces the boot drive’s Master Boot Record with a malicious loader. The malware forces Windows to reboot and displays a phony check disk (CHKDSK) operation to the victim while the malware executes in the background and encrypts the master file table.
#490 Apple releases new version of iOS 9.3 for older devices affected by activation lock bug
Just a few days after releasing the iOS 9.3 update, Apple stopped offering it to a selection of older devices including the iPad Air and earlier and the iPhone 5s and earlier due to an activation issue. When the update was pulled, Apple promised to release a new version of iOS 9.3 shortly.

Apple today made good on that promise and has released a new version of iOS 9.3, build 13E237, which is now available for all iOS 9 users with older devices as an over-the-air update or through iTunes. Customers with older devices who had not yet updated to iOS 9.3 will be able to do so now.
#489 POS malware tool ‘Treasurehunt’ targets small US-based banks, retailers
As more US companies snuff out point of sale malware by deploying chip-and-PIN bankcard technology, attackers are rushing to exploit existing magnetic strip card systems still vulnerable to malware. A group of hackers that go by the name Bears Inc. are behind the latest barrage of attacks with a custom-built point of sale malware called Treasurehunt, according to research from FireEye.
#488 Google scales the Great Firewall, falls off 105 minutes later
Citizens of mainland China unexpectedly found themselves with unfettered access to Google search late last night, commencing a golden age of censorship-free searching that lasted all of 105 minutes.
#487 Badlock vulnerability clues few and far between
Despite the Badlock hype machine cranked up high, we don’t know much about this impending soul-crushing vulnerability other than it could be bad, it could be in the Windows Server Message Block and it already has its own requisite logo and website.
#486 Flaw in Truecaller Android app leaves data of millions of users exposed
A remotely exploitable flaw in the Truecaller app exposes the personal details of millions of users, security researchers from Cheetah Mobile Security Research Lab have discovered.
#485 Node.js Package Manager (npm) vulnerable to malicious worm packages
The Node.js Package Manager (or just npm) allows the author of a malicious package to infect other packages and propagate malicious scripts across the npm ecosystem and in the builds of legitimate projects.
#484 Petya ransomware usses DOS-level lock screen, prevents OS boot up
Lock-ransomware, also known as lockers, is the first type of ransomware that existed before the rise of crypto-ransomware. This type of ransomware doesn't encrypt files, but merely blocks the user's access to his data.
#483 Fileless PowerWare ransomware found on healthcare network
Attackers are not through testing the limits of what they can do with new features in ransomware samples. That latest found in the wild is called PowerWare and it was discovered a week ago targeting a company in the healthcare industry, researchers at Carbon Black told Threatpost.
#482 Google fixes four critical vulnerabilities in latest Chrome build
The update remedies an out-of-bounds read in Chrome’s open source JavaScript engine V8, two use-after-free vulnerabilities – one in Navigation and one in Extensions – and a buffer overflow in the libANGLE library.
#481 Apple OS X 0-day bypasses native SIP protection
System Integrity Protection (SIP) was implemented in OS X El Capitan and imposes limitations on what actions that Mac computers’ root accounts can take against protected paths of the operating system. Yesterday at the SysCan360 conference in Singapore, a researcher from SentinelOne disclosed details of a vulnerability that was patched by Apple this week only in El Capitan that if exploited bypasses SIP.
#480 "Reverse Engineering for Beginners" free book
Topics discussed: x86/x64, ARM/ARM64, MIPS, Java/JVM.

Topics touched: Oracle RDBMS, Itanium, copy-protection dongles, LD_PRELOAD, stack overflow, ELF, win32 PE file format, x86-64, critical sections, syscalls, TLS, position-independent code (PIC), profile-guided optimization, C++ STL, OpenMP, win32 SEH.
#479 Stealthy USB malware targeting air-gapped PCs leaves no trace of infection
Researchers have discovered highly stealthy malware that can infect computers not connected to the Internet and leaves no evidence on the computers it compromises.

USB Thief gets its name because it spreads on USB thumb and hard drives and steals huge volumes of data once it has taken hold. Unlike previously discovered USB-born malware, it uses a series of novel techniques to bind itself to its host drive to ensure it can't easily be copied and analyzed. It uses a multi-staged encryption scheme that derives its key from the device ID of the USB drive. A chain of loader files also contains a list of file names that are unique to every instance of the malware. Some of the file names are based on the precise file content and the time the file was created. As a result, the malware won't execute if the files are moved to a drive other than the one chosen by the original developers.
#478 After Verizon breach, 1.5 million customer records put up for sale
According to KrebsOnSecurity, "a prominent member of a closely guarded underground cybercrime forum posted a new thread advertising the sale of a database containing the contact information on some 1.5 million customers of Verizon Enterprise." The entire database was priced at $100,000, or $10,000 for each set of 100,000 customer records. "Buyers also were offered the option to purchase information about security vulnerabilities in Verizon’s Web site," security journalist Brian Krebs reported.
#477 850 million Android devices still at risk of hijack by Stagefright bug
The vulnerability is capable of attacking any Android device running Android 2.2 or higher and allows attackers to hijack of a device without the user even being aware. It does so just by taking advantage of Android's built-in media library, which can be triggered to run malicious code capable of giving the hacker access to all the user's files.
#476 Emergency Java patch re-issued for 2013 vulnerability
Oracle yesterday released an emergency patch for a Java vulnerability that was improperly patched in 2013. Researchers at Security Explorations in Poland two weeks ago disclosed that a Java patch for an issue the company reported in 2013, CVE-2013-5838, was still trivially exploitable, and it enabled attackers to remotely execute code and bypass the Java sandbox.
#475 Certified Ethical Hacker website caught spreading crypto ransomware
EC-Council, the Albuquerque, New Mexico-based professional organization that administers the Certified Ethical Hacker program, started spreading the scourge on Monday. Shortly afterward, researchers from security firm Fox IT notified EC-Council officials that one of their subdomains—which just happens to provide online training for computer security students—had come under the spell of Angler, a toolkit sold online that provides powerful Web drive-by exploits. On Thursday, after receiving no reply and still detecting that the site was infected, Fox IT published this blog post, apparently under the reasonable belief that when attempts to privately inform the company fail, it's reasonable to go public.
#474 Google releases new tool to scan Android apps for accessibility issues
For anyone designing Android apps, Google just released a tool that will help make your apps more accessible for all users. The company's new Accessibility Scanner looks at any Android app and will call out aspects of it that could be improved, particularly for differently abled users. The app will even suggest ways you can alter things for the better.
#473 Iranians indicted over DDoS campaign on banks
The U.S. government on Thursday indicted seven hackers affiliated with the Iranian government for attacks it called “a frightening new frontier in cybercrime.” Accusing the men of carrying out a series of distributed denial of service (DDoS) attacks against 46 financial companies, the Department of Justice announced the charges in a press conference Thursday morning in Washington, D.C.,
#472 Patched Apple bug paved way to root compromises
Researchers at Cisco on Wednesday disclosed details on a flaw in an OS X graphics kernel driver that begs to be chained with any number of other exploits to gain kernel level access on a Mac computer.
Craig Williams, security outreach manager for Cisco Talos, said this is the type of flaw that could be exploited at scale and lead to a wide range of compromises.
#471 PNG Embedded – Malicious payload hidden in a PNG file
Brazilian attacks are evolving day-by-day, becoming more complex and efficient. It is there necessary to be wary of emails from unknown sources, especially those containing links and attached files.

Since the malicious payload hosted in the PNG file cannot be executed without its launcher, it cannot be used as the main infector; that is usually delivered to your mailbox, so it has to be installed by a different module.

This technique allows the criminals to successfully hide the binary inside a file that appears to be a PNG image. It also makes the analysis process harder for antivirus companies as well as bypassing the automated process to detect malicious files on hosting servers.
#470 Malware is being signed with multiple digital certificates to evade detection
Symantec has recently observed various malware families seen in the wild signed with multiple digital certificates. As seen with Suckfly, valid, legitimate certificates can be stolen from an organization, often without their knowledge, and then used to sign malware to evade detection. In this case, attackers have used multiple digital certificates together to increase the chance that the targeted computer considers their malware safe. The attacker's ultimate goal is that their attack goes completely undetected.
#469 Operation C-Major: Information theft campaign targets military personnel in India (PDF report)
The Trend Micro Forward-Looking Threat Research team recently uncovered an information theft campaign in India that has stolen passport scans, photo IDs, and tax information of high-ranking Indian military officers, non-Indian military attaché based in the said country, among others. We came across this operation while monitoring other targeted attack campaigns and what caught our interest, apart from its highly targeted nature, is the lack of sophistication in the tools and tactics it used.
#468 11 enterprise security solutions tested under Windows 10
Many IT departments having Windows 8 PCs not belonging to their fleet of enterprise versions are quickly jumping on the bandwagon of upgrading to Version 10 free of charge. But which security solution works best with Windows 10 clients? AV-TEST tested 11 current versions.
#467 99 problems but two-factor ain’t one
Two-factor authentication is a best practice for securing remote access, but it is also a Holy Grail for a motivated red team. Hiding under the guise of a legitimate user authenticated through multiple credentials is one of the best ways to remain undetected in an environment. Many companies regard their two-factor solutions as infallible and do not take precautions to protect against attackers’ attempts to bypass or backdoor them.
#466 Vulnerability in 70 CCTV DVRs traced back to Chinese firm who ignores researcher
RSA security researcher Rotem Kerner has identified a common vulnerability in the firmware of 70 different CCTV DVR vendors, which allows crooks to execute code and even gain root privileges on the affected devices.
#465 Apple worries that spy technology has been secretly added to the computer servers it buys
Apple's huge success with services like iTunes, the App Store, and iCloud has a dark side. Apple hasn't been able to build the all the data centers it needs to run these enormous photo storage and internet services on its own. And it worries that some of the equipment and cloud services it buys has been compromised by vendors who have agreed to put "back door" technology for government spying, according to a report from The Information's Amir Efrati and Steve Nellis.
#464 Google opens access to its speech recognition API, going head to head with Nuance
Google is planning to compete with Nuance and other voice recognition companies head on by opening up its speech recognition API to third-party developers. To attract developers, the app will be free at launch with pricing to be introduced at a later date.
#463 Google builds list of untrusted digital certificate suppliers
Google's has bolstered its toolset for keeping tabs on digital certificate suppliers that go rogue.

That toolset, a Google-designed digital certificate logging system known as Certificate Transparency (CT), can help protect Chrome users from the kind of mis-issued Secure Sockets Layer (SSL) certificates that Symantec generated last year for some Google domains.

The incident sparked an angry response from Google, which demanded that from June 1, 2016, Symantec log all certificates it issues in line with Google's Chromium CT policy or else websites that rely on its certificates will be flagged as dangerous by Chrome.
#462 Microsoft adds new feature in Office 2016 that can block macro malware
Microsoft is finally addressing the elephant in the room in terms of security for Office users and has announced a new feature in the Office 2016 suite that will make it harder for attackers to exploit macro malware.
#461 Android rooting bug opens Nexus phones to “permanent device compromise”
Millions of Android phones, including the entire line of Nexus models, are vulnerable to attacks that can execute malicious code and take control of core functions almost permanently, Google officials have warned.
#460 73 percent drop in financial Trojan infections but threat is far from neutralized
Using financial Trojans to defraud customers of online banking services is still a popular method among cybercriminals looking to make a profit. Although we have seen a drop in the number of financial Trojans being detected, the Trojans are becoming more capable at what they do and the threat they pose will remain for some time to come. Furthermore, criminals are increasingly targeting financial institutions directly, using malware or through business email compromise (BEC) scams.
#459 Hackers find it more lucrative to target banks, not customers
Trojan attacks against the financial industry are becoming more effective and will continue to plague the sector for some time, as cybercriminals move away from attacking customers and instead choose to target the banks themselves, due to the increased incentive of a more lucrative cash haul.
#458 Tor Project says it can quickly catch spying code
The Tor Project is fortifying its software so that it can quickly detect if its network is tampered with for surveillance purposes, a top developer for the volunteer project wrote on Monday.
#457 To stop the hackers, security teams need to share more data on attacks
Just under half of cybersecurity professionals use any form of shared cyberthreat intelligence (CTI) in their efforts to protect their enterprises from cyberattacks and hackers, despite CTI's potential to significantly improve security in the fight against cybercrime.
#456 Radio attack lets hackers steal 24 different car models
For years, car owners with keyless entry systems have reported thieves approaching their vehicles with mysterious devices and effortlessly opening them in seconds. After having his Prius burgled repeatedly outside his Los Angeles home, the New York Times‘ former tech columnist Nick Bilton came to the conclusion that the thieves must be amplifying the signal from the key fob in the house to trick his car’s keyless entry system into thinking the key was in the thieves’ hand. He eventually resorted to keeping his keys in the freezer.
#455 Encryption securing money transfers on mobile phones can be broken
A group of researchers has proved that it is possible to break the encryption used by many mobile payment apps by simply measuring and analysing the electromagnetic radiation emanating from smartphones.
#454 StartSSL Domain validation (vulnerability discovered).
StartSSL has only one way to validate the ownership of a domain name which is through a predefined list of emails (such as Webmaster,Postmaster and Hostmaster) that are in the same domain you are trying to verify. This method is rarely used, instead for the domain validation most certificate authorities ask the domain owner to place a certain file in their websites.
#453 Everything you need to know about the iMessage security flaw patched by iOS 9.3
Security researchers discovered a number of weaknesses in iMessage's encryption system. Apple's patches are already slated to appear.
#452 About the security content of OSX El Capitan v10.11.4 and security update 2016-002
This document describes the security content of OS X El Capitan v10.11.4 and Security Update 2016-002.
#451 FBI 'may be able to unlock San Bernardino iPhone'
The FBI says it may have found a way to unlock the San Bernardino attacker's iPhone without Apple's assistance.

A court hearing with Apple scheduled for Tuesday has been postponed at the request of the US Justice Department (DOJ), Apple has confirmed.
#450 Apple patches serious iMessage crypto flaws
The vulnerabilities were patched today with the release of iOS 9.3 and an updated version of OS X. Of perhaps larger importance is the context they bring to the ongoing Apple-FBI legal fight over encryption. The team of Green and students Ian Miers, Christina Garman, Gabriel Kaptchuk and Michael Rushanan demonstrated how a resourced attacker could pick apart flaws in what is widely considered the most secure, commercial messaging platform to get at messages sent to a target phone. They contend that the FBI’s court order for the introduction of intentionally weak crypto, or other proposals such as key escrow, aren’t necessary when security issues like these can be ferreted out.
#449 Google rushes out emergency fix for Android rooting exploit but most phones remain at risk
Google says no to rooting apps in Google Play and issues an emergency patch for Nexus devices to fix a critical kernel bug.
#448 Researchers find flaw in Apple's iMessage, decrypt iCloud photo
Apple's iMessage system has a cryptography flaw that allowed researchers to decrypt a photo stored in iCloud, the Washington Post reported on Sunday. The researchers, led by cryptography expert Matthew D. Green of Johns Hopkins University, wrote software that mimicked an Apple server and then targeted an encrypted photo stored on iCloud, the publication reported. They were able to obtain the decryption key by repeatedly guessing each of its 64 digits. When a correct digit was guessed, the phone let them know if it was correct. Further technical details were not available.
#447 Netflix CEO says blocking region-switching proxy services is ‘the maturation of Internet TV’
During a recent roundtable discussion MobileSyrup attended at Netflix’s head office in Los Gatos, California, Netflix CEO Reed Hastings finally commented on the company’s controversial move to begin blocking the use of proxy VPN/DNS services.
#446 275 million Android phones imperiled by new code-execution exploit
A proof-of-concept exploit dubbed Metaphor works against Android versions 2.2 through 4.0 and 5.0 and 5.1, which together are estimated to run 275 million phones, researchers from Israeli security firm NorthBit said. It attacks the same Stagefright media library that made an estimated 950 million Android phones susceptible to similar code-execution attacks last year.
#445 FTC warns app developers over use of audio tracking code
The Federal Trade Commission is warning a dozen developers about some code they’ve included in their apps that can surreptitiously listen to unique audio signals from TVs in the background and build detailed profiles of what consumers are watching. The technology, produced by a company called SilverPush, is used to track users across devices and the FTC warned the developers that if they don’t disclose the use of the code to consumers, they could be violating the FTC Act.
#444 UK: Bank of England to work with National Cyber Security Centre
The first task of Britain's new cybersecurity centre will be to work with the Bank of England, the government has announced.

The work will involve setting standards for the financial sector in terms of resilience to the type of cyber threats which could undermine the UK economy.

The new body - now renamed the National Cyber Security Centre (NCSC) - was unveiled last year by the Chancellor.
#443 Online banking threats in 2015: the curious case of DRIDEX’s prevalence
DRIDEX’s continued prevalence could be attributed to two main factors: the botnet’s efficient delivery mechanism, which leads to more affected users; and its resilient peer-to-peer infrastructure that allows it to continue its operation. We also surmise that DRIDEX is being peddled in cybercriminal underground markets, allowing other cybercriminals and attackers to use botnet for their malicious activities.
#442 TeslaCrypt 3.0.1 - Tales From The Crypt(o)!
Ransomware is malicious software that is designed to hold users' files (such as photos, documents, and music) for ransom by encrypting their contents and demanding the user pay a fee to decrypt their files. Typically, users are exposed to ransomware via email phishing campaigns and exploit kits. TeslaCrypt is one well-known ransomware variant, infecting many victims worldwide. It is in the top 5 of ransomware we see most often in our analysis systems. The core functionality of TeslaCrypt 3 remains the same as it continues to encrypt users’ files and then presents a message demanding the user to pay a ransom.
#441 An iCloud scam that may be worse than ransomware
A hacker had somehow gotten access to iCloud account. Using this, he was able to remotely lock a computer using iCloud’s Find My Mac feature, with a ransom message displayed on the screen.
#440 Spammers abusing trust in US .gov domains
Spammers are abusing ill-configured U.S. dot-gov domains and link shorteners to promote spammy sites that are hidden behind short links ending in””.
#439 Once thought safe, DDR4 memory shown to be vulnerable to “Rowhammer”
Physical weaknesses in memory chips that make computers and servers susceptible to hack attacks dubbed "Rowhammer" are more exploitable than previously thought and extend to DDR4 modules, not just DDR3, according to a recently published research paper.

The tests showed many of the DIMMs were vulnerable to a phenomenon known as "bitflipping," in which 0s were converted to 1s and vice versa. The report was published by Third I/O, an Austin, Texas-based provider of high-speed bandwidth and super computing technologies. The findings were presented over the weekend at the Semicon China conference.
#438 Mitre takes on critics, set to revamp CVE vulnerability reporting
Mitre Corporation will introduce a new pilot program for classifying Common Vulnerabilities and Exposures (CVE) in the coming weeks. The move is in response to a backlash in the security community where some critics contend Mitre is failing to keep pace with a massive influx in the number of reported vulnerabilities to the organization.
#437 Alert: Millions of Android devices vulnerable to new Stagefright exploit
Israeli software research company NorthBit claimed it had "properly" exploited the Android bug that was originally described as the "worst ever discovered".

The exploitation, called Metaphor, is detailed in a research paper (PDF) from NorthBit and also a video showing the exploit being run on a Nexus 5. NorthBit said it had also successfully tested the exploit on a LG G3, HTC One and Samsung Galaxy S5.
#436 American Express notifies cardholders of third-party breach
American Express has begun notifying cardholders that their data may have been compromised in a third-party breach. A notification letter filed on March 10 with California’s attorney general indicates that AmEx account numbers, user names and other information including expiration dates may have been accessed.
#435 AceDeceiver: first iOS trojan exploiting Apple DRM design flaws to infect any iOS device
What makes AceDeceiver different from previous iOS malware is that instead of abusing enterprise certificates as some iOS malware has over the past two years, AceDeceiver manages to install itself without any enterprise certificate at all. It does so by exploiting design flaws in Apple’s DRM mechanism, and even as Apple has removed AceDeceiver from App Store, it may still spread thanks to a novel attack vector.
#434 5 major hospital hacks: horror stories from the cybersecurity frontlines
In real-world war, combatants typically don’t attack hospitals. In the cyber realm, hackers have no such scruples. “We’re attacked about every 7 seconds, 24 hours a day,” says John Halamka, CIO of the Boston hospital Beth Israel Deaconess. And the strikes come from everywhere: “It’s hacktivists, organized crime, cyberterrorists, MIT students,” he says.
#433 Why are so few Android phones encrypted, and should you encrypt yours?
On Monday, experts speaking to The Wall Street Journal about the ongoing smartphone encryption debate estimated that roughly "10 percent of the world's 1.4 billion Android phones were encrypted," compared to 95 percent of all iPhones. For iPhones, that estimate is based on data provided by the company's OS distribution chart—this isn't a perfect source since it also includes iPods and iPads. In any case, the vast majority of iDevices are running iOS 8 or 9 and are thus encrypted in a way that makes it impossible for Apple or others to directly access data on them without their passcodes.
#432 VMware patches XSS vulnerabilities in vRealize products
VMware patched two cross-site scripting vulnerabilities in its products this week that if exploited, could lead to the compromise of a user’s client workstation. The bugs, stored XSS vulnerabilities and rated important, exist in the company’s vRealize Automation and vRealize Business Advanced and Enterprise platforms.
#431 To bypass code-signing checks, malware gang Suckfly steals lots of certificates
There are lots of ways to ensure the success of an advanced hacking operation. For a gang called Suckfly, one of the keys is having plenty of stolen code-signing certificates on hand to give its custom malware the appearance of legitimacy.
#430 Smart Reply for Google's Inbox Gmail app comes to the web
Smart Reply, which has been on the Inbox app for a few months, relies on a trained system consisting of a pair of neural networks that interpret email and offer sensible short responses. The first network encodes words from incoming email while the second cooks up a grammatically correct reply.
#429 Special antivirus tools put to the test: performance of system rescuers in an emergency
Special antivirus tools are the typical rescue tool of choice after a malware attack. The lab at AV-TEST tested 5 popular special tools for almost a year to see whether they can reliably rescue infected Windows PCs from malware and repair everything again.
#428 Exploit Kits in 2015: Scale and Distribution
The data was taken from analysis of exploit kit URLs that were blocked by Trend Micro products over the entirety of 2015. This information represents a sizable sample of the overall threat landscape. This allows us to observe any long-term trends in the overall landscape and protect our users accordingly.
#427 Amazon Web Services (AWS) makes Database Migration Service available to all customers
According to AWS, the migration service is a fully managed service that allows customers to migrate their production Oracle, SQL Server, MySQL, MariaDB, and PostgreSQL databases from on-premises datacentres to AWS' cloud.
#426 OpenSSH with X11Forwarding enabled should heed recent security update
The latest version of the open source implementation of the SSH protocol patches a flaw that exposes it to command injection attacks. The open source project cautions that OpenSSH disabled X11Forwarding long ago—it is no longer the default configuration—thus limiting the risk to most users. But some vendors—OpenSSH singled out Red Hat in particular—turn X11Forwarding on and those versions prior to 7.2p2 with X11Forwarding enabled are at risk.
#425 Steam stealer malware ‘booming business’ for attackers targeting gaming service
Malware that targets Steam accounts has proliferated the gaming platform and become what researchers are calling a “booming business” for cybercriminals over the last few months.
#424 Big-name sites (NYT, BBC, MSN, AOL) hit by rash of malicious ads spreading crypto ransomware
Mainstream websites, including those published by The New York Times, the BBC, MSN, and AOL, are falling victim to a new rash of malicious ads that attempt to surreptitiously install crypto ransomware and other malware on the computers of unsuspecting visitors, security firms warned.
#423 Mozilla's new Servo browser will be released in june 2016
Servo started as an experimental project belonging to the Mozilla Research team, which set out to build a sleeker Web layout engine as an alternative to Firefox's default engine called Gecko.

The difference between Servo and Gecko is that the former was coded entirely in Rust, a programming language that Mozilla developed for its applications, focused on performance and stability, something that Firefox was lacking at that particular point in time.
#422 Chinese hackers turn to ransomware
Chinese hackers are launching sophisticated ransomware attacks - in which they hijack machines and demand payment to decrypt them, according to reports.
#421 Watch a thief turn a regular credit card reader into a skimmer in rhree seconds
Turning a regular credit and debit card reader into a device that steals a victim’s credit card information—commonly known as a skimmer—can take less than three seconds.
#420 Documents with malicious macros deliver fileless malware to financial-transaction systems
Spammed Word documents with malicious macros have become a popular method of infecting computers over the past few months. Attackers are now taking it one step further by using such documents to deliver fileless malware that gets loaded directly in the computer's memory.
#419 Typosquatters target Mac users with new ‘.om’ domain scam
According to Endgame security researchers, the top level domain for Middle Eastern country Oman (.om) is being exploited by typosquatters who have registered more than 300 domain names with the .om suffix for U.S. companies and services such as Citibank, Dell, Macys and Gmail. Endgame made the discovery last week and reports that several groups are behind the typosquatter campaigns.
#418 Google, Facebook, Snapchat and Whatsapp look to improve user data encryption
Tech giants including Google, Facebook, Whatsapp and Snapchat are looking to increase the privacy of user data by expanding their encryption features. The recent reports mark growing industry support for Apple in its fight to not allow authorities backdoor access into users’ devices.
#417 Linux kernel is the last in the series, Linux 3.2 upgrade recommended
The oldest long-term supported kernel branch, Linux 2.6.32, was about to reach its end of life in February, as kernel developer Willy Tarreau said it would happen in an announcement made at the end of January 2016.
#416 Linux kernel 4.5 officially released, adds high performance to the AMDGPU Driver
Today, March 14, 2016, Linus Torvalds and the hard-working team of kernel developers have been proud to announce the official release of Linux kernel 4.5, along with its immediate availability for download.
#415 OpenSSH patches information leak flaw
OpenSSH on Friday dropped a patch for a vulnerability that could expose files to theft and manipulation.
#414 Black Hat Europe 2015 [VIDEOS]
The Black Hat Briefings are a series of highly technical information security conferences that bring together thought leaders from all facets of the infosec world - from the corporate and government sectors to academic and even underground researchers. The environment is strictly vendor-neutral and focused on the sharing of practical insights and timely, actionable knowledge. Black Hat remains the best and biggest event of its kind, unique in its ability to define tomorrow's information security
#413 A growing number of Android Malware families believed to have a common origin
On Feb. 19, IBM XForce researchers released an intelligence report [1] stating that the source code for GM Bot was leaked to a crimeware forum in December 2015. GM Bot is a sophisticated Android malware family that emerged in the Russian-speaking cybercrime underground in late 2014. IBM also claimed that several Android malware families recently described in the security community were actually variants of GM Bot, including Bankosy[2], MazarBot[3], and the SlemBunk malware recently described by
#412 Defense against the dark arts - basic cyber-security for journalists
The guide aims to provide basic cyber-hygiene for journalists. When we talk about this, participating journalists often tell us: we have nothing to hide. Or: I don’t write about anything sensitive. But we’re not per se worried that journalists get into fights with the NSA or army divisions. It could happen of course, but consider this: will you ever write about something that can possibly make someone upset? Because what happens much more often is that adversaries will try to intimidate you or d
#411 Microsoft Store turns its back on bitcoin payments for Windows 10
Microsoft has stopped accepting bitcoin as a payment option within its Microsoft Store that is used to purchase software and devices online, as well as power the company's Xbox, music, and video stores.
#410 VPN Provider’s no-logging claims tested in FBI case
While many VPN providers say they do not log their users' activities in order to protect anonymity, it's not often their claims get tested in the wild. However, a criminal complaint filed by the FBI this week notes that a subpoena sent to Private Internet Access resulted in no useful data being revealed about a suspected hoaxer.
#409 Chrome extension "BitcoinWisdom Ads Remover" caught stealing bitcoin from users
The extension's name is BitcoinWisdom Ads Remover and is a Chrome extension that removes ads from the, a website for consulting all kinds of Bitcoin-related statistics, all presented in easy-to-understand charts.

According to Bitstamp, a website that lets users exchange Bitcoin for US dollars, this extension contains malicious code that is redirecting payments to its own Bitcoin address, instead of the one intended by the user making the transaction.
#408 Encrypted WhatsApp voice calls frustrate new court-ordered wiretap
The Department of Justice has opened another legal front in the ongoing war over easy-to-use strong encryption.

According to a Saturday report in The New York Times, prosecutors have gone head-to-head with WhatsApp, the messaging app owned by Facebook. Citing anonymous sources, the Times reported that "as recently as this past week," federal officials have been "discussing how to proceed in a continuing criminal investigation in which a federal judge had approved a wiretap, but
#407 Windows 10 upgrade reportedly starting automatically on sindows 7 PCs
A post on reddit that has received quite a lot of attention in the last few hours reveals that “Windows 7 computers are being reported as automatically starting the Windows 10 upgrade without permission,” with several users confirming in the comment section that this is indeed the case.
#406 Marriott must pay $600,000 for blocking personal WiFi hotspots
Marriott International has to pay $600,000 following a probe into whether it intentionally blocked personal Wi-Fi hotspots in order to force customers to use its own very pricey service.
#405 600,000 TFTP servers can be abused for reflection DDoS attacks
Reflection DDoS attacks, also known as R-DDoS, DRDoS, or Distributed Reflective Denial of Service attacks, are a more dangerous version of regular DDoS attacks.

Reflection DDoS attacks rely on an attacker sending traffic to an intermediary point with a bad return address (the victim's IP). By crafting malformed network traffic packets, and abusing flaws in a protocol or server setup, this traffic is then sent to the return address (the victim's IP) multiple times over. The number of times a p
#404 Critical bug in libotr could open users of ChatSecure, Adium, Pidgin to compromise
A vulnerability in “libotr,” the C code implementation of the Off-the-Record (OTR) protocol that is used in many secure instant messengers such as ChatSecure, Pidgin, Adium and Kopete, could be exploited by attackers to crash an app using libotr or execute remote code on the user’s machine.
#403 Skype co-founder launches end-to-end encrypted 'Wire' app
A group of former Skype, Apple and Microsoft employees, backed by Skype’s co-founder Janus Friis, created a Skype alternative called “Wire” back in 2014, which wasn’t end-to-end encrypted at the time. The team announced that the latest version of the app brings open source end-to-end encryption from everything to chats to video calls, as well as multi-device end-to-end encryption.
#402 Botched Java patch leaves millions vulnerable to 30-month-old attack
The bypass code, which was released Thursday by Polish security firm Security Explorations, contains only minor changes to the original proof-of-concept, according to an e-mail posted to the Full Disclosure security list. Security Explorations released the original exploit in October 2013 following the release of a patch from Oracle. Thursday's bypass changes only four characters from the 2013 code and uses a custom server to work. The bypass means that millions of Java users have remained vulne
#401 TPLink blocks open source router firmware to comply with new FCC rule
Networking hardware vendor TP-Link says it will prevent the loading of open source firmware on routers it sells in the United States in order to comply with new Federal Communications Commission requirements.
#400 FCC's new privacy rules target broadband providers - but not web giants like Google, Facebook
US Federal Communications Commission (FCC) boss Tom Wheeler on Thursday outlined a proposal that would require broadband providers such as Verizon and Comcast to obtain consent before collecting consumer data.
#399 DDoS attacks: Getting bigger and more dangerous all the time
According to statistic published in the VeriSign Distributed Denial of Service Trends Report, DDoS activity is the highest it's ever been, with the final quarter of 2015 seeing an 85 percent rise in instances - almost double the number of attacks - when compared with the same same period in 2014. The figures for Q4 2015 also represent a 15 percent rise on the previous quarter.
#398 Hackers target Anti-DDoS firm Staminus
Staminus Communications Inc., a California-based Internet hosting provider that specializes in protecting customers from massive “distributed denial of service” (DDoS) attacks aimed at knocking sites offline, has itself apparently been massively hacked. Staminus’s entire network was down for more than 20 hours until Thursday evening, leaving customers to vent their rage on the company’s Facebook and Twitter pages. In the midst of the outage, someone posted online download links for what appear t
#397 Adobe issues emergency patch for actively exploited code-execution bug
Adobe has issued an emergency update for its Flash media player that patches almost two dozen critical vulnerabilities, including one that's being maliciously exploited in the wild.
#396 Cisco Cable Modem with digital voice (DPC2203) remote code execution vulnerability
A vulnerability in the web server used in the Cisco Cable Modem with Digital Voice Model DPC2203 could allow an unauthenticated, remote attacker to exploit a buffer overflow and cause arbitrary code execution.
#395 Tor users can be tracked by mouse movements
The way you move your mouse is unique, like fingerprints, and can be used by dark forces to track you on supposedly anonymous and secure networks like Tor, according to a Barcelona researcher.
#394 Samsung Windows laptop owners urged to download fix to MitM vulnerability
The flaw is tied to a feature called “Samsung SW Update Tool” designed keep Samsung laptop users’ drivers and software up to date. Security researchers at Core Security discovered the vulnerability in November 2015 and disclosed the flaw March 4 after Samsung issued the patch to fix the problem.
#393 Off-the-Record (OTR) protocol patched against remote code execution flaw
Users of secure messaging apps such as Pidgin, Adium and others built upon libotr, the Off-the-Record protocol, are being urged to update immediately to current versions after the discovery of a critical flaw that can be used in targeted attacks to expose encrypted communication.
#392 Bangladesh bank hackers fail in bid to net $1bn
Cyberthieves who targeted Bangladesh's central bank tried to get away with $1bn, reports Reuters.
#391 Spike in ransomware spam prompts warnings
Security firms are warning about a sudden "huge" surge in junk mail messages containing ransomware.
#390 Australian Communications and Media Authority ACMA spruiks default IoT spectrum worldwide
The Australian Communications and Media Authority (ACMA) has addressed the issues associated with licensing spectrum for the Internet of Things (IoT), arguing in favour of a default spectrum band for all devices across the globe -- or, alternatively, sensors that can identify which country a device is operating in.
#389 Gaps in CA system? Banking trojan with a valid Comodo root certificate
A banking Trojan is hitting the market with a valid root certificate and a set of installation directions. It shows that there are some real security gaps in the current Certificate Authorities system.
#388 Android banking trojan masquerades as Flash Player and bypasses 2FA
Active users of mobile banking apps should be aware of a new Android banking trojan campaign targeting customers of large banks in Australia, New Zealand and Turkey. The banking malware, detected by ESET security products as Android/Spy.Agent.SI, can steal login credentials from 20 mobile banking apps.The list of target banks includes the largest banks in each of the three target countries (A full list can be found in the final section of this article). Thanks to its ability to intercept SMS com
#387 Google has confirmed it is removing toolbar PageRank
Google has confirmed with Search Engine Land that it is removing Toolbar PageRank. That means that if you are using a tool or a browser that shows you PageRank data from Google, within the next couple weeks it will begin not to show any data at all.
#386 Ubuntu drops support for AMD's Catalyst GPU driver
Ubuntu developers have deprecated the fglrx / Catalyst Linux display stack for Ubuntu 16.04 LTS. Users of this upcoming Ubuntu release are now encouraged to use the open-source Radeon display stack.
#385 MIT creates algorithm that speeds up page load time by 34 percent
MIT's Polaris framework will work by creating dependency graphs for each Web page, which dictates the most efficient order in which all the page resources need to be loaded.
#384 Firefox 45 fixes 40 vulnerabilities, 22 critical
Much like Google, which updated Chrome yesterday, Mozilla released a new version of Firefox on Tuesday, fixing 40 vulnerabilities in the browser.

The update, Firefox 45, included eight bulletins rated critical and patched a handful of serious use-after-free vulnerabilities and a pair of buffer overflow vulnerabilities.
#383 Caution urged over patched Windows USB driver flaw
Yesterday, Microsoft patched a flaw in the Windows USB Mass Storage Class Driver that could put some people on edge. Though the flaw was rated “important,” likely because it requires local access to exploit, previous work in this arena shows that such a bug could be attacked remotely.
#382 Home Depot will pay up to $19.5 million for massive 2014 data breach
Home Depot has agreed to pay as much as $19.5 million to remedy the giant data breach it suffered in 2014, the company confirmed on Tuesday. Included in that figure is a reported $13 million to reimburse customers for their losses and $6.5 million to provide them with one and a half years of identity protection services.
#381 Chrome update fixes three high severity vulnerabilities
Google pushed out the latest version of its flagship browser Chrome on Tuesday, fixing three high severity bugs in the process.

The update graduates the browser to version number 49.0.2623.87 for Windows, Mac, and Linux, according to a post on Google’s Chrome Releases blog this week.
#380 Phishers are creating YouTube channels to document their attacks
Phishing attacks have linked back to YouTube channels where phishers explain their attacks and promote their tools while looking for buyers.
#379 The rise of IoT hacking: New dangers, new solutions
The explosive growth of the Internet of Things has created a host of new threats for the enterprise. Here's how hackers are targeting your connected devices and what you can do about it.
#378 Let's Encrypt reaches one million certificate encryption milestone
One million free TLS certificates have now been issued, paving the way for better encryption and security on the Web.
#377 Android vulnerabilities allow for easy root access - Qualcomm Snapdragon SoCs flaw
Qualcomm Snapdragon SoCs (systems on a chip) power a large percentage of smart devices in use today. The company’s own website notes that more than a billion devices use Snapdragon processors or modems. Unfortunately, many of these devices contain security flaws that could allow an attacker to gain root access. Gaining root access on a device is highly valuable; it allows the attacker access to various capabilities they would not have under normal circumstances.
#376 Dell open sources DCEPT, a honeypot tool for detecting network intrusions
Dell SecureWorks researchers have developed a tool that allows Windows system administrators to detect network intrusion attempts and pinpoint them to the original source (i.e. a compromised endpoint), and have made it available for everybody.
#375 FBI quietly changes its privacy rules for accessing NSA data on Americans
Classified revisions accepted by secret Fisa court affect NSA data involving Americans’ international emails, texts and phone calls.
#374 Mark Ward: How Minecraft undermined my digital defences
Mark Ward: "Could your children be your weak link when it comes to home security? One of mine almost was thanks to Minecraft."
#373 KeRanger ransomware Is actually Linux.Encoder ported for Macs
A big surprise was revealed today by security researchers from Romanian antivirus company Bitdefender, who claim that the KeRanger Mac ransomware that appeared last weekend is actually a rewrite of the ransomware variant that's been plaguing Linux servers for the past five months.
#372 Microsoft Patch Tuesday – March 2016
This month the vendor is releasing 13 bulletins, five of which are rated Critical.
#371 ISC to patch versions of DHCP vulnerable to DoS
The Internet Systems Consortium (ISC) this week announced that it plans to patch versions of its Dynamic Host Configuration Protocol (DHCP) to mitigate a vulnerability that could’ve let a remote attacker cause a denial of service condition.

The group acknowledged on Monday that it plans to release DHCP 4.1-ESV-R13 and DHCP 4.3.4, at some point this month. Both versions will include code that should make the vulnerability harder to exploit.
#370 Adobe patches Reader and Acrobat, teases upcoming Flash update
Adobe today released security updates for its PDF editing and viewing products, Acrobat and Reader, and its ereader for books called Adobe Digital Editions. And while the customary Flash update is missing from today’s monthly rollout, Adobe said a new version of the software will be available “in the coming days.”
#369 Microsoft patches critical vulnerabilities in Edge
Microsoft released a baker’s dozen worth of security bulletins on Tuesday, including five rated critical and two rated important that could result in remote code execution attacks against compromised machines.
#368 Google squishes more critical Android bugs: Nexus, BB Priv patches ready
Google fixes seven critical bugs in its March security patch update but, besides Google's Nexus line, only BlackBerry's Priv has received the patches.
#367 SQL Server for Linux coming in mid-2017
Scott Guthrie, executive vice president of Microsoft's Cloud and Enterprise Group, announced today that next year Microsoft will be releasing a version of SQL Server that runs on Linux. A private preview is available today that includes the core relational database features of SQL Server 2016.
#366 Telstra, Cisco unveil SDN products for cloud security, datacentre connection
Telstra and Cisco have announced their three upcoming software-defined networking (SDN) and network function virtualisation (NFV) products to improve cloud security and global datacentre interconnection, with the first now in beta.
#365 Brazilian coders are pioneering cross-OS malware using JAR files
Java JAR files will run on all three major platforms, Mac, Linux, and Windows, and even on Android devices under special conditions.
#364 Apple has shut down the first fully-functional Mac OSX ransomware
Apple has shut down what appears to have been the first, fully-functional ransomware targeting Mac computers. This particular form of cyber threat involves malware that encrypts the data on your personal computer so you can no longer access it. Afterwards, the hackers request that you pay them in a hard-to-trace digital currency – in this case, bitcoin – in order for you to retrieve your files. This ransomware, called KeRanger,” was first reported by researchers at Palo Alto Networks. They also
#363 Google fixes critical Android mediaserver bugs, again
Google today patched two critical holes in its problematic Android Mediaserver component which would allow an attacker to use email, web browsing, and MMS processing of media files to remotely execute code. With this latest vulnerability, Google has patched its Mediaserver more than two dozen times since the Stagefright vulnerability was discovered in August.
#362 Facebook fixes bug that allowed to reset anyone's password
Facebook has paid $15,000 (€13,600) to an independent security researcher who discovered a simple way of resetting passwords for other accounts, setting a new passphrase and effectively taking over profiles.
#361 Passcode bypass bugs trouble iOS 9.1 and Later
Apple has yet to patch a series of bypass vulnerabilities in iOS that could enable an attacker to sidestep the passcode authorization screen on iPhones and iPads running iOS 9.0, 9.1, and the most recent build of the mobile operating system, 9.2.1.
#360 McAfee lied about San Bernardino shooter's iPhone hack to 'get a s**tload of public attention'
“By doing so, I knew that I would get a shitload of public attention, which I did,” McAfee said. “That video, on my YouTube account, it has 700,000 views. My point is to bring to the American public the problem that the FBI is trying to [fool] the American public. How am I going to do that, by just going off and saying it? No one is going to listen to that crap.
#359 Google extends right-to-be-forgotten rules to all search sites
Google has responded to European Union data watchdogs by expanding its right-to-be-forgotten rules to apply to its search websites across the globe.
#358 Google piracy link-removal requests jump again: Now they hit 75 million a month
At the current rate, this year Google will probably need to assess one billion URLs that allegedly infringe copyrights.
#357 Training? What training? Workers' lack of cybersecurity awareness is putting the business at risk
Employees should be the most effective security control, but instead they create the greatest vulnerabilities, warns report
#356 First Mac-targeting ransomware hits BitTorrent Transmission users
A security research firm announced Sunday its discovery of what is believed to be the world’s first ransomware that specifically goes after OS X machines. "This is the first one in the wild that is definitely functional, encrypts your files and seeks a ransom,” Ryan Olson, of Palo Alto Networks, told Reuters.
#355 MIT's new 5-atom quantum computer could make today's encryption obsolete
A functional quantum computer large enough to crack traditional RSA encryption may still be in the future, but the U.S. National Security Agency is taking the possibility seriously. In January, it posted an FAQ on the technology’s potential.
#354 Seagate phish exposes all employee W-2’s
Email scam artists last week tricked an employee at data storage giant Seagate Technology into giving away W-2 tax documents on all current and past employees, KrebsOnSecurity has learned. W-2 forms contain employee Social Security numbers, salaries and other personal data, and are highly prized by thieves involved in filing phony tax refund requests with the Internal Revenue Service (IRS) and the states.
#353 Anonymous hacks Donald Trump's voicemail and leaks the messages
In the run-up to the presidential election, few days go by when Donald Trump isn't hitting the headlines for something he's said or done. The bombastic billionaire looks set to become the republican candidate, and his journey towards the White House is littered with offense and controversy, and back in December Anonymous declared war on him.
#352 You can unlock fingerprint-Protected phones with a regular inkjet printer
Kai Cao and Anil K. Jain from the Department of Computer Science and Engineering at Michigan State University have devised a simpler and faster method of spoofing fingerprints that can be carried out in 15 minutes or less.
#351 Cerber ransomware sold as a service, speaks to victims
A new file-encrypting ransomware program called Cerber has taken creepiness for victims, but also affordability for criminals, to a new level.

In terms of functionality Cerber is not very different than other ransomware threats. It encrypts files with the strong AES-256 algorithm and targets dozens of file types, including documents, pictures, audio files, videos, archives and backups.
#350 KB3140743 Issues Appear: Failed Downloads and Installs, BSOD, Slow System & More
Microsoft released KB3140743 update yesterday for Windows 10 devices, and as we showed, this is actually an important release, as it brings some structural changes to some basic Windows functions.

But, since no update, be it for Insiders or regular users, doesn’t come free of bugs and issues, we’ve discovered the first problems being reported. If you have encountered more, don’t hesitate and use the comments’ section at the end to leave your input.
#349 Central Bank of Venezuela doubles down in “cyber-terrorism” website lawsuit
The Venezuelan government has made it a crime to publish the street trading rate as it countermands the "official" exchange rates, which are far more favorable to the government. The recent collapse of the price of oil has exacerbated Venezuela's economic woes; the country is widely expected to default on its international debts later this year.
#348 Mozilla testing four new IoT solutions
Mozilla announced this week that it has identified a shortlist of projects for development and testing in their Internet of Things experiment. This follows last December’s decision to stop competing in the smartphone market, instead focusing its energies on other connected devices and the Internet of Things.
#347 Popular WordPress plugin comes with a backdoor, steals site admin credentials
Security researchers have unmasked the wicked actions of a WordPress plugin that was installing a backdoor through which it was altering core WordPress files so it could log and steal user credentials from infected sites.
#346 Espionage malware, watering hole attacks target diplomats
Diplomats and military personnel in India have been victimized in targeted espionage attacks that use a number of means of infection including phishing and watering hole sites.
#345 Whole lotta onions: number of Tor hidden sites spikes — along with paranoia
In recent weeks, the number of "hidden services"—usually Web servers and other Internet services accessible by a ".onion" address on the Tor anonymizing network—has risen dramatically. After experiencing an earlier spike in February, the number of hidden services tracked by Tor spiked to 114,000 onion addresses on March 1. They then dropped just as quickly, falling to just below 70,000 hidden services seen by Tor on Thursday—still twice the number that Tor had held steady at
#344 Online break-in forces bank to tighten security
Two major high street banks will change security procedures after journalists from BBC Radio 4's You and Yours programme broke into an account online and removed money.
#343 How hackers attacked Ukraine's power grid: implications for industrial IoT security
The initial breach of the Ukraine power grid was -- as so often in cyberattacks -- down to the human factor: spear-phishing and social engineering were used to gain entry to the network. Once inside, the attackers exploited the fact that operational system.
#342 Bitcoin's nightmare scenario has come to pass
This week the dire predictions came to pass, as the network reached its capacity, causing transactions around the world to be massively delayed, and in some cases to fail completely. The average time to confirm a transaction has ballooned from 10 minutes to 43 minutes. Users are left confused and shops that once accepted Bitcoin are dropping out.
#341 Dirt-cheap DDoS: The rock-bottom cost of mounting crippling 400Gbps attacks
You can hire Russian attackers to knock out a website for two days for just $173, according to new research by Arbor Networks.
#340 Attack on Zygote: a new twist in the evolution of mobile threats
Trojans obtaining unauthorized superuser privileges to install legitimate apps and display advertising would eventually start installing malware. And worst fears have been realized: rooting malware has begun spreading the most sophisticated mobile Trojans we have ever seen.
#339 Macro malware strides in new direction, uses forms to store its code
The resurgence and continued prevalence of macro malware could be linked to several factors, one of which is their ability to bypass traditional antimalware solutions and sandboxing technologies. Another factor is the continuous enhancements in their routines: just recently, we observe that the macro malware related to DRIDEX and the latest crypto-ransomware variant, Locky ransomware, used Form object in macros to obfuscate the malicious code. With this improvement, it could further aid cybercri
#338 New attack steals secret crypto keys from Android and iOS phones
Researchers have devised an attack on Android and iOS devices that successfully steals cryptographic keys used to protect Bitcoin wallets, Apple Pay accounts, and other high-value assets.
#337 Cisco issues critical patch for Nexus switches to remove hardcoded credentials
Cisco Systems issued a “critical” patch on Wednesday for its Nexus 3000 and 3500 series switches that allow remote attackers to access default account and static password information on affected hardware. The vulnerability could allow an unauthenticated user to log in to the affected system with the privileges of a root user.
#336 Mozilla bans Firefox add-on that tampered with security settings
Mozilla developers have taken steps to ban the popular YouTube Unblocker add-on after it was caught altering browser security settings and even installing a second add-on without the user's consent.
#335 PSA: Updated Apple certificate means old OSX installers don’t work anymore
There's one edge case for people who frequently troubleshoot and fix Macs, as pointed out by TidBits: old OS X installers downloaded from the Mac App Store before the certificate's expiration date will no longer work. This includes not just installers for El Capitan, but also downloaded installers for Yosemite, Mavericks, Mountain Lion, and Lion—every OS X installer issued using the Mac App Store. It also affects any USB install disks you've created using the downloaded installer.
#334 First step in cross-platform Trojan bankers from Brazil done
Brazilian cybercriminals have been “competing” with their Russian-speaking “colleagues” for a while in who makes more Trojan bankers and whose are most effective. A few days ago we found a new wave of different campaigns spreading the initial “Banloader” components in Jar (Java archive), which is very particular by its nature – it’s able to run on Linux, OS X, and of course Windows. Actually, it’s also able to run under certain circumstances even on mobile devices.
#333 Weak bank password policies leave 350 million vulnerable
In a study that looked at the password strength required to access website account for Wells Fargo, Capital One and 15 other banks, researchers found that 35 percent had significant weaknesses in their password policies, according to University of New Haven Cyber Forensic Research and Education Group.
#332 Amazon just removed encryption from the software powering Kindles, phones, and tablets
While Apple continues to resist a court order requiring it to help the FBI access a terrorist's phone, another major tech company just took a strange and unexpected step away from encryption.

Amazon has removed device encryption from the operating system that powers its Kindle e-reader, Fire Phone, Fire Tablet, and Fire TV devices.
#331 Time to pay attention: The Internet of Things is about to go mainstream
According to the firm's recent survey, Early Adopters of Internet of Things Poised to Make 2016 the Year of the Customer, the number of businesses planning to adopt some sort of IoT strategy is set to grow by 50 percent this year, a figure which would bring the overall total of businesses with some sort of IoT deployment to 43 percent.
#330 Businesses are still scared of reporting cyberattacks to the police
According to Cyber Security: Underpinning the Digital Economy, a report by the Institute of Directors and Barclays bank, companies are keeping quiet about being the victim of a cyberattack, even if their operations were badly affected by such an incident -- as figures suggest was the case for half of respondents.
#329 Operation Fingerprint: a look into several angler exploit kit malvertising campaigns (PDF)
Malicious advertising, also known as malvertising, has become the best method to distribute malware on a global scale with surgical precision. Simply put, malvertising is a means to expose innocent users visiting legitimate websites to malware. It uses a rogue advertisement (a banner ad) on the website to redirect the victim to a malicious payload, often delivered via an exploit kit.
#328 US bank hacker faces long jail term
A Turkish man alleged to have masterminded the theft of more than $55m (£39m) has pleaded guilty in a US court.
#327 OpenSSL operating with renewed vision two years after Heartbleed
Experts have stressed this week that DROWN is no Heartbleed, but at some point in the not too distant future, there’s going to be another major Internet vulnerability and developers at OpenSSL claim they’re battle tested.
#326 Gentle reminder at RSA: hacking back is a bad idea
Putting aside the illegality of hacking back for a second, there are many tentacles to such an action that not only put a company’s legal position and reputation at risk, but also threatens innocent third parties caught in the crossfire.
#325 Windows built-in PDF reader exposes edge browser to hacking
WinRT PDF, the default PDF reader for Windows 10, opens Edge users to a new series of attacks that are incredibly similar to how Flash, Java, and Acrobat exposed Web users for the past few years.
#324 UK: 'Trolls' face criminal prosecution for fake online profiles
Internet "trolls" could face criminal charges for creating fake profiles, according to guidance being considered for prosecutors in England and Wales.
#323 Darktrace's 'digital antibodies' fight unknown cybersecurity threats with machine learning
Cybersecurity firm Darktrace has launched new cyberdefence tool which it claims uses machine learning to automatically fight back against cybercrime threats, even if the malicious intrusion is previously unknown.
#322 Pentagon invites hackers in and backs encryption
The Pentagon has invited external experts to hack into its systems in the first such test of its cybersecurity measures
#321 iOS 9.3 lets IT admins set an iPhone's homescreen layout, blacklist apps
Apple's forthcoming mobile OS update will give admins new tools to make sure company-issued iPhones are focused on work and not play.
#320 Threat actors behind “Shrouded Crossbow” create BIFROSE for UNIX
BIFROSE has been updated by Shrouded Crossbow specifically for the campaigns they pursue. Some of their victims have already been compromised by both Windows and UNIX versions of BIFROSE. Historically, Shrouded Crossbow has used BIFROSE to target privatized government agencies, government offices, and government contractors, as well as companies in the consumer electronics, computer, healthcare, and financial industries.
#319 Internet of Things: Finding a way out of the security nightmare
The baby monitors transmitting a live feed onto the internet for all to see -- and the smart teddy bear that could be hijacked. The car that allows hackers to take control of systems remotely. The power grid knocked offline by attackers accessing industrial control systems.

The rise of the Internet of Things (IoT) will bring with it huge benefits to businesses and consumers, but right now it is also creating a security nightmare.
#318 The DROWN vulnerability test page
DROWN allows attackers to break the encryption and read or steal sensitive communications, including passwords, credit card numbers, trade secrets, or financial data. Our measurements indicate 33% of all HTTPS servers are vulnerable to the attack.
#317 More than 11 million HTTPS websites imperiled by new decryption attack
More than 11 million websites and e-mail services protected by the transport layer security protocol are vulnerable to a newly discovered, low-cost attack that decrypts sensitive communications in a matter of hours and in some cases almost immediately, an international team of researchers warned Tuesday. More than 81,000 of the top 1 million most popular Web properties are among the vulnerable HTTPS-protected sites.
#316 Spam offering fake Visa benefits, rewards leads to TeslaCrypt Trojan.Cryptolocker.N ransomware
Spam campaign baits users with Visa Total Rewards emails containing malware that leads to Trojan.Cryptolocker.N infections.
#315 Windows Defender Advanced Threat Protection uses cloud to figure out you’ve been pwned
Microsoft is beefing up Windows Defender, the anti-malware program that ships with Windows 10, to give it the power to tell companies that they've been hacked after it has happened.
#314 CTB-Locker ransomware hits over 100 websites
A new malicious program that encrypts files on Web servers has affected at least 100 websites over the past few weeks, signaling a new trend in ransomware development.
Password entry
Sample password protection policy

The password protection policy of a large financial services institution with more than 5,000 employees.
Read Now

The program, which is written in PHP, is called CTB-Locker, a name also used by one of the most widespread ransomware programs for Windows computers. It's not
#313 Q4 2015 State of the Internet – Security Report
In this report, you will learn detailed statistics about cloud security and DDoS and web application attack trends observed across the Akamai networks for Q4 2015.
#312 Card “verification” now offered “as a service” by brazilian cybercriminals
This is the first time that this capability has been offered “as a service” in Brazil, with access sold for a monthly R$100 fee (approximately US$25). The person behind this service is believed to be a teenager from São
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12