Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

Alert

NEWS - March 15, 2016

Mar 15, 2016 8:18AM PDT
Ransomware author's bravado shot down by release of decryption keys

Security researchers have put a pompous computer criminal in their rightful place after releasing the decryption keys for their ransomware.

Lawrence Abrams of Bleeping Computer writes that the ransomware, which was released last week, encrypts users' files using AES encryption, appends the .LOCKED extension to all files, and demands that victims pay a fee of 0.5 BTC (approximately US $210) in exchange for the decryption key. All things considered, a pretty standard piece of malware...

...with a truly annoying developer behind it.

Continued: https://www.grahamcluley.com/2016/03/ransomware-author-decryption-keys/

@ Bleeping Computer:
Pompous Ransomware Dev Gets Defeated by Backdoor
http://www.bleepingcomputer.com/news/security/pompous-ransomware-dev-gets-defeated-by-backdoor/

Discussion is locked

- Collapse -
Typosquatters Target Mac Users With New ‘.om’ Domain Scam
Mar 15, 2016 8:25AM PDT

Typosquatters are targeting Apple computer users with malware in a recent campaign that snares clumsy web surfers who mistakenly type .om instead of .com when surfing the web. According to Endgame security researchers, the top level domain for Middle Eastern country Oman (.om) is being exploited by typosquatters who have registered more than 300 domain names with the .om suffix for U.S. companies and services such as Citibank, Dell, Macys and Gmail. Endgame made the discovery last week and reports that several groups are behind the typosquatter campaigns.

Mac OS X users are being singled out in this typosquatting campaign with malware. According to Endgame, when a Mac user stumbles on one of the typosquatters’ webpages a fake Adobe Flash update pops up and attempts to trick users to install the advertising component called Genieo.

Continued: https://threatpost.com/typosquatters-target-apple-mac-users-with-new-om-domain-scam/116768/

@ Endgame Security:
The .om Domain and the Dangers of Typosquatting
https://www.endgame.com/blog/what-does-oman-house-cards-and-typosquatting-have-common-om-domain-and-dangers-typosquatting

- Collapse -
Yahoo patches sender spoofing email vulnerability
Mar 15, 2016 8:28AM PDT

Yahoo has patched a vulnerability in the firm's email service which allowed cyberattackers to spoof Yahoo email addresses.

The bug was discovered by independent researcher Lawrence Amer and published through Vulnerability Lab on Full Disclosure. On Monday, the security researcher released details of the flaw publicly, saying the sender spoofing vulnerability affected the Yahoo webmail application.

Cyberattackers are able to remotely spoof the sender names of Yahoo email users through a vulnerability found within the "compose message" module of the web service. A weakness in the system permits users to inject or intercept traffic in the POST/GET parameters, spoofing the email address to whatever sender name they wish.

Continued: http://www.zdnet.com/article/yahoo-patches-sender-spoofing-email-vulnerability/

- Collapse -
Recent Wave of Malware Uses Macro-Enabled Word Documents ..
Mar 15, 2016 8:45AM PDT
.. and Windows PowerShell

Security researchers have discovered a new kink in the tactics of malware operators, who are now combining spam campaigns, malicious Word documents, and PowerShell code to deliver fileless malware to their targets.

None of these techniques is new, but they have never been used together until now, showing that malware operators are also paying closer attention to security research and the work of some of their peers, borrowing techniques from each other in their ever-present struggle to evade detection.

Security researchers from Palo Alto Networks have discovered this campaign, and they're saying that it's relatively small at the moment, having detected only 1,500 of such emails until now.

Continued: http://news.softpedia.com/news/recent-wave-of-malware-uses-macro-enabled-word-documents-and-windows-powershell-501755.shtml

@ Palo Alto Networks:
PowerSniff Malware Used in Macro-based Attacks
http://researchcenter.paloaltonetworks.com/2016/03/powersniff-malware-used-in-macro-based-attacks/
- Collapse -
Code.org website leaked volunteers’ email addresses
Mar 15, 2016 9:10AM PDT

Code.org, the non-profit organization dedicated to increasing diversity in computer science, has admitted its website has been leaking volunteer email addresses.

The discovery was made in an unusual way: the volunteers started receiving emails with job offers from a technical recruiting firm in Singapore.

Once notified of this by the volunteers, the organization contacted the firm in question, which told them how they accessed the email addresses.

Continued: https://www.helpnetsecurity.com/2016/03/14/code-org-website-leaked-volunteers-email-addresses/

Related:
Code.org hole gave access to volunteers' email addresses
http://www.theregister.co.uk/2016/03/14/codeorg_hole_gave_access_to_volunteers_email_addresses/
Code.org Flaw Exposes Volunteer Email Addresses
http://www.securityweek.com/codeorg-flaw-exposes-volunteer-email-addresses

- Collapse -
Facebook, Google and WhatsApp plan to increase encryption ..
Mar 15, 2016 9:39AM PDT
.. user data

Silicon Valley’s leading companies - including Facebook, Google and Snapchat - are working on their own increased privacy technology as Apple fights the US government over encryption, the Guardian has learned.

The projects could antagonize authorities just as much as Apple’s more secure iPhones, which are currently at the center of the San Bernardino shooting investigation. They also indicate the industry may be willing to back up their public support for Apple with concrete action.

Within weeks, Facebook’s messaging service WhatsApp plans to expand its secure messaging service so that voice calls are also encrypted, in addition to its existing privacy features. The service has some one billion monthly users. Facebook is also considering beefing up security of its own Messenger tool.

Continued: http://www.theguardian.com/technology/2016/mar/14/facebook-google-whatsapp-plan-increase-encryption-fbi-apple

Related:
Tech giants ‘to boost encryption services’
http://www.welivesecurity.com/2016/03/14/tech-giants-boost-encryption-services/
Google, Facebook, WhatsApp reportedly bolstering encryption services
http://www.digitaltrends.com/mobile/guardian-report-google-facebook-encryption-boost/