Security Alerts & News
by Tymoteusz A. Góral

#2093 Aggressive ad-displaying Google Play app tricks users into leaving high ratings
ESET researchers have observed an increased number of apps on Google Play using social engineering techniques to boost their ratings, ranging from legitimate apps, through adware to malware.

Among these falsely high-ranking apps, an aggressive ad-displaying trojan was spotted, installed by up to 5,000 users as a tool to download content from YouTube. The app, detected by ESET as Android/Hiddad.BZ, uses a number of deceptive methods to trick users into installing its intrusive ad-displaying component and, at the same time, secure a good rating in the store.

To achieve the latter, the app innovates the good old-fashioned method of begging for high ratings through nag screens – it displays aggressive ads and makes a false promise of removing them in exchange for a five star rating.
#2092 Facebook Lite infected with spy FakePlay
A version of the popular mobile app Facebook has been found to be infected with what we detect as Android/Trojan.Spy.FakePlay. Facebook Lite is a more compact version of the popular app that uses less data and claims to work in all network conditions (i.e. where network conditions are poor).
#2091 Cisco and Apache issue warnings over 0day flaw being targeted in the wild
Cisco's Talos says they've observed active attacks against a Zero-Day vulnerability in Apache's Struts, a popular Java application framework. Cisco started investigating the vulnerability shortly after it was disclosed, and found a number of active attacks.

In an advisory issued on Monday, Apache says the problem with Struts exists within the Jakarta Multipart parser.

"It is possible to perform a RCE attack with a malicious Content-Type value. If the Content-Type value isn't valid an exception is thrown which is then used to display an error message to a user," the warning explained.
#2090 Emsisoft releases a decryptor for the CryptON ransomware
Yesterday, Emsisoft's CTO and malware researcher Fabian Wosar released a decryptor for the CryptON Ransomware. This ransomware has been around since the end of February and has had a few variants released. It was named CryptON based on a string found within the executable.
#2089 Another challenge for IoT: Open backdoors
Problems with hardcoded credentials are hitting consumer IoT devices, industrial SCADA devices, and even critical infrastructure. Despite the appeal on source code and firmware audition, this type of vulnerability recurs and threatens users’ privacy and data security.

Security researcher Elliot Williams posted on Hackaday that most GSM-to-IP devices made by DBLTek have a remotely accessible hardcoded credential which leads to a shell with root privileges. The finding was reported to the manufacturer, who didn’t really fix the underlying vulnerability. Instead, they implemented a workaround: they added an extra challenge-response process, whose algorithm can be obtained by reverse-engineering. Trustwave’s blog post summarizes the entire chain of events. A tool exploiting this vulnerability is also available on Github.
#2088 Apple has already fixed most of the iOS exploits the CIA used
WikiLeaks is back at it again, this time with more than 8,700 leaked documents apparently from inside the CIA’s Center for Cyber Intelligence. According to those documents, the CIA had knowledge of zero-day exploits it could use to hack iPhones. But Apple said many of those bugs have already been patched with the latest version of iOS.
#2087 Leaked docs suggest NSA and CIA behind Equation cyberespionage group
Purported CIA documents leaked Tuesday appear to confirm that the U.S. National Security Agency and one of CIA's own divisions were responsible for the malware tools and operations attributed to a group that security researchers have dubbed the Equation.

The Equation's cyberespionage activities were documented in February 2015 by researchers from antivirus vendor Kaspersky Lab. It is widely considered to be the most advanced cyberespionage group in the world based on the sophistication of its tools and the length of its operations, some possibly dating as far back as 1996.

From the start, the tools and techniques used by the Equation bore a striking similarity to those described in secret documents leaked in 2013 by former NSA contractor Edward Snowden. This relationship was further strengthened by the similarity between various code names found in the Equation malware and those in the NSA files.
#2086 Vault 7: WikiLeaks docs hint CIA could bypass 21 security products
One of the hidden gems included in the Vault 7 data, dumped yesterday by WikiLeaks, is a document detailing bypass techniques for 21 security software products.

The document is part of a data dump of nearly 9,000 other files, all documentation files and manuals for various hacking tools, which WikiLeaks claims belong to the CIA.

One particular document, labeled "Personal Security Products (PSPs)" lists 21 security products, each linking to a separate document, containing descriptions of various exploits and techniques that could be used to bypass the named security tools.

The list covers almost all major antivirus vendors, including Comodo, Avast, Kaspersky, AVG, ESET, Symantec, and others.

For most security products included in this list, the bypass/exploit technique has been redacted. Yesterday, when it announced the Vault 7 leak, WikiLeaks said it made 70,875 redactions in total, mainly to remove any harmful code and personal details, such as names and IP addresses.
#2085 China mulls national cryptocurrency in race to digital money
Eight years ago, bitcoin was an experimental technology of interest only to a handful of enthusiasts. Today, China – which contains one in every five internet users – is mulling the idea of a national cryptocurrency.

The People’s Bank of China (PBOC) has been trialling a national digital currency based on the same underlying technology as Bitcoin. Here’s a description of how the blockchain works, but in summary – it’s decentralized, transparent and secure.

Governments worldwide have had a problematic relationship with Bitcoin. The US has held federal hearings on it, while at a state level New York has heavily regulated the cryptocurrency with its Bitlicense. Ecuador, Bolivia and Russia have all moved to ban Bitcoin outright, while other countries have taken their time working out what to do with the cryptocurrency.
#2084 After CIA leaks, tech giants scramble to patch security flaws
Several tech giants have said they are examining a trove of documents leaked earlier this week that purport to show the CIA's ability to hack into phones, computers, and smart TVs.

The documents, released by WikiLeaks, did not contain exploit code that could be used by hackers to carry out attacks, but the documents do provide details of vulnerabilities that may help security researchers identify some flaws in tech products, including Android devices and iPhones.

Apple, Google, Microsoft, and Samsung were all named in the thousands of released documents, which are believed to have come from the CIA's Center for Cyber Intelligence.
#2083 Product Security Advisory – PSA0002 – dnaLIMS
Shorebreak Security penetration testers discovered seven serious vulnerabilities in the dnaLIMS web application during the course of a blackbox penetration test for a customer. This was by no means a comprehensive review of the web application, and it should be assumed that many other vulnerabilities exist in the application.

Shorebreak notified the vendor, who appears to have no interest in fixing his flawed software that is in use on the Internet at several other organizations.

Our recommendation is to isolate this web application as much as possible to reduce the exposure – most definitely remove it from the Internet.
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12