Security Alerts & News
by Tymoteusz A. Góral

History
#2082 Payments giant Verifone investigating breach
Credit and debit card payments giant Verifone [NYSE: PAY] is investigating a breach of its internal computer networks that appears to have impacted a number of companies running its point-of-sale solutions, according to sources. Verifone says the extent of the breach was limited to its corporate network and that its payment services network was not impacted.

San Jose, Calif.-based Verifone is the largest maker of credit card terminals used in the United States. It sells point-of-sale terminals and services to support the swiping and processing of credit and debit card payments at a variety of businesses, including retailers, taxis, and fuel stations.

On Jan. 23, 2017, Verifone sent an “urgent” email to all company staff and contractors, warning they had 24 hours to change all company passwords.
#2081 Multiple unpatched vulnerabilities discovered in Western Digital NAS hard drives
Multiple Western Digital MyCloud Networked Attached Storage (NAS) devices are affected by several security flaws, varying in severity, that allow attackers to bypass authentication, execute code on the device, and upload or download user data.

Discovered by a security researcher who goes by the name of Zenofex, these security flaws have not been reported to Western Digital, are still unpatched, and with public exploit code is available for more than half of the vulnerabilities.
#2080 Android gets patches for critical OpenSSL, media server and kernel driver flaws
A five-month-old flaw in Android's SSL cryptographic libraries is among the 35 critical vulnerabilities Google fixed in its March security patches for the mobile OS.

The first set of patches, known as patch level 2017-03-01, is common to all patched phones and contains fixes for 36 vulnerabilities, 11 of which are rated critical and 15 high. Android vulnerabilities rated critical are those that can be exploited to execute malicious code in the context of a privileged process or the kernel, potentially leading to a full device compromise.
#2079 WordPress webmasters urged to upgrade to version 4.73 to patch six security holes
Another day, another important security update for WordPress. Oh boy.

If you administer your own self-hosted WordPress website then you must update the software as soon as possible, following the disclosure of six security holes that could be exploited by malicious attackers.

Version 4.7.3 of the immensely popular web-publishing software has been released, alongside a warning that if left unpatched websites could be vulnerable to various threats, including cross-site scripting and request forgery attacks:

* Cross-site scripting (XSS) via media file metadata.
* Control characters can trick redirect URL validation.
* Unintended files can be deleted by administrators using the plugin deletion functionality.
* Cross-site scripting (XSS) via video URL in YouTube embeds.
* Cross-site scripting (XSS) via taxonomy term names.
* Cross-site request forgery (CSRF) in Press This leading to excessive use of server resources.
#2078 Satan ransomware: old name, new business model
Last month, we received a few queries asking about a strain of ransomware going by the name of Satan.

Those queries were along the lines of, “What do you detect it as?”

The simple answer is Troj/Ransom-ECZ, which is what we replied back then, but there’s a backstory to the Satan malware family that we thought was worth covering, too.

Cybercriminals have long used themes like the devil, the occult and what you might rather loosely call “the dark arts” as inspiration for malware names: Dark Avenger, Necropolis, Mydoom, Natas (which is Satan backwards) and SatanBug are just a few examples

But there’s one aspect of the Satan ransomware that isn’t old-school, and that’s what we’re looking at in this article: its business model.
#2077 Don’t let WikiLeaks scare you off of Signal and other encrypted chat apps
Of all the revelations to come out of the 9,000-page data dump of CIA hacking tools, one of the most explosive is the possibility that the spy agency can compromise Signal, WhatsApp, and other encrypted chat apps. If you use those apps, let’s be perfectly clear: Nothing in the WikiLeaks docs says the CIA can do that.

A close reading of the descriptions of mobile hacking outlined in the documents released by WikiLeaks shows that the CIA has not yet cracked those invaluable encryption tools.
#2076 WikiLeaks claims CIA could turn Samsung Smart TVs into listening devices
The CIA has developed a hacking tool named Weeping Angel that can turn Samsung smart TVs into covert listening devices.

This information came to the public's attention after WikiLeaks dumped today a treasure trove of documents, codenamed Vault 7, which the organization claims were taken from a "high-security network situated inside the CIA's Center for Cyber Intelligence."

The first part of the leak included only documentation files for hacking tools, exploits, zero-days, and malware, but no actual hacking tools. In total, WikiLeaks leaked 8,761 files, among which one stood out among the most.
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12