Security Alerts & News
by Tymoteusz A. Góral

History
#2261 Kaspersky tones down threat of antitrust complaint against Microsoft
Russia's Kaspersky Lab has temporarily backed off filing a competition complaint that Microsoft is abusing its market dominance to crowd out anti-virus software makers such as itself, founder and Chief Executive Eugene Kaspersky said.

Instead, Kaspersky - who threatened in November to complain to the European Commission - said he would keep talking to Microsoft about changes he wants the U.S. software giant to make before deciding whether to press his case in a few months. "They are listening to us and they made a few changes. It's an ongoing process," he told Reuters on the sidelines of the Hannover Messe industrial trade fair. "Of course if Microsoft agrees to all our requests we will not file it."

Microsoft had no immediate comment, while the European Commission declined to comment.
#2260 Microsoft advises against manually installing Windows 10 creators update
Microsoft would like Windows 10 users to stand in line in an orderly fashion and wait their turn to update to the Creators Update (CU), the latest major edition of the Windows 10 OS, released on April 11.

The company advised users against manually updating to the Creators Update by downloading the ISO files and performing a clean install.
#2259 Russian-controlled telecom hijacks financial services’ Internet traffic
On Wednesday, large chunks of network traffic belonging to MasterCard, Visa, and more than two dozen other financial services companies were briefly routed through a Russian government-controlled telecom under unexplained circumstances that renew lingering questions about the trust and reliability of some of the most sensitive Internet communications.

Anomalies in the border gateway protocol—which routes large-scale amounts of traffic among Internet backbones, ISPs, and other large networks—are common and usually the result of human error. While it's possible Wednesday's five- to seven-minute hijack of 36 large network blocks may also have been inadvertent, the high concentration of technology and financial services companies affected made the incident "curious" to engineers at network monitoring service BGPmon. What's more, the way some of the affected networks were redirected indicated their underlying prefixes had been manually inserted into BGP tables, most likely by someone at Rostelecom, the Russian government-controlled telecom that improperly announced ownership of the blocks.
#2258 Samsung Smart TV flaw leaves devices open to hackers
Your Samsung Smart TV might be pretty dumb.

Penetration testing firm Neseso has found that a 32-inch Tizen-based smart TV, first released as part of the 2015 model year and still being sold in North America, isn’t authenticating devices that connect to it via Wi-Fi Direct.

Rather than requiring a password or PIN to authenticate devices that want to connect to the TV – like, say, your smartphone when you want to use it as a remote control – it’s relying on a whitelist of devices that the user’s already authorized.

To do that, Samsung’s Smart TV uses devices’ media access control (MAC) addresses. Those are like a digital fingerprint: a MAC address is constant to a piece of hardware (though it can be spoofed, either for legitimate purposes or by a thief who wants to hide it).
#2257 Hack the US Air Force, and make cash… legally!
It shouldn’t be any surprise at all to hear that people are trying to hack into the United States Air Force’s networks and computer systems.

And, as everyone knows, if you hack into the US Air Force’s systems without their permission you’re breaking the law and – if caught – could face a severe prison sentence.

But there is one way to hack the US Air Force without having the book thrown at you. And you can even legally earn yourself a tidy sum of money at the same time. And that’s by hacking the US Air Force systems with its explicit permission.

Yesterday, the US Air Force used a Facebook live stream to announce a new initiative it was launching with HackerOne called “Hack the Air Force”, inviting white-hat hackers to find security vulnerabilities on its public-facing servers and websites, and offering bug bounty payments for those who discover flaws.
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12