NSW ICT manager was corrupt; First OS X ransomware; Sony recalls VAIO batteries

The NSW Independent Commission Against Corruption (ICAC) has concluded that a former TAFE NSW acting ICT services manager engaged in corrupt conduct when he used his public official functions to garner $1.76 million for his own company.

ICAC said it had found that Ronald Cordoba, formerly the acting ICT services manager at TAFE NSW South Western Sydney Institute (SWSI), had “engaged in serious corrupt conduct by improperly exercising his public official functions to obtain more than $1.76 million from the SWSI and one of its contractors for his own business”.

This figure of $1.76 million comes from several incidences of corruption, according to ICAC.

The commission said that between January and July 2014, Cordoba improperly engaged in corrupt conduct by exercising his official functions to obtain $1,709,904.90 from SWSI for his own business, ITD Systems Pty Ltd.

ICAC also said that sometime around February 2014, Cordoba improperly exercised his official functions to make sure that SWSI engaged another company called Cloud People Pty Ltd to provide ‘virtual labs’, with the intention of obtaining $55,000 from Cloud People for ITD Systems — an amount that ICAC said ITD received.

Importantly, ICAC noted: “There are no findings made against Cloud People or its personnel.”

Although ICAC has concluded that Cordoba engaged in serious corrupt conduct, the body must seek the advice of the Department of Public Prosecutions (DPP) on whether prosecution should take place. The DPP decides whether criminal charges can be laid, and conducts any resultant prosecutions.

In this case, ICAC said that the DPP should be consulted regarding the possible prosecution of Cordoba for the following criminal offences: two instances of fraud, together totalling $1,764,904.90; willfully making a false statement to mislead a Commission officer; and making a false or misleading statement during a compulsory examination.

First functional OS X ransomware

Security researchers have discovered what they call the first fully functional ransomware seen on Apple’s OS X platform.

Researchers from Palo Alto Networks said that on 4 March they detected that the Transmission BitTorrent client installer for OS X was infected with ransomware. The researchers dubbed this ransomware KeRanger.

“The only previous ransomware for OS X we are aware of is FileCoder, discovered by Kaspersky Lab in 2014. As FileCoder was incomplete at the time of its discovery, we believe KeRanger is the first fully functional ransomware seen on the OS X platform,” Claud Xiao and Jin Chen wrote on the Palo Alto Networks blog.

Xiao and Chen explained that the KeRanger application was signed with a valid Mac app development certificate, allowing it to bypass Apple’s Gatekeeper protection.

The researchers said that once a system is infected with KeRanger, the ransomware waits for three days before connecting to command and control servers over Tor, after which KeRanger begins encrypting specific types of files on the system. Once encryption has been completed, the ransomware demands that the victim pays one bitcoin (around AU$552) to a particular address in order to recover their files.

Palo Alto Networks said that it reported the issue to the Transmission Project and to Apple on 4 March. Since then, the researchers said, Apple has revoked the abused certificate and updated XProtect antivirus signatures, while the Transmission Project has removed the infected installers from its website.

Sony recalls VAIO batteries

Sony has issued a recall notice for batteries in some of its VAIO computers over concerns that the batteries may overheat and burn.

Sony said the issue affects some VGP-BPS26 battery packs. These batteries are used in VAIO E Series machines released in February 2013. The batteries may also be installed in machines that were submitted for repair since February 2013.

The recall notice stated that the battery packs in question “may be susceptible to overheating”.

“The issue is a manufacturing one which has the potential to burn parts of the battery packs,” the recall notice said.

Sony is implementing a free replacement program for the affected battery packs.

The recall notice lists specific VAIO models that may be carrying an affected battery. It also includes a link to a page to help discern if a particular battery is affected.

If you identify a battery as being affected, Sony asks that you immediately remove the battery from the PC in question.

“If you believe that your battery pack is one of the affected units, please contact our Customer Service team on 1300 137 669, Mon-Fri 9am - 5pm AEST to discuss next steps,” the notice said.

Image courtesy Minale