Security Alerts & News
by Tymoteusz A. Góral

History
#1853 Android was 2016's most vulnerable product and Oracle with the most security bugs
With 2016 officially over, we can crown Android as 2016's product with most vulnerabilities, and Oracle as the vendor with the most security bugs.

This statistic is based on the number of vulnerabilities reported by security researchers in the past year, bugs which have received a CVE identifier.

According to CVE Details, a website that aggregates historical data on security bugs that have received a CVE identifier, during 2016, security researchers have discovered and reported 523 security bugs in Google's Android OS, winner by far of this "award."

Second place in this ranking went to Debian Linux with 319 vulnerabilities, while third place went to Ubuntu Linux with 278 CVEs.

The rest of the top 10 is made up by Adobe Flash Player (266 bugs), openSUSE Leap (259 bugs), openSUSE (228 bugs), Adobe Acrobat DC (227 bugs), Adobe Acrobat Reader DC (227 bugs), Adobe Acrobat (224 bugs), and the Linux Kernel (216 bugs).
#1852 California law makes ransomware use illegal
It was nice to see the calendar turn over to 2017, for a lot of reasons, not the least of which is that on Jan. 1 a new law went into effect in California that outlaws the use of ransomware.

The idea of needing a new law to make a form of hacking illegal may seem counterintuitive, but ransomware is a case of criminals outflanking the existing laws. Ransomware emerged in a big way a few years ago and the law enforcement community was not prepared for the explosion of infections. While there have been takedowns of ransomware gangs, they often involve charges of money laundering or other crimes, not the installation of the ransomware itself.

In September, California Gov. Jerry Brown signed into law a bill that made the use of ransomware a crime, essentially a form of extortion. The law went into effect on Jan. 1.
#1851 Google patches 29 critical Android vulnerabilities including holes in Mediaserver, Qualcomm
Google has patched ten critical vulnerabilities tied to problem-plagued Android components like Mediaserver, NVIDIA’s GPU driver, and Qualcomm’s driver. The most serious bug, according to Google’s January Android Security Bulletin, is the Mediaserver vulnerability.

“The most severe of these issues is a critical security vulnerability (CVE-2017-0381) that could enable remote code execution on an affected device through multiple methods such as email, web browsing, and MMS when processing media files,” according to the bulletin.
#1850 This ransomware targets HR departments with fake job applications
Cybercriminals are posing as job applicants as part of a new campaign to infect victims in corporate human resources departments with GoldenEye ransomware -- and they're even providing covering letters in an effort to lull targets into a false sense of security.

A variant of the Petya ransomware, GoldenEye targets human resources departments in an effort to exploit the fact that HR employees must often open emails and attachments from unknown sources.

Cybersecurity researchers at Check Point have been monitoring the campaign, which attempts to deliver ransomware to German targets using emails and attachments claiming to be from job applicants. The initial email contains a short message from the fake applicant, directing the victim to two attachments.
#1849 Exposed MongoDB installs being erased, held for ransom
Security researcher Victor Gevers, co-founder of the GDI Foundation, a non-profit dedicated to making the internet safer, is urging administrators to check their MongoDB installations, after finding nearly two hundred of them wiped and being held for ransom.

Currently, as of Monday morning, Gevers says he’s discovered 196 instances of a MongoDB installation exposed to the public that's been erased and held for ransom. UPDATE: The count has reached nearly 2,000 databases as of 4:00 p.m.

The person behind the attacks is demanding 0.2 BTC ($202.89 USD) as payment, and requiring system administrators email proof of ownership before the files are restored. Those without backups are left in a bind.
#1848 State of the web 2016 (PDF)
In the last State of the Web report published in 2015, we uncovered two key findings: 1 in 3 domains in the Alexa top 1M are risky, and 1 in 5 domains run vulnerable software. In this report, we again focus on the Alexa top 1 million sites, but also factor in the risks associated with the 25 million requests to background sites that a browser makes when visiting these primary 1M sites. These background sites feed active content to the browser for the purposes of content delivery, trackers, beacons and ad-delivery.
#1847 Koolova ransomware decrypts for free if you read two articles about ransomware
There have been a lot of strange twists and turns when it comes to ransomware this month. First, we had Popcorn Time that gave you the option of screwing over people by infecting them to possibly get a free decryption key. Now, we have a new in-development variant of the Koolova Ransomware that will decrypt your files for free if you educate yourself about ransomware by reading two articles.

Discovered by security researcher Michael Gillespie, this in-development ransomware is not ready for prime time. In fact, I had to mess with it a bit and setup a local http server to even get it to display the ransom screen.

In its functional state, Koolova will encrypt a victim's files and then display a screen similar to the Jigsaw Ransomware where the text is slowly shown on the screen. This text will tell the victim that they must read two articles before they can get a decryption key, It then tells you that if you are too lazy to read two articles before the countdown gets to zero, like Jigsaw, it will delete the encrypted files. This is not an idle threat as actually does delete the files.
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12