Security Alerts & News
by Tymoteusz A. Góral

#2193 Hackers empty ATM by drilling one small hole
ATM thieves had drilled a small hole, wide of about 4 centimeters (1.5 inches), on the side of the ATM's PIN (numbers) pad. After dismantling a similar ATM in their laboratory, Kasperksy researchers realized this hole was right near a crucial ATM component, a 10-pin header.

This 10-pin header wasn't just any connector, but the header for connecting straight to the ATM's main bus, which interconnected all the other ATM's components, from the screen to the PIN pad, and from the internal cash store to the ATM dispenser.
#2192 Are you identifiable by extensions, logins and your browser?
Are you identifiable is a new web service that answers whether Internet sites may identify you based on your extensions, logins, and web browser.

Online privacy is a hot topic, and making sure that you you are not tracked or traced online may soon require a master's degree in privacy.

New technologies, the rise of HTML5 and all that came with it for instance, added new capabilities. As is the case with these things usually, they can be used for good and bad.

It is no longer enough to use a VPN, or a content blocker to keep some of your privacy while you are on the Internet. You also need to know and deal with new technologies such as WebRTC or intermediate CA caching, to avoid leaks or browser fingerprinting scripts.
#2191 No More Ransom adds 15 new decryption tools as record number of partners join global initiative
Nine months after the launch of the No More Ransom (NMR) project, an ever-growing number of law enforcement and private partners have joined the initiative, allowing more victims of ransomware to get their files back without paying the criminals.

The platform is now available in 14 languages and contains 40 free decryption tools. Since our last report in December, more than 10 000 victims from all over the world have been able to decrypt their affected devices thanks to the tools made available free of charge on the platform.
#2190 Report: 30% of malware is 0day, missed by legacy antivirus
At least 30 percent of malware today is new, zero-day malware that is missed by traditional antivirus defenses, according to a new report.

"We're gathering threat data from hundreds of thousands of customers and network security appliances," said Corey Nachreiner, CTO at WatchGuard Technologies. "We have different types of malware detection services, including a signature and heuristic-based gateway antivirus. What we found was that 30 percent of the malware would have been missed by the signature-based antiviruses."
#2189 Over The Air: Exploiting Broadcom’s WiFi stack (Part 1)
It’s a well understood fact that platform security is an integral part of the security of complex systems. For mobile devices, this statement rings even truer; modern mobile platforms include multiple processing units, all elaborately communicating with one another. While the code running on the application processor (AP) has been the subject of much research, other components have seldom received the same scrutiny.

Over the years, as a result of the focused attention by security folk, the defenses of code running on the application processor have been reinforced. Taking Android as a case study, this includes hardening the operating system, improving the security of applications, and introducing incremental security enhancements affecting the entire system. All positive improvements, no doubt. However, attackers tend to follow the path of least resistance. Improving the security of one component will inevitably cause some attackers to start looking elsewhere for an easier point of entry.
#2188 Advanced Chinese hacking campaign infiltrates IT service providers across the globe
A Chinese hacking group with advanced cyber-espionage capabilities has been targeting managed IT services providers across the globe in a campaign to steal sensitive data.

The cybercriminal gang is using sophisticated phishing attacks and customised malware in order to infect victims' machines and then gain access to IT providers and their customer networks.

Dubbed Operation Cloud Hopper, the cyber-espionage campaign has been uncovered by security researchers at PwC, BAE Systems, and the UK's National Cyber Security Centre. The researchers say the campaign is "highly likely" to be the work of the China-based APT10 hacking group.
#2187 A free decryption tool is now available for all Bart ransomware versions
Users who have had their files encrypted by any version of the Bart ransomware program are in luck: Antivirus vendor Bitdefender has just released a free decryption tool.

The Bart ransomware appeared back in June and stood out because it locked victims' files inside ZIP archives encrypted with AES (Advanced Encryption Standard). Unlike other ransomware programs that used RSA public-key cryptography and relied on a command-and-control server to generate key pairs, Bart was able to encrypt files even in the absence of an internet connection.
#2186 Android beware: State-backed Pegasus spyware is found using phones to eavesdrop and grab data
A new version of one of the most sophisticated forms of mobile spyware has been discovered, and this time it's being used to spy on Android users.

Made public last summer, the Pegasus mobile spyware was used by a nation state to monitor iPhones belonging to activists in the Middle East. The spyware uses three separate iOS vulnerabilities, collectively known as Trident, to allow an attacker to remotely jailbreak a target's iPhone and install spyware capable of tracking every action on the device.
#2185 Google and Apple issue security updates for critical broadcom WiFi vulnerabilities
Owners of Android and iOS devices should pay special attention to security updates released by Google and Apple on Monday, as they contain fixes for a series of critical bugs affecting their phone's WiFi component.

The issues, discovered by Google Project Zero security researcher Gal Beniamini, affect the Broadcom WiFi SoC (Software on Chip), included with many Android and iOS smartphones, and for which both Google and Apple include custom firmware with their OS.
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12