January 26, SecurityWeek – (International) US government agencies asked about Juniper backdoor patching. The U.S. House Oversight and Government Reform Committee sent out letters to dozens of government agencies asking that each department provide documents and information on whether they used affected Juniper products, how each entity discovered the vulnerability, and if measures were taken before the Juniper patch was released following a December 2015 incident where an unauthorized code was found in Juniper’s ScreenOS firewall operating system (OS). Several Federal government agencies included were the U.S. Securities and Exchange Commission, the U.S. Department of Health and Human Services, the U.S. Nuclear Regulatory Commission, and the U.S. Department of Transportation, among other agencies. Source
January 25, Softpedia – (International) Lenovo’s file sharing app included some pretty irresponsible security bugs. Lenovo released new versions of its SHAREit file app for Microsoft Windows, Google Android, and Apple iOS devices after researchers from Core Security discovered three security flaws in the app that allowed attackers to access a victim’s files and devices via a hard-coded password embedded in the app’s source code that can be seen after the app creates a WiFi hotspot, allowing attackers to connect to the hotspot and browse files by sending specific Hypertext Transfer Protocol (HTTP) requests to a web server. Source
January 25, SecurityWeek – (International) Microsoft finally hides IP addresses by default in Skype. Microsoft released updates to its Skype Voice-over-IP (VoIP) application that included a privacy enhancement which enabled the default setting to hide users’ Internet Protocol (IP) addresses after researchers from Inria and Polytechnic Institute of New York University discovered they could track thousands of users for several weeks November 2010, which could have potentially led to attackers breaching business systems and stealing sensitive information, or compromising an entire corporate network. Source
January 25, SecurityWeek – (International) It’s official, ransomware has gone corporate. The FBI’s Internet Crime Complaint Center (IC3) released a report stating that recent data shows ransomware such as CryptoWall and its variants, have been increasing its attacks against U.S. victims and revealed three ways companies can help mitigate ransomware attacks: Start employee training, maintain up-to-date backups, and consider new endpoint protection approaches. Source