Security Alerts & News
by Tymoteusz A. Góral

History
#2108 Google’s Allo app can reveal to your friends what you’ve searched
Google’s mobile messaging app Allo can reveal your Google search history to people you message, which could have big privacy implications. The behavior appears to be a glitch.

I noticed the problem in a recent conversation with a friend, in which I was testing the app. Allo includes Google Assistant, the company’s latest version of its virtual assistant software.

Google recently announced plans to make Assistant available on Android phones. The feature has been available on Google’s own Pixel phone and Google Home, its competitor to Amazon’s wildly successful Echo.

A unique feature of Allo is that you can use Assistant while in the middle of a conversation with a friend. You could, for example, ask Assistant to search for restaurants in a certain area, while you’re talking to a friend about where to eat.
#2107 Video calls for Signal out of beta
We recently released encrypted video calling as an opt-in beta. We've spent the past month collecting feedback and addressing the issues that the Signal community found in order to get it production ready. Today's Signal release for Android and iOS enables support for end-to-end encrypted video calls by default, which also greatly enhances the quality of Signal voice calls as well.

We think it's a big improvement, and hope you will to.
#2106 CryptoBlock ransomware and its C2
CryptoBlock is an interesting ransomware to keep an eye on. We expect this to be a ransomware that is in development to eventually develop into a RaaS (Ransomware as a Service).

Since the ransomware seems to be in development, we decided there might be some weak points and investigate if we could find one. Even though it is in development to be a RaaS, as it seems users have already been infected by this variant somehow.

After getting the name CryptoBlock, we decided to check at VirusTotal and see how many droppers for it we could find there, as well as to get some information on the ransomware. Finding a single dropper on VirusTotal, we noticed it was contacting the domain fliecrypter.in to send a key to and also to get a BTC wallet.
#2105 Security updates available for Adobe Flash Player
Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.
#2104 Microsoft security bulletin summary for March 2017
This bulletin summary lists security bulletins released for March 2017.

For information about how to receive automatic notifications whenever Microsoft security bulletins are issued, visit Microsoft Technical Security Notifications.

Microsoft also provides information to help customers prioritize monthly security updates with any non-security updates that are being released on the same day as the monthly security updates. Please see the section, Other Information.
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12