Google Releases Security Updates for Chrome

Original release date: December 01, 2016

Google has released Chrome version 55.0.2883.75 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that, if exploited, may allow an attacker to take control of an affected system.

Users and administrators are encouraged to review the Chrome Releases page and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

At least 10 million Android users imperiled by popular AirDroid app

Enlarge / AirDroid's example imagery.

For at least the past six months, a popular remote management app available in the official Google Play Store has opened tens of millions of Android users to code-execution and data-theft attacks when they use unsecured networks, researchers said Thursday.

As recently as earlier this week—and possibly even at this moment—the most up-to-date versions of AirDroid have used a static and easily detectable encryption key when transmitting update files and sensitive user data, according to a blog post published by security firm Zimperium. Attackers who are on the same network can exploit the weakness to push fraudulent updates or view potentially sensitive user information, including the international mobile equipment identity and international mobile subscriber identity designations that are unique to each phone. The app has been downloaded 10 million to 50 million times from the official Google Play Store.

"A malicious party on the same network as the victim can leverage this vulnerability to remotely gain full control of their device," Simone Margaritelli, principal security researcher at Zimperium's zLabs, told Ars. "Moreover, the attacker will be able to see the user's sensitive information such as the IMEI, IMSI, and so forth. As soon as the update, or fake update, is installed the software automatically launches the updated [Android app file] without ever verifying who built it."

Read 7 remaining paragraphs | Comments

Legal raids in five countries seize botnet servers, sinkhole 800,000+ domains

Enlarge / Avalanche once hosted ransomware that spoofed messages from law enforcement. Now, a team of 40 law enforcement agencies has shut it down. (credit: Symantec)

A botnet that has served up phishing attacks and at least 17 different malware families to victims for much of this decade has been taken down in a coordinated effort by an international group of law enforcement agencies and security firms. Law enforcement officials seized command and control servers and took control of more than 800,000 Internet domains used by the botnet, dubbed "Avalanche," which has been in operation in some form since at least late 2009.

"The operation involves arrests and searches in five countries," representatives of the FBI and US Department of Justice said in a joint statement issued today. "More than 50 Avalanche servers worldwide were taken offline."

The domains seized have been "sinkholed" to terminate the operation of the botnet, which is estimated to have spanned over hundreds of thousands of compromised computers around the world. The Justice Department's Office for the Western Federal District of Pennsylvania and the FBI's Pittsburgh office led the US portion of the takedown. "The monetary losses associated with malware attacks conducted over the Avalanche network are estimated to be in the hundreds of millions of dollars worldwide, although exact calculations are difficult due to the high number of malware families present on the network," the FBI and DOJ said in their joint statement.

Read 5 remaining paragraphs | Comments

Shamoon wiper malware returns with a vengeance


A new variant of Shamoon, the malware that wiped hard drives at Saudi Aramco and other energy companies in 2012, has struck multiple organizations in Saudi Arabia in a new campaign that researchers call a "carefully planned operation." The new variant, which is almost identical to the version used in the 2012 attacks, has replaced the message it previously displayed—which included an image of a burning American flag—with the photo of the body of Alan Kurdi, the 3-year-old Syrian refugee boy who drowned as his family tried to cross from Turkey to Greece.

Bloomberg reports that digital forensics by Saudi officials indicated that the attacks were launched from Iran. Several Saudi government agencies were among the organizations attacked.

New versions of Shamoon, also known as Disttrack, have been detected by multiple information security companies, including McAfee, Symantec, Palo Alto Networks, and FireEye. It isn't yet clear how the malware's "dropper" has gotten into the networks it has attacked. But once on a victim's Windows system, it determines whether to install a 32-bit or 64-bit version of the malware. According to a report from Symantec, the latest Shamoon attack was configured to automatically start wiping the disk drives of computers it had infected at 8:45am local time on November 17.

Read 3 remaining paragraphs | Comments