Security Alerts & News
by Tymoteusz A. Góral

History
#2135 Inside the hunt for Russia’s most notorious hacker
On the morning of December 30, the day after Barack Obama imposed sanctions on Russia for interfering in the 2016 US election, Tillmann Werner was sitting down to breakfast in Bonn, Germany. He spread some jam on a slice of rye bread, poured himself a cup of coffee, and settled in to check Twitter at his dining room table.

The news about the sanctions had broken overnight, so Werner, a researcher with the cybersecurity firm CrowdStrike, was still catching up on details. Following a link to an official statement, Werner saw that the White House had targeted a short parade’s worth of Russian names and institutions—two intelligence agencies, four senior intelligence officials, 35 diplomats, three tech companies, two hackers. Most of the details were a blur. Then Werner stopped scrolling. His eyes locked on one name buried among the targets: Evgeniy Mikhailovich Bogachev.
#2134 Google, sister company Jigsaw offer cybersecurity to election groups
Weeks ahead of the national elections in France, Google and its sister company Jigsaw are helping news sites, NGOs, and other entities involved in the elections process protect themselves against digital threats.

The two companies have packaged a suite of "Protect Your Election" tools, which includes two-step verification and the Password Alert Chrome extension. It also includes access to Project Shield, a layer of defense against DDOS attacks.

"Free and fair elections depend on people having access to the information they need, and around the world the sources of that information are increasingly under attack," said Anne-Gabrielle Dauba-Pantanacce of Google France and Jigsaw's Jamie Albers in a blog post.
#2133 Full LastPass 4.1.42 exploit discovered
Tavis Ormandy, a prolific member of Google's Project Zero initiative, revealed that he discovered a new security issue in LastPass 4.1.42 (and maybe earlier).

Ormandy revealed that he discovered an exploit, but did not reveal it. Project Zero discoveries are reported to the companies who produce the affected products. The companies have 90 days to react, usually by creating a new product version that they make available publicly to all customers.
#2132 Flaws in Moodle CMS put thousands of e-learning websites at risk
Organizations that use the popular Moodle learning management system should deploy the latest patches as soon as possible because they fix vulnerabilities that could allow attackers to take over web servers.

Moodle is an open source platform used by schools, universities, and other organizations to set up websites with interactive online courses. It's used by more than 78,000 e-learning websites from 234 countries that together have more than 100 million users.
#2131 Google Nest: Unpatched bug lets intruders use Bluetooth to stop cameras recording
A researcher has flagged a bug in Google's Nest Cam and Dropcam Pro security cameras that allows an attacker within Bluetooth range to stop either device from recording.

Bluetooth range, of course, is exactly where a burglar would be when planning to ransack a home, and with attack code now publicly available, an intruder could knock Google's security cameras off a wireless network for 90 seconds.

That mightn't sound so severe, but since the camera is designed to only store recorded footage in the cloud, the loss of connectivity means the device loses its surveillance capabilities for this period.
#2130 New attack uses Microsoft's Application Verifier to hijack antivirus software
A new technique named DoubleAgent, discovered by security researchers from Cybellum, allows an attacker to hijack security products and make them take malicious actions.

The DoubleAgent attack was uncovered after Cybellum researchers found a way to exploit Microsoft's Application Verifier mechanism to load malicious code inside other applications.
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12