Security Alerts & News
by Tymoteusz A. Góral

#2167 Microsoft quietly patched Windows 0day used in attacks by Zirconium group
Without making too much fuss about it, Microsoft patched a zero-day vulnerability used in live attacks by a cyber-espionage group named Zirconium.

The zero-day, tracked as CVE-2017-0005, affects the Windows Win32k component in the Windows GDI (Graphics Device Interface), included in all Windows OS versions.

According to Microsoft, a successful exploit would have resulted in a memory corruption and elevation of privileges (EoP) for the attacker's code, allowing him to escalate access to the machine and execute code with SYSTEM privileges.
#2166 PyCL ransomware delivered via RIG EK in distribution test
This past Saturday security researchers Kafeine, MalwareHunterteam, BroadAnalysis, and David Martínez discovered a new ransomware being distributed through EITest into the RIG exploit kit. As this ransomware was only distributed for one day and does not securely encrypt files, it makes me believe that this may have been a test distribution run.

While the colors and interface used by this ransomware have a striking resemblance to CTB-Locker/Critroni, it is written in a different language and there are no distinguishing strings in the ransom notes or executables. Since it's programmed in Python and the script is called, I will be referring to it as PyCL in this article.
#2165 One of the most dangerous forms of ransomware has just evolved to be harder to spot
One of the most common forms of ransomware is evolving a new technique in order to become even more effective and harder to detect - the ability to evade detection by cybersecurity tools which use machine learning to identify threats.

Rather than relying on specifically identified signatures of known threats, some cybersecurity defences employ machine learning in an effort to detect previously unknown malware and the methods used to deliver them to unsuspecting victims.
#2164 Potent LastPass exploit underscores the dark side of password managers
Developers of the widely used LastPass password manager are scrambling to fix a serious vulnerability that makes it possible for malicious websites to steal user passcodes and in some cases execute malicious code on computers running the program.

The flaw, which affects the latest version of the LastPass browser extension, was briefly described on Saturday by Tavis Ormandy, a researcher with Google's Project Zero vulnerability reporting team. When people have the LastPass binary running, the vulnerability allows malicious websites to execute code of their choice. Even when the binary isn't present, the flaw can be exploited in a way that lets malicious sites steal passwords from the protected LastPass vault. Ormandy said he developed a proof-of-concept exploit and sent it to LastPass officials. Developers now have three months to patch the hole before Project Zero discloses technical details.
#2163 Humbled malware author leaks his own source code to regain community's trust
The author of the Nuclear Bot banking trojan has leaked the source code of his own malware in a desperate attempt to regain trust and credibility in underground cybercrime forums.

Nuclear Bot, also known as NukeBot and more recently as Micro Banking Trojan and TinyNuke, is a new banking trojan that appeared on the malware scene in December 2016, when its author, a malware coder known as Gosya, started advertising it on an underground malware forum.
#2162 Security? What security? Four million data records are stolen or lost every day
Nearly 1.4 billion data records were stolen by hackers or lost during 2016 - almost double the number which were comprised the previous year and indicating the ever growing threat posed not only by cyberattackers but accidental data breaches and malicious insiders.

Identifiable personal information including names, email addresses, passwords, dates of birth, IP addresses and even biometric data was stolen from or lost by organisations and websites throughout 2016.

The total of 1,378,509, 261 billion data records being lost or stolen is almost double that of 2015, according to figures published in Gemalto's Breach Level Index Report for 2016. The report is based on analysis of 1,792 data breaches across the year, which saw the equivalent of 3,776, 738 data records compromised every single day. According to the company more than seven billion data records have been exposed since 2013.
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12