Security Roundup - 2016-12-01

cURL, an open source program/library used by many open source projects, recently underwent a security audit from Mozilla’s Secure Open Source initiative. Overall 23 issues were proactively identified and fixed, prior to a ‘Heartbleed’ like event the initiative was created in reaction to.

In a post Mirai world, Fortinet delves in to managing the attack surface of Smart Cities in the world of tomorrow.

Deutsche Telekom customers have had their modems targeted this week, knocking users off the internet. Researchers from the SANS institute indicate that left unchecked these routers could be compromised and become part of a botnet. Deutsche Telekom has apparently already pushed out a fix. Rapid7 has a summary of some of the raw data.

Firefox user’s should update, as Mozilla has fixed a 0-Day that was used to de-anonymize users. While this is important for TOR users specifically, researchers indicate the payload could also have been used to execute malware. Endpoint Security provides an in-depth technical writeup.

On the importance of maintaining and monitoring your third party accounts, it appears as though a small number of MailChip accounts were broken into and used to send malicious attachments. Mailchimp does offer 2FA, making it easier for user’s to secure their accounts.

Proving that pretty much anyone can be a victim of Ransomware, SF MUNI was a victim to HDDCryptor. MUNI suggests that there was no actual breach, and no data was stolen, nor were actual transit systems impacted. KrebsOnSecurity has already been provided some information on the hacker in the form of emails from his email account, which someone has hacked. These provide details into the number of companies impacted, as well as the techniques the attacker used.

BleepingComputer brings the rest of the Ransomware Roundup. Nothing particularly ‘new’ this week, but still plenty of variants, new versions, and decryptors.

Written on December 1, 2016