Security Alerts & News
by Tymoteusz A. Góral

History
#1945 HTTPS adoption has reached the tipping point
Troy Hunt: That's it - I'm calling it - HTTPS adoption has now reached the moment of critical mass where it's gathering enough momentum that it will very shortly become "the norm" rather than the exception it so frequently was in the past. In just the last few months, there's been some really significant things happen that have caused me to make this call, here's why I think we're now at that tipping point.
#1944 Google Chrome engineer says Windows Defender “the only well behaved AV”
Some engineers from Google are actually saying some nice things about Microsoft for a change. The comments are contained in and around a thread started by “Anti-virus, malware and infosec expert” @VessOnSecurity, regarding an ex-Mozilla employee’s rant a few days ago imploring people to “Disable Your Antivirus Software (Except Microsoft’s).”

Apparently the disdain for 3rd party AV solutions runs deep amongst browser developers, as in response to the threads a Google engineer, Justin Schuh, had this to say:

"Browser makers don't complain about Microsoft Defender because we have tons of empirical data showing that it's the only well behaved AV."
#1943 Misconfigured firewall blamed for hospital ransomware infection
A ransomware attack which took a hospital offline for four days and resulted in the cancellation of 2,800 patient appointments has been blamed on a misconfigured firewall.

The Northern Lincolnshire and Goole NHS Foundation Trust declared a "major incident" after a "computer virus" infected its systems on Sunday, 30 October, and full service didn't resume until Wednesday, 2 November.

Clinical systems across the Trust's three hospitals were shut down as staff attempted to contain the incident, which was later revealed to have been caused by a Globe2 ransomware infection. Northern Lincolnshire said it didn't pay cybercriminals a ransom in order to restore its systems.
#1942 How to succeed in online investigations and digital forensics
Maltego, the tool best known for deep data mining and link analysis, has helped law enforcement and intelligence agencies, banking organizations, financial institutions and others in security-related work since it was released in 2008.

To benefit from using Maltego, come to SAS 2017 for intensive Digital Intelligence Gathering training from the experts who created the tool from scratch: there won’t be any questions that they can’t answer. The course runs for two days, from April 1st and 2nd 2017 on St. Maarten. Book a seat now — the class is limited to 15 people maximum!
#1941 Apple takes down iCloud activation lock page after disclosure of security flaw
Following the public disclosure of a security flaw in the iCloud Activation Lock web page that allowed phone thieves to reactivate devices to other Apple user accounts, the company has decided to shut down the page for the time being.

For years, the iCloud Activation Lock web page has allowed users looking to buy a new Apple device to check and see if the device has been locked by its previous owner, a clear sign that the device has been stolen.

Users only had to enter the device's IMEI code or serial number and get a result within seconds.
#1940 Microsoft: Windows 10 will stop a ransomware epidemic when antivirus fails
When your antivirus fails to block ransomware, Windows 10 still can stop it becoming a major outbreak on the corporate network, according to Microsoft.

It argues that ransomware is one more reason organizations need to move to Windows 10 enterprise, whose built-in Windows Defender Advanced Threat Protection (ATP) can nip ransomware breaches in the bud before they become a nightmare, even if desktop antimalware happens to miss a single instance.

The company has presented new research into the Cerber family of file-encryptors, which dominated ransomware encounters on enterprise end-points between December 16 and January 15, and how Windows Defender ATP countered the threat.
#1939 Securing your home routers - understanding attacks and defense strategies (PDF)
When Mirai first came into the picture last year, it dispelled the notion that the attack scenarios on Internet of Things (IoT) devices were merely a proof of concept (PoC). After all, Mirai’s widespread attacks on organizations and users revealed how vulnerable IoT devices, like home routers and IP cameras, can be abused for cybercriminal activities. On top of that, those attacks showed how users unknowingly became accomplices to these crimes. Since then, new strains of Mirai variants continued to make waves. Some of the unique features for each strain include domain generation algorithm (DGA) capabilities, which would make this IoT botnet almost impenetrable for takedowns by law enforcement. A security flaw in Simple Object Access Protocol (SOAP) was also exploited, possibly affecting at least 5 million home routers (as of November 30, 2016) with Mirai.
#1938 Witcher 3 dev forums hacked, 1.8 million accounts stolen
Usernames, passwords and email addresses stolen from the CD Projekt RED forum

Polish game development studio CD Projekt RED has had more than 1.8 million user credentials stolen from its online forum, according to data breach notification website 'Have I Been Pwned?'.

The studio, which is famous for developing the highly successful Witcher franchise, was breached in March 2016 when hackers targeted its online forum, leading to a leak of usernames, passwords and email addresses.

Those signed up to notifications through Have I Been Pwned? were alerted to the breach by email this morning, with users recommended to change their passwords "immediately".
#1937 Security flaws in Pentagon systems "easily" exploited by hackers
Several misconfigured servers run by the US Dept. of Defense could allow hackers easy access to internal government systems, a security researcher has warned.

The vulnerable systems could allow hackers or foreign actors to launch cyberattacks through the department's systems to make it look as though it originated from US networks.

Dan Tentler, founder of cybersecurity firm Phobos Group, who discovered the vulnerable hosts, warned that they are so easy to find that he believes he was likely not the first person to find them.
#1936 Cisco updates Tetration analytics platform, aims to automate security policies
Cisco is rolling out a new version of its Tetration Analytics platform to better automate security policies and move companies to so-called blacklist approaches to ones that are white list.

A blacklist approach means an enterprise allows entry into networks by default. A white list approach refers to blocking all network traffic unless approved via a security policy. Most companies are somewhere in the middle as they try and balance agility and security.

Yogesh Kaushik, senior director of product management for Tetration, said the industry is moving more toward a white list approach. "There's a shift happening in the industry toward a better security posture," said Kaushik. The catch is these security policies need to be automated.
#1935 GitLab.com melts down after wrong directory deleted, backups fail
Source-code hub Gitlab.com is in meltdown after experiencing data loss as a result of what it has suddenly discovered are ineffectual backups.

On Tuesday evening, Pacific Time, the startup issued the sobering series of tweets listed below. Behind the scenes, a tired sysadmin, working late at night in the Netherlands, had accidentally deleted a directory on the wrong server during a frustrating database replication process: he wiped a folder containing 300GB of live production data that was due to be replicated.

Just 4.5GB remained by the time he canceled the rm -rf command. The last potentially viable backup was taken six hours beforehand.
#1934 EyePyramid and a lesson on the perils of attribution
In the past weeks, information-stealing malware EyePyramid made headlines after it was used to steal 87GB of sensitive data from government offices, private companies and public organizations. More than 100 email domains and 18,000 email accounts were targeted, including those of high-profile victims in Italy, the U.S., Japan and Europe.

The natural assumption for many would be that EyePyramid was a state-sponsored cyberespionage campaign. It wasn’t. It was ultimately attributed to a brother-sister team who used the malware for profit.
#1933 Ransomware disrupts Washington DC's CCTV system
About 70 percent of the cameras hooked up to the police's closed-circuit TV (CCTV) system in Washington, D.C., were reportedly unable to record footage for several days before President Trump's inauguration due to a ransomware attack.

The attack affected 123 of the 187 network video recorders that form the city's CCTV system, the Washington Post reported Saturday. Each of these devices is used to store video footage captured by up to four cameras installed in public spaces.
#1932 Many Android VPN apps breaking privacy promises
An alarming number of Android VPNs are providing a decidedly false sense of security to users, especially those living in areas where communication is censored or technology is crucial to the privacy and physical security.

A study published recently identified a number of shortcomings common to high percentages of 238 mobile VPN apps analyzed by a handful of researchers. Users downloading and installing these apps expecting secure communication and connections to private networks are instead using apps that lack encryption, are infected with malware, intercept TLS traffic, track user activity, and manipulate HTTP traffic.
#1931 Netgear exploit found in 31 models lets hackers turn your router into a botnet
You might want to upgrade the firmware of your router if it happens to sport the Netgear brand. Researchers have discovered a severe security hole that potentially puts hundreds of thousands of Netgear devices at risk.

Disclosed by cybersecurity firm Trustwave, the vulnerability essentially allows attackers to exploit the router’s password recovery system to bypass authentication and hijack admin credentials, giving them full access to the device and its settings.
#1930 Nicolas Brulez on malware reverse engineering tips and tricks (audio)
Kaspersky Lab Principal Security Researcher Nico Brulez talks with Ryan Naraine about his upcoming SAS 2017 training on the ins and outs of malware reverse engineering and how attendees can benefit for a wide range of tips and tricks.
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12