First Mac-targeting ransomware hits Transmission users

March 6, 2016 – 2:30 PM

A security research firm announced Sunday its discovery of what is believed to be the world’s first ransomware that specifically goes after OS X machines.

“This is the first one in the wild that is definitely functional, encrypts your files and seeks a ransom,” Ryan Olson, of Palo Alto Networks, told Reuters.

The KeRanger malware, which imposes a 72-hour lockout window unless the victim pays 1 bitcoin ($410 as of this writing), appears to have been first discovered via a rogue version of Transmission, a popular BitTorrent client.

For some time now, ransomware has primarily targeted Windows machines—threatening total data destruction if the ransom isn’t paid. Recently, even a Los Angeles hospital was infected, which resulted in the payment of a $17,000 ransom. In June 2015, the FBI said it had been contacted by 992 victims of CryptoWall, a similar ransomware scheme, who have sustained combined losses totaling over $18 million.

On Saturday evening, some Transmission users noticed the strange activity on a discussion board—users concluded that the 2.90 version of Transmission was infected with the ransomware. It appears that somehow the Transmission website may have been compromised as it was served via HTTP rather than the primary HTTPS Transmission website.


New attack steals secret crypto keys from Android and iOS phones

March 5, 2016 – 1:05 PM

Researchers have devised an attack on Android and iOS devices that successfully steals cryptographic keys used to protect Bitcoin wallets, Apple Pay accounts, and other high-value assets.

The exploit is what cryptographers call a non-invasive side-channel attack. It works against the Elliptic Curve Digital Signature Algorithm, a crypto system that’s widely used because it’s faster than many other crypto systems. By placing a probe near—or attaching a special cable to—a vulnerable mobile device while it performs cryptographic operations, an attacker can measure enough electromagnetic emanations to fully extract the secret key that decrypts and authenticates data traveling to and from an end user.

“An attacker can non-invasively measure these physical effects using a $2 magnetic probe held in proximity to the device, or an improvised USB adapter connected to the phone’s USB cable, and a USB sound card,” the researchers wrote in a blog post published Wednesday. “Using such measurements, we were able to fully extract secret signing keys from OpenSSL and CoreBitcoin running on iOS devices. We also showed partial key leakage from OpenSSL running on Android and from iOS’s CommonCrypto.”


For Amazon, security is an inconvenience

March 5, 2016 – 11:16 AM

If you ever needed a definition of hypocrisy, Amazon just served up one hot plate.

Amazon has removed device encryption from its tablets and phones, a day after the company filed a brief supporting Apple in its fight against the FBI over encryption.

The retail giant turned cloud and device maker confirmed in a statement it had removed device encryption from its Fire OS 5 because the company “found customers weren’t using it.”

In other words, Amazon will continue to encrypt your data in transit, but it won’t scramble the contents of its customers’ Fire tablets or phones. That means thieves and law enforcement will have an easier time grabbing user data from these devices without too much effort.

Though the decision was made last year, the brouhaha ignited this week after one Fire tablet owner David Scovetta posted a screenshot on Twitter showing that encryption on older Fire HD and Fire HDX tablets is “no longer supported.” Now it appears that Amazon is reversing course and will add back encryption in a Spring update, according to TechCrunch.

Nevertheless, Amazon’s timing of the upgrade is striking, given that it pushed the software to older devices at a tense moment in the tech industry.


Angler Exploit Learns New Tricks, Finds Home On Popular Website

February 26, 2016 – 8:28 PM

Researchers report Angler Exploit Kit attacks have become more brazen and are now targeting top websites with new tricks that can evade browser-based antimalware protection. Karl Sigler, a SpiderLabs researcher at Trustwave, told Threatpost his lab found the Angler Exploit Kit on a popular website for the second time in a week, exposing just under million visitors monthly to possible TeslaCrypt ransomware infections. Sigler said Trustwave researchers spotted the exploit on Extendoffice[.]com, a site that sells software for customizing Microsoft Office software applications.

A number of things stuck out as unique about this iteration of Angler Exploit Kit, according to Trustwave. One was the fact that attackers were targeting a destination site as opposed to a random webpage that had traffic driven to it via phishing attacks, Sigler said. According to site analysis tool, Extendoffice attracted 963,000 unique visitors in January. “That many not seem like a lot of traffic for a website, but for a watering-hole attack, they hit the jackpot,” Sigler said.


Beware of hacked ISOs if you downloaded Linux Mint on February 20th!

February 21, 2016 – 7:13 AM

We were exposed to an intrusion today. It was brief and it shouldn’t impact many people, but if it impacts you, it’s very important you read the information below.

What happened?

Hackers made a modified Linux Mint ISO, with a backdoor in it, and managed to hack our website to point to it.

Does this affect you?

As far as we know, the only compromised edition was Linux Mint 17.3 Cinnamon edition.

If you downloaded another release or another edition, this does not affect you. If you downloaded via torrents or via a direct HTTP link, this doesn’t affect you either.

Finally, the situation happened today, so it should only impact people who downloaded this edition on February 20th.

How to check if your ISO is compromised?

If you still have the ISO file, check its MD5 signature with the command “md5sum yourfile.iso” (where yourfile.iso is the name of the ISO).