Перейти к содержимому


Фото
- - - - -

CyberSecurity Industry News


  • Please log in to reply
31 ответов в этой теме

#21 Mr.Pr

Mr.Pr

    Member

  • Posters
  • 251 Сообщений:

Отправлено 29 Март 2017 - 16:14

Russian Hacker Pleads Guilty to Ebury Botnet Role

 

 

A Russian hacker has pleaded guilty to playing a major role in building the infamous Ebury botnet, which helped to fraudulently generate millions of dollars.

 

Maxim Senakh, 41, of Velikii Novgorod, pleaded guilty on Tuesday to conspiracy to violate the Computer Fraud and Abuse Act and to commit wire fraud.

 

Along with co-conspirators, Senakh is said to have helped develop the Ebury malware, which targeted the log-ins of servers running Solaris, Linux and similar Unix-like operating systems.

It’s a rootkit/backdoor Trojan designed to steal SSH log-in credentials from incoming and outgoing SSH connections.

 

They then combined these remotely controlled servers into a botnet, monetizing it via click fraud and spam campaigns, according to the Department of Justice.

 

The scams apparently compromised tens of thousands of servers around the world and earned Senakh and his co-conspirators millions of dollars in the process.

 

“As part of the plea, Senakh admitted that he supported the criminal enterprise by creating accounts with domain registrars which helped build the Ebury botnet infrastructure and personally profited from traffic generated by the Ebury botnet,” noted the DoJ.

 

The Ebury malware leaped to notoriety in 2011 when it was used to hack the Linux Kernel...

 

 

Read the Full Article: https://www.infosecurity-magazine.com/news/russian-hacker-pleads-guilty-to/

 

------------------------------

 

FBI Warns on FTP Attacks to Access Medical, Dental Info

 

 

The FBI is warning of an concerted effort on the part of cyber-criminals to target medical and dental facilities via their File Transfer Protocol (FTP) servers.

 

Criminals are accessing protected health information (PHI) and personally identifiable information (PII) in order to intimidate, harass and blackmail business owners. The Feds said that the Bureau is aware of criminal actors who are actively targeting such facilities via insecure FTPs that are operating in “anonymous” mode.

 

“Research conducted by the University of Michigan in 2015 titled, ‘FTP: The Forgotten Cloud,’ indicated over 1 million FTP servers were configured to allow anonymous access, potentially exposing sensitive data stored on the servers,” the FBI said in its alert. “The anonymous extension of FTP allows a user to authenticate to the FTP server with a common username such as ‘anonymous’ or ‘ftp’ without submitting a password or by submitting a generic password or email address.”

 

While computer security researchers are actively seeking FTP servers in anonymous mode to conduct legitimate research, cyber-criminals could also use an FTP server in anonymous mode and configured to allow “write” access to store malicious tools or launch targeted cyberattacks.

 

“In general, any misconfigured or unsecured server operating on a business network on which sensitive data is stored or processed exposes the business to data theft...

 

 

Read the Full Article: https://www.infosecurity-magazine.com/news/fbi-warns-on-ftp-attacks/


Сообщение было изменено Mr.Pr: 29 Март 2017 - 16:14

“The security industry in that case becomes bullshit, because people believe in those products and use them in their corporate environments without understanding that those products are just following others,”  - Boris Sharov

 

DrWeb Gallery for your Avatars: Click

My Telegram ID: @MrlPr

 

Best Regards,

Parham


#22 Mr.Pr

Mr.Pr

    Member

  • Posters
  • 251 Сообщений:

Отправлено 29 Март 2017 - 16:16

Hong Kong’s 3.7 Million Voters Exposed in Massive Breach

 

 

Hong Kong might just have experienced its biggest ever data breach after the personal details of the Special Administrative Region (SAR)’s 3.7 million voters were stolen on two laptops.

The details are said to have included ID card numbers, addresses and mobile phone numbers.

 

They were stored on two laptops in a locked room at the AsiaWorld-Expo conference center near the airport.

 

The center is said to be the “back-up venue” for the region’s chief executive elections, which took place over the weekend.

 

The Registration and Electoral Office has reported the theft to police and told the South China Morning Post that the details of voters were encrypted – although it’s unclear how strong that encryption is.

 

It’s also unclear why the details of 3.7m voters were stored on the laptops when only an Election Committee of 1194 specially chosen business and political leaders is allowed to pick Hong Kong’s CEO.

 

The SAR’s privacy watchdog said in a statement that it is launching an investigation into the matter.

 

Over a three-year period from 2013 to 2016, the privacy commissioner’s office is said to have received 253 data breach notifications.

Eduard Meelhuysen, EMEA boss at Bitglass, argued that public sector breaches stand out as particularly concerning.

"Whether it’s the NHS or the Hong Kong Registration and Electoral Office, these organizations...

 

 

Read the Full Article: https://www.infosecurity-magazine.com/news/hong-kongs-37-million-voters/


“The security industry in that case becomes bullshit, because people believe in those products and use them in their corporate environments without understanding that those products are just following others,”  - Boris Sharov

 

DrWeb Gallery for your Avatars: Click

My Telegram ID: @MrlPr

 

Best Regards,

Parham


#23 Mr.Pr

Mr.Pr

    Member

  • Posters
  • 251 Сообщений:

Отправлено 29 Март 2017 - 16:19

IoT & Liability: How Organizations Can Hold Themselves Accountable

 

 

To avoid a lawsuit, your company needs to better understand the state of your infrastructure and the devices and applications within it. Here are five areas on which to focus.

 

The number of devices with IP connectivity continues to grow at a breakneck pace. In the next few years, it's expected that we'll see tens of billions of devices with some sort of networking ability.

 

The problem is that the number of skilled security professionals available for organizations to monitor and manage these devices will not scale to match. There just aren't enough people in the world to actively monitor all the bits flowing through networks.

 

It's not a hopeless battle, but organizations need to take steps to better understand the state of their infrastructure and the devices and applications within it. When the next Mirai-style attack occurs, you can bet there will be a team of lawyers ready to hold somebody responsible for their company's resulting loss of revenue, data, and reputation.

 

Take e-commerce as an example: When a retailer's website goes down for a couple of hours, it loses millions of dollars in sales and take a hit in customer trust. If the company discovers hundreds of hijacked Internet of Things (IoT) devices on your organization's network were partially responsible for its loss, a lawsuit will follow....

 

 

Read the Full Article: http://www.darkreading.com/iot/iot-and-liability-how-organizations-can-hold-themselves-accountable-/a/d-id/1328324?


“The security industry in that case becomes bullshit, because people believe in those products and use them in their corporate environments without understanding that those products are just following others,”  - Boris Sharov

 

DrWeb Gallery for your Avatars: Click

My Telegram ID: @MrlPr

 

Best Regards,

Parham


#24 Mr.Pr

Mr.Pr

    Member

  • Posters
  • 251 Сообщений:

Отправлено 29 Март 2017 - 16:21

New Metasploit Extension Available for Testing IoT Device Security

 

 

RFTransceiver extension for the Metasploit Hardware Bridge API will let organizations detect and scan wireless devices operating outside 802.11 spec.

 

Enterprise security teams and penetration testers now have a new tool for evaluating the risks posed to their networks from Internet of Things (IoT) devices that are operating on radio frequencies outside the standard 802.11 specification.

 

Rapid7, the owner of the Metasplot Project, has released an extension to its recently introduced Hardware Bridge API for conducting pen tests on network-connected hardware.

The new RFTransceiver extension for the Metasploit Hardware Bridge is designed to let organizations identify and assess the security state of multi-frequency wireless devices operating on their networks more effectively than current tools permit.

 

The RFTransceiver gives security pros the ability to craft and monitor different RF packets for identifying and accessing a company’s wireless systems beyond Ethernet-accessible technologies, said Craig Smith, a research lead at Rapid7 in a blog post.

 

It allows pen testers to create and direct “short bursts of interference” at such devices to see how they respond from a security standpoint.

 

Many organizations already have devices and systems operating on radio frequencies outside 802.11 on their networks. Examples include RFID readers, smart lighting systems using the Zigbee communication protocol and network-enabled alarm, surveillance, and door control systems.

 

The RFTransceiver extension is designed to help organizations with such devices answer vital questions, such as the operating range of the devices, whether they are encrypted, how they respond to outside interference, and how they fail.

 

“The most obvious threat is the unauthorized access to...

 

 

Read the Full Article: http://www.darkreading.com/threat-intelligence/new-metasploit-extension-available-for-testing-iot-device-security/d/d-id/1328452?


“The security industry in that case becomes bullshit, because people believe in those products and use them in their corporate environments without understanding that those products are just following others,”  - Boris Sharov

 

DrWeb Gallery for your Avatars: Click

My Telegram ID: @MrlPr

 

Best Regards,

Parham


#25 Mr.Pr

Mr.Pr

    Member

  • Posters
  • 251 Сообщений:

Отправлено 29 Март 2017 - 16:22

Kaspersky: Criminals Make 95% Profit on DDoS

 

Ordering a DDoS attack has become as easy as ordering the latest bestseller from Amazon—and can offer incredible return on investment for the attacker.

 

According to Kaspersky Lab, DDoS-for-hire services are generally self-service, eliminating the need for direct contact between the organizer and the customer. Customers can make payments, get reports on work done and so on, all online. In fact, Kaspersky said that the order page “looks more like the web page of an IT startup than a cybercriminal operation.”

 

“These web services are fully functional web applications that allow registered customers to manage their balance and plan their DDoS attack budget,” the firm said in a blog posting. “Some developers even offer bonus points for each attack conducted using their service. In other words, cybercriminals have their own loyalty and customer service programs.”

 

But lowering the barrier to entry doesn’t stop there—it’s also incredibly cheap to carry attacks out these days. One DDoS service advertised on a Russian public forum offers attacks from $50 per day, for instance.

 

Kaspersky did a review of the Dark Web to find out the going rate for DDoS as-a-service, and found the average to be slightly higher than the example above—attacks typically cost $25 per hour, with the cyber-criminals making a profit of about $18 for every hour of an attack.

 

The security specialist also found that organizers of DDoS services generally offer customers a tariff plan in which the buyer pays a per-second rental price for botnet capacity. For example, a DDoS attack of 300 seconds using a botnet with a total bandwidth of 125Gbps will cost about between $5 and $6.

 

As for profitability, it should be noted that DDoS attacks and, in particular, ransomware DDoS have already turned into a high-margin business. “The profitability of one attack can exceed 95%,” the firm noted. “And the fact that the owners of online sites are often willing to pay a ransom without even checking whether the attackers can actually carry out an attack (something that other fraudsters have already picked up on) adds even more fuel to the fire. All the above suggests that the average cost of DDoS attacks in the near future will only fall, while their frequency will increase.”...

 

 

Read the Full Article: https://www.infosecurity-magazine.com/news/kaspersky-criminals-profit-ddos/


“The security industry in that case becomes bullshit, because people believe in those products and use them in their corporate environments without understanding that those products are just following others,”  - Boris Sharov

 

DrWeb Gallery for your Avatars: Click

My Telegram ID: @MrlPr

 

Best Regards,

Parham


#26 Mr.Pr

Mr.Pr

    Member

  • Posters
  • 251 Сообщений:

Отправлено 29 Март 2017 - 16:23

RIP: Antivirus veteran Raimund Genes, 54

 

 

Trend Micro CTO suffered fatal heart attack

 

Colleagues and friends are mourning the sudden death of distinguished antivirus industry veteran Raimund Genes last Friday.

 

Genes, 54, chief technology officer at Trend Micro, began as a distributor before joining the antivirus firm in the early days of the industry back in 1996. He served with distinction in a variety of senior business development and technology roles for the last 30 years.

 

I interviewed Genes for El Reg several times and found him to be technically knowledgable and a clear communicator, an antidote to the FUD and hyperbole sometimes found elsewhere. He'll be missed, especially by his family.

 

Genes died unexpectedly of a heart attack at his family home in Germany last Friday. He is survived by his wife Martina and two sons.

A tribute to Genes from Eva Chen, chief executive officer at Trend Micro, can be found here.

 

 

Read the Full Article: https://www.theregister.co.uk/2017/03/28/raimund_genes_obit/


“The security industry in that case becomes bullshit, because people believe in those products and use them in their corporate environments without understanding that those products are just following others,”  - Boris Sharov

 

DrWeb Gallery for your Avatars: Click

My Telegram ID: @MrlPr

 

Best Regards,

Parham


#27 Mr.Pr

Mr.Pr

    Member

  • Posters
  • 251 Сообщений:

Отправлено 02 Апрель 2017 - 11:37

Cerber Starts Evading Machine Learning

 

 

The CERBER family of ransomware has been found to have adopted a new technique to make itself harder to detect: it is now using a new loader that appears to be designed to evade detection by machine learning solutions. This loader is designed to hollow out a normal process where the code of CERBER is instead run.

 

 

X contains the loader, as well as various configuration settings. The loader has features that check if it is running in a virtual machine (VM), if it is running in a sandbox, if certain analysis tools are running on the machine, or if certain AV products are present. If any of these checks fail, the malware stops running. The lists below highlight the specific tools and products this software checks for:

 

Analysis Tools

 

  • Msconfig
  • Sandboxes
  • Regedit
  • Task Manager
  • Virtual Machines
  • Wireshark

 

Security vendors

 

  • 360
  • AVG
  • Bitdefender
  • Dr. Web
  • Kaspersky
  • Norton
  • Trend Micro

 

 

Read the Full Article: https://blog.trendmicro.com/trendlabs-security-intelligence/cerber-starts-evading-machine-learning/


Сообщение было изменено Mr.Pr: 02 Апрель 2017 - 11:38

“The security industry in that case becomes bullshit, because people believe in those products and use them in their corporate environments without understanding that those products are just following others,”  - Boris Sharov

 

DrWeb Gallery for your Avatars: Click

My Telegram ID: @MrlPr

 

Best Regards,

Parham


#28 Mr.Pr

Mr.Pr

    Member

  • Posters
  • 251 Сообщений:

Отправлено 02 Апрель 2017 - 18:41

Researchers steal data from CPU cache shared by two VMs

 

 

All of a sudden dedicated instances are looking a lot better than multi-tenancy

 

A group of researchers say they can extract information from an Amazon Web Services virtual machine by probing the cache of a CPU it shares with other cloudy VMs.

 

A paper titled Hello from the Other Side: SSH over Robust Cache Covert Channels in the Cloud (PDF) explains the challenges of extracting data from CPU cache, a very contested resource in which the OS, the hypervisor and applications all conduct frequent operations. All that activity makes a lot of noise, defying attempts to create a persistent communications channel.

 

Until now, as the researchers claim they've built “a high-throughput covert channel [that] can sustain transmission rates of more than 45 KBps on Amazon EC2”. They've even encrypted it: the technique establishes a TCP network within the cache and transmits data using SSH.

 

The results sound scarily impressive: a Black Hat Asia session detailing their work promised to peer into a host's cache and stream video from VM to VM.

 

The paper explains that this stuff is not entirely new, but has hitherto also not been entirely successful because it's been assumed that “error-correcting code can be directly applied, and the assumption that noise effectively eliminates covert channels.”

 

The authors knock both of those arguments over, the first by figuring out a way to handle errors and the second with a method of scheduling communication between two VMs...

 

 

 

Read the Full Article: https://www.theregister.co.uk/2017/03/31/researchers_steal_data_from_shared_cache_of_two_cloud_vms/


“The security industry in that case becomes bullshit, because people believe in those products and use them in their corporate environments without understanding that those products are just following others,”  - Boris Sharov

 

DrWeb Gallery for your Avatars: Click

My Telegram ID: @MrlPr

 

Best Regards,

Parham


#29 Mr.Pr

Mr.Pr

    Member

  • Posters
  • 251 Сообщений:

Отправлено 02 Апрель 2017 - 18:43

How to leak data from an air-gapped PC – using, er, a humble scanner

 

 

Cybercriminals managed to infect a PC in the design department of Contoso Ltd through a cleverly crafted spear-phishing campaign. Now they need a way to communicate with the compromised machine in secret.

 

Unfortunately, they know Contoso's impenetrable network defenses will detect commands sent to their malware.

 

To avoid detection, they have to send data through a channel not monitored by the company's IT security system, the Hyper IronGuard WallShield 2300, with its "military-grade" two-ply data leakage protection technology.

 

They consider several potential covert transmission techniques – inaudible sound, modulated light, even thermal manipulation of hardware – but none of these appear to be practical given their budgetary limitations and modest intellects.

 

Then one member of the three-person group recalls hearing about a security paper, "Oops!...I think I scanned a malware" [PDF], published earlier in March by researchers from two Israeli universities, Ben-Gurion University of the Negev and...

 

 

Read the Full Article: https://www.theregister.co.uk/2017/03/30/scanners_as_covert_command_control_conduit/


“The security industry in that case becomes bullshit, because people believe in those products and use them in their corporate environments without understanding that those products are just following others,”  - Boris Sharov

 

DrWeb Gallery for your Avatars: Click

My Telegram ID: @MrlPr

 

Best Regards,

Parham


#30 Mr.Pr

Mr.Pr

    Member

  • Posters
  • 251 Сообщений:

Отправлено 02 Апрель 2017 - 18:45

One-Third of All Malware Goes Undetected by AV

 

In the fourth quarter of 2016, about 30% of all malware was classified in new research as “zero day,” as in, it was not caught by legacy antivirus solutions.

 

WatchGuard Technologies’ inaugural Quarterly Internet Security Report postulates that the finding indicates that cybercriminals’ capability to automatically repack or morph their malware has outpaced the AV industry’s ability to keep up with new signatures.

 

The study also uncovered a theme of old threats becoming new again. First, the results show that macro-based malware is still very prevalent. Despite being an old trick, many spear-phishing attempts still include documents with malicious macros, and attackers have adapted their tricks to include Microsoft’s new document format. Second, attackers still use malicious web shells to hijack web servers. PHP shells are alive and well, as nation-state attackers have been evolving this old attack technique with new obfuscation methods.

 

JavaScript is a popular malware delivery and obfuscation mechanism. The results indicate a rise in malicious JavaScript in the fourth quarter, both in email and over the web.

 

The report meanwhile found that most network attacks target web services and browsers. In fact, 73% of the top attacks target web browsers in drive-by download attacks.

 

 Interestingly, the top network attack, Wscript.shell Remote Code Execution, almost entirely affected Germany alone. Breaking it down country by country, that attack targeted Germany 99% of the time...

 

 

Read the Full Article: https://www.infosecurity-magazine.com/news/onethird-of-all-malware-undetected/


Сообщение было изменено Mr.Pr: 02 Апрель 2017 - 18:47

“The security industry in that case becomes bullshit, because people believe in those products and use them in their corporate environments without understanding that those products are just following others,”  - Boris Sharov

 

DrWeb Gallery for your Avatars: Click

My Telegram ID: @MrlPr

 

Best Regards,

Parham


#31 Mr.Pr

Mr.Pr

    Member

  • Posters
  • 251 Сообщений:

Отправлено 02 Апрель 2017 - 18:49

WONTFIX: No patch for Windows Server 2003 IIS critical bug – Microsoft

 

 

Microsoft will not patch a critical security hole recently found and exploited in IIS 6 on Windows Server 2003 R2 – the operating system it stopped supporting roughly two years ago.

 

The buffer overflow bug can be exploited to inject malicious code into a vulnerable machine and execute it, allowing an attacker to gain control of the computer. It requires WebDAV to be enabled. If you have such a machine exposed to or reachable from the internet, and you get hacked, maybe you deserve it.

 

On Monday, details of the vulnerability and proof-of-concept exploit code were published on GitHub: the code is attributed to "Zhiniang Peng and Chen Wu. Information Security Lab & School of Computer Science & Engineering, South China University of Technology Guangzhou, China.

 

"Apparently, the "buffer overflow in the ScStoragePathFromUrl function in the WebDAV service" was "exploited in the wild in July or August 2016."

Shodan.io – a search engine for internet-facing devices – has found hundreds of thousands of servers still using IIS 6.0, and about 20,000 machines using Windows Server 2003. Not all of them will be exploitable. In any case, Microsoft has indicated it won't fix the bug.

 

"This issue does not affect currently supported versions," a spokesperson told The Reg. "We continue to recommend that customers upgrade to our latest operating systems and benefit from robust, modern protection."

 

The vulnerability in the IIS WebDAV component allows an attacker to run code remotely...

 

 

Read the Full Article: https://www.theregister.co.uk/2017/03/31/microsoft_wont_patch_server_2003/


“The security industry in that case becomes bullshit, because people believe in those products and use them in their corporate environments without understanding that those products are just following others,”  - Boris Sharov

 

DrWeb Gallery for your Avatars: Click

My Telegram ID: @MrlPr

 

Best Regards,

Parham


#32 Mr.Pr

Mr.Pr

    Member

  • Posters
  • 251 Сообщений:

Отправлено 02 Апрель 2017 - 18:50

New Malware Lets Attackers Encrypt 'Hand-Picked' Systems & Files

 

 

A new type of ransomware dubbed WYSIWYE (What You See Is What You Encrypt) has been detected by researchers at PandaLabs.

 

As explained in a post on the firm’s website, the standard ransomware technique cyber-crooks employ is to gain access to a computer and then imply execute the corresponding malware automatically to start encryption and ultimately display the ransom message.

 

However, in an analysis of a recent intrusion, PandaLabs discovered a more personalized type of malware generator which allows attackers “the chance to customize the malware using a user-friendly interface prior to launching it. Making it even easier for those with little technical knowledge to target companies.

 

”With this customized attack, PandaLabs adds, it’s possible to hand-pick the network computers whose information the attacker would like to encrypt, choose files, self-delete upon completing the encryption, enter stealth mode, etc.“

 

Usually ransomware has its own configuration, it only has to be executed and it will work in the same way everywhere,” Luis Corrons, PandaLabs technical director, Panda Security, told Infosecurity. “This one is designed for more custom attacks, mainly in corporate networks. In all cases we have studied (talking about this particular attack) attackers are gaining access to the different corporate networks after a brute-force attack against the remote desktop connection. Then they manually drop the ransomware, run it and can configure it in different ways depending on each victim, carefully picking what they want to encrypt.”

 

According to Corrons, this shows how cyber-criminals are evolving and changing...

 

 

Read the Full Article: https://www.infosecurity-magazine.com/news/new-malware-lets-attackers-hand/


“The security industry in that case becomes bullshit, because people believe in those products and use them in their corporate environments without understanding that those products are just following others,”  - Boris Sharov

 

DrWeb Gallery for your Avatars: Click

My Telegram ID: @MrlPr

 

Best Regards,

Parham



Читают тему: 1

0 пользователей, 1 гостей, 0 скрытых