Security Alerts & News
by Tymoteusz A. Góral

History
#1861 Hit by Globe3 ransomware? This free tool could help you decrypt your files
Victims of the latest strain of Globe ransomware can now unlock their files without paying out money to cybercriminal extortionists, thanks to a newly released and free-to-use decryption tool.

As its name suggests, Globe3 is the third incarnation of Globe ransomware, which first appeared in summer 2016.

Globe and Globe2 have successfully infected numerous targets with high profile victims including a group of UK hospitals which were forced offline by a Globe2 ransomware infection and had to cancel 2,800 patient appointments as a result.
#1860 KillDisk now targeting Linux: Demands $250K ransom, but can’t decrypt
ESET researchers have discovered a Linux variant of the KillDisk malware that was used in Ukraine in attacks against the country’s critical infrastructure in late 2015 and against a number of targets within its financial sector in December 2016. This new variant renders Linux machines unbootable, after encrypting files and requesting a large ransom. But even if victims do reach deep into their pockets, the probability that the attackers will decrypt the files is small.
#1859 Tech support scam page triggers DoS attack on Macs
Tech support scammers have been using various themes to push fake alerts to scare users into calling for assistance. These fall into the ‘browlock’ category if they are via the browser and into the screen lockers category if they are actual malware that runs on the system.

Recently, there has been a trend for scammers to cause denial-of-service attacks against people’s computers. We documented it in early November with a specific HTML5 API (history.pushState) which caused the browser to freeze. Today we take a quick look at yet another technique that targets Mac OS users running Safari.

A newly registered scam website targeting Mac users was making the rounds late last year. Simply visiting the malicious site on an older version of MacOS would start creating a series of email drafts, which eventually cause the machine to run out of memory and freeze.
#1858 Google patches severe Android boot mode vulnerability
Google has resolved a dangerous Android vulnerability which allowed attackers to reboot Nexus devices into custom boot modes, leading to spying and remote attacks.

Patched as part of Google's January Android security bulletin, the flaw, CVE-2016-8467, grants cyberattackers the ability to use PC malware or malicious chargers to reboot a Nexus 6 or 6P device and implement a special boot configuration, or boot mode, which instructs Android to turn on various extra USB interfaces.

According to IBM X-Force Application Security Research Team researchers Roee Hay and Michael Goberman, who revealed further details of the vulnerability in a blog post, the flaw gives attackers access to interfaces which offer additional control over a compromised device.
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12