NEWS - November 10, 2015

Certificate authority Comodo admits it incorrectly issued eight certificates that include forbidden internal server names or reserved IP addresses.

In 2012, the Certificate Authority/Browser Forum banned the use of such designations for certs issued after Nov. 1, 2015. The decision was meant to cut off a common practice of CAs issuing certificates for internal servers that were not unique and exposed networks to man-in-the-middle attacks and other risks.

Comodo senior research and development scientist Rob Stradling wrote in a post to the CA/B forum that last Thursday it discovered that its CA system had issued the offending certs.

Continued : https://threatpost.com/comodo-issues-eight-forbidden-certificates/115311/

Related: HTTPS certificates with forbidden domains issued by “quite a few” CAs

U.S. authorities today announced multiple indictments and arrests in connection with separate hacking incidents that resulted in the theft of more than 100 million customer records from some of the nation’s biggest financial institutions and brokerage firms, including JP Morgan Chase, E*Trade and Scottrade.

Prosecutors in Atlanta and New York unsealed indictments against four men and one unnamed alleged co-conspirator in connection with a complex, sprawling scheme to artificially manipulate the price of certain publicly traded U.S. stocks.

The men allegedly laundered hundreds of millions of dollars from the scheme via a vast cybercrime network that included illegal online pharmacies, fake antivirus or “scareware” schemes, Internet casinos and even a Bitcoin exchange.

Continued : http://krebsonsecurity.com/2015/11/arrests-in-jp-morgan-etrade-scottrade-hacks/

After several days of intense work, Switzerland-based end-to-end encrypted e-mail provider ProtonMail has largely mitigated the DDoS attacks that made it unavailable for hours on end in the last week.

The attacks have exceeded 100Gbps, and are still going on, but they are no longer capable of knocking ProtonMail offline for extended periods of time.

The first attacker, the Armada Collective is a new hacking group motivated by financial gain who demanded a ransom from the company. The second attack came from an unknown group. This second attack caused the bulk of the damage.

Continued : http://www.net-security.org/secworld.php?id=19088

Related :
ProtonMail Back Online Following Six-Day DDoS Attack
How extorted e-mail provider got back online after crippling DDoS attack

In what’s becoming a monthly ritual, Adobe today pushed out an updated version of its Flash Player that includes patches for critical vulnerabilities.

Today’s update isn’t as voluminous as a most have been since the start of summer, nonetheless, since July when a run of updates addressed zero days published after the Hacking Team breach and including an emergency update last month, Adobe has fixed more than 80 vulnerabilities in the beleaguered software.

Version 19.0.0.245 released today patches 17 vulnerabilities, all of them paving the way to remote code execution if exploited; Adobe said it has no reports of public exploits for any of the patched flaws.

Continued: : https://threatpost.com/adobe-flash-update-includes-patches-for-17-vulnerabilities/115322/

See : Critical Security Updates for Adobe Flash Player (APSB15-2

2015 has been a busy year for cyber-criminals, but don't expect them to take a vacation for 2016 either, at least that's the conclusion of the McAfee Labs Threats Predictions Report, released today by Intel Security.

Aggregating personal opinions from over 33 security leaders across the world, the report shows on what areas organizations should focus their efforts for the upcoming year.

Ransomware will continue to cause troubles

The major threat and one that anyone could have predicted is ransomware, which has had a "spectacular" year in 2015, with some groups making hundreds of millions of dollars with their operations. .....

Adobe Flash Player was the most problematic application of 2015

Continued : http://news.softpedia.com/news/report-we-re-going-to-see-more-ransomware-in-2016-less-hacktivism-495960.shtml

McAfee Report: McAfee Labs Threats Predictions Report (pdf)

The fourth iteration of the world's worst ransomware Cryptowall has surfaced with gnarlier encryption tactics and better evasion tricks that have fooled current antivirus platforms.

Ransomware has ripped through scores of businesses and end-user machines in sporadic and targeted attacks that have cost victims millions of dollars in ransom payments made to criminals who have illegally encrypted valuable files.

The worst offenders remain at large including a single group who may be behind Cryptowall 3.0 and have made some US$325 million this year according to the Cyber Threat Alliance, dwarfing FBI June figures which noted it extorted some US$18 million from US victims alone in about a year.

Continued : http://www.theregister.co.uk/2015/11/09/cryptowall_40/

Microsoft today pushed out 12 bulletins as part of November’s Patch Tuesday, including four critical updates, all of which can lead to remote code execution.

The update is rounded out by fixes for Windows, Lync, .NET, and Skype for Business, but there are two critical fixes that affect browsers on practically every build of Windows, Internet Explorer and Edge.

The Internet Explorer bulletin is marked critical for any users running versions of IE 7 to IE 11 and fixes 25 different vulnerabilities, mostly memory corruption bugs that can lead to code execution, in the browser. Assuming an attacker could get a user to view a specially crafted website, they could exploit the vulnerabilities and gain the same rights as the user.

Continued : https://threatpost.com/november-patch-tuesday-brings-12-bulletins-four-critical/

See: Microsoft Security Bulletin Summary for November 2015