Security Alerts & News
by Tymoteusz A. Góral

History
#2161 Ransomware scammers exploited Safari bug to extort porn-viewing iOS users
Ransomware scammers have been exploiting a flaw in Apple's Mobile Safari browser in a campaign to extort fees from uninformed users. The scammers particularly target those who viewed porn or other controversial content. Apple patched the vulnerability on Monday with the release of iOS version 10.3.

The flaw involved the way that Safari displayed JavaScript pop-up windows. In a blog post published Monday afternoon, researchers from mobile-security provider Lookout described how exploit code surreptitiously planted on multiple websites caused an endless loop of windows to be displayed in a way that prevented the browser from being used. The attacker websites posed as law-enforcement actions and falsely claimed that the only way users could regain use of their browser was to pay a fine in the form of an iTunes gift card code to be delivered by text message. In fact, recovering from the pop-up loop was as easy as going into the device settings and clearing the browser cache. This simple fix was possibly lost on some uninformed targets who were too uncomfortable to ask for outside help.
#2160 Apple pushes security update to OSX Yosemite and ElCapitan
Have you been thinking that you'd never see another update for your Mac that's stuck running OS X Yosemite and El Capitan? Well, Apple has a surprise for you.

The surprise comes in the form of Security Update 2017-001. What does it do? There's no information on the fixes it contains beyond a somewhat cryptic "Security Update 2017-001 is recommended for all users and improves the security of OS X."
#2159 Researcher says API flaw exposed Symantec certificates, including private keys
Flaws in the API used by Symantec partners would have allowed an attacker to retrieve certificates, including private keys, security researcher Chris Byrne said in a Facebook post published over the weekend.

The researcher said he discovered this issue two years ago, in 2015, and agreed to a process called "limited non-disclosure," as Symantec said it would take at least two years to fix the issues, during which they asked Byrne to not disclose any details to the public.

"I agreed to limited non-disclosure of the issue, unless I felt it was critically necessary, or it would be unethical or irresponsible for me not to disclose," said Byrne, "for example, if there were a threat to national security, or I discovered a compromise of a client, or any actual criminal compromise arising from it, etc.."
#2158 Alleged vDOS owners poised to stand trial
Police in Israel are recommending that the state attorney’s office indict and prosecute two 18-year-olds suspected of operating vDOS, until recently the most popular attack service for knocking Web sites offline.

On Sept. 8, 2016, KrebsOnSecurity published a story about the hacking of vDOS, a service that attracted tens of thousands of paying customers and facilitated countless distributed denial-of-service (DDoS) attacks over the four year period it was in business. That story named two young Israelis — Yarden Bidani and Itay Huri — as the likely owners and operators of vDOS, and within hours of its publication the two were arrested by Israeli police, placed on house arrest for 10 days, and forbidden from using the Internet for a month.
#2157 Nokia to smartphone owners: Malware infections are far higher than you think
Nokia no longer makes mobile devices but it's carving out a new business in mobile and Internet of Things security. Now new research from the unit is reporting a 83 percent rise in monthly smartphone infections in the second half of 2016.

Two years ago Verizon challenged assumptions about the spread of mobile malware, reporting that just 0.03 percent of smartphones on its network were infected with 'higher-grade' malware. It was much lower than the 0.68 percent infection rate estimated in Kindsight Security Labs' biannual report.

But a new report from Nokia, based on data from mobile networks that have deployed its NetGuard Endpoint Security, suggests infections are actually far higher.
#2156 Doxed by Microsoft’s Docs.com: Users unwittingly shared sensitive docs publicly
On March 25, security researcher Kevin Beaumont discovered something very unfortunate on Docs.com, Microsoft's free document-sharing site tied to the company's Office 365 service: its homepage had a search bar. That in itself would not have been a problem if Office 2016 and Office 365 users were aware that the documents they were posting were being shared publicly.

Unfortunately, hundreds of them weren't. As described in a Microsoft support document, "with Docs.com, you can create an online portfolio of your expertise, discover, download, or bookmark works from other authors, and build your brand with built-in SEO, analytics, and email and social sharing." But many users used Docs.com to either share documents within their organizations or to pass them to people outside their organizations—unaware that the data was being indexed by search engines.
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12