Security Alerts & News
by Tymoteusz A. Góral

History
#2239 BrickerBot author claims he bricked two million devices
ust like Wifatch and Hajime, the BrickerBot malware is the work of a vigilante grey-hat, who goes online by the name of Janit0r, a nickname he chose on the Hack Forums discussion boards.

If you're unfamiliar, BrickerBot is a new malware family that was first identified at the start of the month by Radware researchers. The malware made headlines because it was the first threat of its kind that intentionally bricked IoT and networking devices, by rewriting the flash storage space of affected devices with random data.

Such actions rendered troves of devices useless, many needing a firmware reinstall, but as many needing to be replaced altogether.
#2238 Beware! Dozens of Linksys WiFi router models vulnerable to multiple flaws
Bad news for consumers with Linksys routers: Cybersecurity researchers have disclosed the existence of nearly a dozen of unpatched security flaws in Linksys routers, affecting 25 different Linksys Smart Wi-Fi Routers models widely used today.

IOActive's senior security consultant Tao Sauvage and independent security researcher Antide Petit published a blog post on Wednesday, revealing that they discovered 10 bugs late last year in 25 different Linksys router models.

Out of 10 security issues (ranging from moderate to critical), six can be exploited remotely by unauthenticated attackers.

According to the researchers, when exploited, the flaws could allow an attacker to overload the router, force a reboot by creating DoS conditions, deny legitimate user access, leak sensitive data, change restricted settings and even plant backdoors.
#2237 Location tracking Android spyware found in Google Play store
Android malware capable of accessing smartphone users' location and sending it to cyberattackers remained undetected in the Google Play store for three years, according to a security company.

Discovered by IT security researchers at Zscaler, the SMSVova Android spyware poses as a system update in the Play Store and was downloaded between one million and five million times since it first appeared in 2014.

The app claims to give users access to the latest Android system updates, but it's actually malware designed to compromise the victims' smartphone and provide the users' exact location in real time.
#2236 Windows bug used to spread Stuxnet remains world’s most exploited
One of the Microsoft Windows vulnerabilities used to spread the Stuxnet worm that targeted Iran remained the most widely exploited software bug in 2015 and 2016 even though the bug was patched years earlier, according to a report published by antivirus provider Kaspersky Lab.

In 2015, 27 percent of Kaspersky users who encountered any sort of exploit were exposed to attacks targeting the critical Windows flaw indexed as CVE-2010-2568. In 2016, the figure dipped to 24.7 percent but still ranked the highest. The code-execution vulnerability is triggered by plugging a booby-trapped USB drive into a vulnerable computer. The second most widespread exploit was designed to gain root access rights to Android phones, with 11 percent in 2015 and 15.6 percent last year.
#2235 Credit card with a fingerprint sensor revealed by Mastercard
A payment card featuring a fingerprint sensor has been unveiled by credit card provider Mastercard.

The rollout follows two successful trials in South Africa.

The technology works in the same way as it does with mobile phone payments: users must have their finger over the sensor when making a purchase.

Security experts have said that while using fingerprints is not foolproof, it is a "sensible" use of biometric technology.
#2234 Researchers find commercial banking apps contain swarms of open-source bugs
Open-source projects have long proved a boon for software developers at large, but new research suggests that their use can compromise application security.

According to researchers from Black Duck Software, in the firm's 2017 Open Source Security and Risk Analysis (OSSRA) report, there are "significant cross-industry risks" in the use of open-source software. Namely, vulnerabilities found in such software and components are not being addressed as they should.

The Burlington, Mass.,-based firm says that due to lax security practices, this also presents a challenge for compliance -- and the results of the audit report should be a "wake-up call" for developers.
#2233 Report: Cybercriminals prefer Skype, Jabber and ICQ
The most popular instant messaging platforms with cyber criminals are Skype, Jabber and ICQ, according to a new report released this morning.

Meanwhile, consumer-grade platforms like AOL Instant Messenger and Yahoo IM have fallen out of favor, while newer, more secure consumer oriented platforms like Telegram and WhatsApp are also gaining popularity.

The newer platforms are more user-friendly and more convenient, but also offer greater security, said Leroy Terrelonge, Director of Middle East and Africa Research at Flashpoint, which recently released a report about the communication platforms cyber criminals have been using over the past four years.
#2232 New open source RAT uses Telegram protocol to steal data from victims
Someone has created a new Remote Access Trojan (RAT) that uses the Telegram protocol to steal user data from infected devices.

The RAT is written in Python and is currently available as a free download on a public code sharing portal.

The RAT's author, whose name we won't be sharing, claims to have embarked into creating this tool as a way to improve how most of today's RATs work.

The author highlights that the biggest problem with most RATs is that they don't use encryption and require that the attacker enable port forwarding on the victim's machine to control infected hosts.

The developer proposes his own tool, named RATAtack, which uses the Telegram protocol to support an encrypted channel between victims and their master, and does not need port forwarding, as the Telegram protocol also provides a simple method to communicate to the target without configuring port forward beforehand on the target.
#2231 Microsoft turns 2FA into one-factor by ditching password
Microsoft Authenticator is a pleasant enough two-factor authentication app. You can use it to generate numeric authentication codes for accounts on Google, Facebook, Twitter, and indeed, any other service that uses a standard one-time password. The login process is straightforward: first you sign in to each site with your username and regular, fixed password, then you use the code generated by the app.

But for Microsoft accounts, Redmond is offering something new: getting rid of that first password and using just the phone to authenticate. With phone-based authentication enabled, after entering your Microsoft Account e-mail address, you'll receive an alert on your phone. From that alert, you can either approve or reject the authentication attempt—no password necessary.
#2230 Hajime worm battles Mirai for control of the IoT
A battle is raging for control of Internet of Things (IoT) devices. There are many contenders, but two families stand out: the remains of the Mirai botnet, and a new similar family called Hajime.

Hajime was first discovered by researchers in October of last year and, just like Mirai (Linux.Gafgyt), it spreads via unsecured devices that have open Telnet ports and use default passwords. In fact, Hajime uses the exact same username and password combinations that Mirai is programmed to use, plus two more.
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12