Security Alerts & News
by Tymoteusz A. Góral

History
#1953 Gmail no longer supporting Chrome Browser version 53 and below
Starting February 8, 2017, we will show a banner at the top of the Gmail interface for users who are still on Google Chrome Browser v53 and below to encourage upgrading to the latest version of Chrome, currently on version 55. Chrome Browser v55 contains several important security updates.

Gmail users that are still on Windows XP and Windows Vista are the most likely to be affected, because v49 was the last released version which supported those operating systems. As previously announced in April 2015 and November 2015, these systems are no longer maintained by Microsoft, and we strongly encourage you to migrate to more secure and supported systems.
#1952 Free ransomware decryption tools
"Our free ransomware decryption tools can help decrypt files encrypted by the following forms of ransomware. Just click a name to see the signs of infection and get our free fix."
#1951 Hacker dumps iOS cracking tools allegedly stolen from Cellebrite
The hacker says this demonstrates that when organizations make hacking tools, those techniques will eventually find their way to the public.

In January, Motherboard reported that a hacker had stolen 900GB of data from mobile phone forensics company Cellebrite. The data suggested that Cellebrite had sold its phone cracking technology to oppressive regimes such as Turkey, the United Arab Emirates, and Russia.

Now the hacker responsible has publicly released a cache of files allegedly stolen from Cellebrite relating to Android and BlackBerry devices, and older iPhones, some of which may have been copied from publicly available phone cracking tools.
#1950 DDoS attacks in Q4 2016
Without doubt, 2016 was the year of Distributed Denial of Service (DDoS) with major disruptions in terms of technology, attack scale and impact on our daily life. In fact, the year ended with massive DDoS attacks unseen before, leveraging Mirai botnet technology, whose first appearance was covered in our last DDoS Intelligence Report.

Since then, we have published several other detailed reports dedicated to major attacks on Dyn’s Domain Name System (DNS) infrastructure, on Deutsche Telekom, which knocked 900K Germans offline in November. Additionally, we tracked similar attacks on Internet service providers (ISPs) in Ireland, the United Kingdom and Liberia all leveraging IoT devices controlled by Mirai technology and partly targeting home routers in an attempt to create new botnets.
#1949 Windows DRM files used to decloak Tor browser users
Downloading and trying to open Windows DRM-protected files can deanonymize Tor Browser users and reveal their real IP addresses, security researchers from Hacker House have warned.

Attacks using DRM-protected multimedia files in Windows have been known since 2005, but until recently, they've only been used to spread malware.

Past attacks tried to lure users into opening and playing DRM-protected files. In default scenarios, these files would open in the Windows Media Player, and users would see a popup that asked them to visit a URL to validate the file's license.

Users who agreed were redirected to an "authorization URL." Unknown to users is that malware authors could modify these links and point users to exploit kits or malware-laced files.
#1948 Cisco Prime Home authentication bypass vulnerability
A vulnerability in the web-based GUI of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication and execute actions with administrator privileges.

The vulnerability is due to a processing error in the role-based access control (RBAC) of URLs. An attacker could exploit this vulnerability by sending API commands via HTTP to a particular URL without prior authentication. An exploit could allow the attacker to perform any actions in Cisco Prime Home with administrator privileges.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
#1947 Ransomware completely shuts down Ohio town government
In another interesting example of what happens when you don’t manage your backups correctly, the Licking County government offices, including the police force, have been shut down by ransomware. Although details are sparse, it’s clear that someone in the office caught a bug in a phishing scam or by downloading it and now their servers are locked up.

Wrote Kent Mallett of the Newark Advocate:

"The virus, accompanied by a financial demand, is labeled ransomware, which has hit several local governments in Ohio and was the subject of a warning from the state auditor last summer.

All county offices remain open, but online access and landline telephones are not available for those on the county system. The shutdown is expected to continue at least the rest of the week."
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12