Security Alerts & News
by Tymoteusz A. Góral

History
#2229 User-made patch lets owners of next-gen CPUs install updates on Windows 7 and 8.1
GitHub user Zeffy has created a patch that removes a limitation that Microsoft imposed on users of 7th generation processors, a limit that prevents users from receiving Windows updates if they still use Windows 7 and 8.1.

This limitation was delivered through Windows Update KB4012218 (March 2017 Patch Tuesday) and has made many owners of Intel Kaby Lake and AMD Bristol Ridge CPUs very angry last week, as they weren't able to install any Windows updates.

Microsoft's move was controversial, but the company did its due diligence, and warned customers of its intention since January 2016, giving users enough time to update to Windows 10, move to a new OS, or downgrade their CPU, if they needed to remain on Windows 7 or 8.1 for various reasons.
#2228 Ransomware Timeline: 2010 – 2017
Ransomware Timeline: 2010 – 2017
#2227 NSA-leaking Shadow Brokers just dumped its most damaging release yet
Important Update 4/15/2017 11:45 AM California time None of the exploits reported below are, in fact, zerodays that work against supported Microsoft products. Readers should read this update for further details. What follows is the post as it was originally reported.

The Shadow Brokers—the mysterious person or group that over the past eight months has leaked a gigabyte worth of the National Security Agency's weaponized software exploits—just published its most significant release yet. Friday's dump contains potent exploits and hacking tools that target most versions of Microsoft Windows and evidence of sophisticated hacks on the SWIFT banking system of several banks across the world.
#2226 A Russian hacker has created his own 'starter pack' ransomware service
A new kind of highly-customized ransomware recently discovered by security researchers allows individual criminals to deliver "ransomware-as-a-service".

What sets this ransomware apart from other kinds of file-locking software is that criminals who buy this specialized malware, dubbed Karmen, can remotely control the ransomware from their web browser, allowing the attacker to see at-a-glance a centralized web dashboard of their entire ransomware campaign.
#2225 This phishing attack is almost impossible to detect on Chrome, Firefox and Opera
A Chinese infosec researcher has reported about an "almost impossible to detect" phishing attack that can be used to trick even the most careful users on the Internet.

He warned, hackers can use a known vulnerability in the Chrome, Firefox and Opera web browsers to display their fake domain names as the websites of legitimate services, like Apple, Google, or Amazon to steal login or financial credentials and other sensitive information from users.

What is the best defence against phishing attack? Generally, checking the address bar after the page has loaded and if it is being served over a valid HTTPS connection. Right?
#2224 Oracle delivers a whopping 299 fixes in April 2017's critical patch update
Today, Oracle released their April 2017 Critical Patch Update, or CPU, that resolves a record breaking 299 vulnerabilities across all of their products. According to a report by ERPScan, this is the largest CPU released by Oracle.

Of these 299 vulnerabilities, over 100 are remotely exploitable without authentication. This means that it is possible to remotely exploit the vulnerability through malicious web sites or via a remote attack depending on the particular software. Once an attack successfully exploits a vulnerability, the attacker may be able to execute commands on the affected computer without the victim's knowledge or permission.

The three products with the most security updates are Oracle Financial Services Applications with 47 vulnerabilities and Oracle Retail Applications and Oracle MySQL, which are tied at 39 fixes. Java, which is notorious for being used by exploit kits to install malware on vulnerable systems had 8 new security fixes, with 7 of them being remotely exploitable.
#2223 The Callisto group
The Callisto Group is an advanced threat actor whose known targets include military personnel, government officials, think tanks, and journalists in Europe and the South Caucasus. Their primary interest appears to be gathering intelligence related to foreign and security policy in the Eastern Europe and South Caucasus regions.

In October 2015 the Callisto Group targeted a handful of individuals with phishing emails that attempted to obtain the target’s webmail credentials.

In early 2016 the Callisto Group began sending highly targeted spear phishing emails with malicious attachments that contained, as their final payload, the “Scout” malware tool from the HackingTeam RCS Galileo platform.

These spear phishing emails were crafted to appear highly convincing, including being sent from legitimate email accounts suspected to have been previously compromised by the Callisto Group via credential phishing.

The Callisto Group has been active at least since late 2015 and continues to be so, including continuing to set up new phishing infrastructure every week.
#2222 Report: Cybercrime climate shifts dramatically in first quarter
The first quarter of 2017 brought with it some significant changes to the threat landscape and we aren’t talking about heavy ransomware distribution either. Threats which were previously believed to be serious contenders this year have nearly vanished entirely, while new threats and infection techniques have forced the security community to reconsider collection and analysis efforts.
#2221 Android trojan targeting over 420 banking apps worldwide found on Google Play Store
A security researcher has discovered a new variant of the infamous Android banking Trojan hiding in apps under different names, such as Funny Videos 2017, on Google Play Store.

Niels Croese, the security researcher at Securify B.V firm, analyzed the Funny Videos app that has 1,000 to 5,000 installs and found that the app acts like any of the regular video applications on Play Store, but in the background, it targets victims from banks around the world.
#2220 New processors are now blocked from receiving updates on old Windows
We knew Microsoft was planning to block installation of Windows 7 and 8.1 updates on systems with Intel 7th Generation Core processors (more memorably known as Kaby Lake) and AMD Ryzen systems; we just weren't sure when. Now, the answer appears to be "this month." Users of new processors running old versions of Windows are reporting that their updates are being blocked. The block means that systems using these processors are no longer receiving security updates.

The new policy was announced in January of last year and revised slightly a couple of months later: Kaby Lake and Ryzen processors, and all new processors on an ongoing basis, would only be supported in Windows 10. Windows 7 and 8.1 would continue to support older processors, but their chip compatibility was frozen.
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12