π΄ Stealthy New DDoS Attacks Target Internet Service Providers π΄
π Read
via "Dark Reading: ".
Adversaries took advantage of the large attack surface of large communications networks to spread small volumes of junk traffic across hundreds of IP prefixes in Q3 2018, Nexusguard says.π Read
via "Dark Reading: ".
Darkreading
Stealthy New DDoS Attacks Target Internet Service Providers
Adversaries took advantage of the large attack surface of large communications networks to spread small volumes of junk traffic across hundreds of IP prefixes in Q3 2018, Nexusguard says.
<b>⌨ Bomb Threat, Sextortion Spammers Abused Weakness at GoDaddy.com ⌨</b>
<code>Two of the most disruptive and widely-received spam email campaigns over the past few months β including an ongoing sextortion email scam and a bomb threat hoax that shut down dozens of schools, businesses and government buildings late last year β were made possible thanks to an authentication weakness at GoDaddy.com, the worldβs largest domain name registrar, KrebsOnSecurity has learned.</code><code>Perhaps more worryingly, experts warn this same weakness that let spammers hijack domains registered through GoDaddy also affects a great many other major Internet service providers, and is actively being abused to launch phishing and malware attacks which leverage dormant Web site names currently owned and controlled by some of the worldβs most trusted corporate names and brands.</code><code>Media</code><code>In July 2018, email users around the world began complaining of receiving spam which began with a password the recipient used at some point in the past and threatened to release embarrassing videos of the recipient unless a bitcoin ransom was paid. On December 13, 2018, a similarly large spam campaign was blasted out, threatening that someone had planted bombs within the recipientβs building that would be detonated unless a hefty bitcoin ransom was paid by the end of the business day.</code><code>Experts at Cisco Talos and other security firms quickly drew parallels between the two mass spam campaigns, pointing to a significant overlap in Russia-based Internet addresses used to send the junk emails. Yet one aspect of these seemingly related campaigns that has been largely overlooked is the degree to which each achieved an unusually high rate of delivery to recipients.</code><code>Large-scale spam campaigns often are conducted using newly-registered or hacked email addresses, and/or throwaway domains. The trouble is, spam sent from these assets is trivial to block because anti-spam and security systems tend to discard or mark as spam any messages that appear to come from addresses which have no known history or reputation attached to them.</code><code>However, in both the sextortion and bomb threat spam campaigns, the vast majority of the email was being sent through Web site names that had already existed for some time, and indeed even had a trusted reputation. Not only that, new research shows many of these domains were registered long ago and are still owned by dozens of Fortune 500 and Fortune 1000 companies. </code><code>Thatβs according to Ron Guilmette, a dogged anti-spam researcher who has made a living suing spammers and helping law enforcement officials apprehend online scammers. Researching the history and reputation of more than 5,000 Web site names used in each of the extortionist spam campaigns, Guilmette made a startling discovery: Virtually all of them had at one time been registered via GoDaddy.com, a Scottsdale, Ariz. based domain name registrar and hosting provider.</code><code>Guilmette told KrebsOnSecurity he initially considered the possibility that GoDaddy had been hacked, or that thousands of the registrarβs customers perhaps had their GoDaddy usernames and passwords stolen.</code><code>But as he began digging deeper, Guilmette came to the conclusion that the spammers were exploiting an obscure β albeit widespread β weakness among hosting companies, cloud providers and domain registrars that was first publicly detailed in 2016.</code><code>EARLY WARNING SIGNS</code><code>In August 2016, security researcher Matthew Bryant wrote about spammers hijacking some 20,000 established domain names to blast out junk email. A few months later, Bryant documented the same technique being used to take over more than 120,000 trusted domains for spam campaigns. And Guilmette says he now believes the attack method detailed by Bryant also explains whatβs going on in the more recent sextortion and bomb threat spams.</code><code>Graspingβ¦
<code>Two of the most disruptive and widely-received spam email campaigns over the past few months β including an ongoing sextortion email scam and a bomb threat hoax that shut down dozens of schools, businesses and government buildings late last year β were made possible thanks to an authentication weakness at GoDaddy.com, the worldβs largest domain name registrar, KrebsOnSecurity has learned.</code><code>Perhaps more worryingly, experts warn this same weakness that let spammers hijack domains registered through GoDaddy also affects a great many other major Internet service providers, and is actively being abused to launch phishing and malware attacks which leverage dormant Web site names currently owned and controlled by some of the worldβs most trusted corporate names and brands.</code><code>Media</code><code>In July 2018, email users around the world began complaining of receiving spam which began with a password the recipient used at some point in the past and threatened to release embarrassing videos of the recipient unless a bitcoin ransom was paid. On December 13, 2018, a similarly large spam campaign was blasted out, threatening that someone had planted bombs within the recipientβs building that would be detonated unless a hefty bitcoin ransom was paid by the end of the business day.</code><code>Experts at Cisco Talos and other security firms quickly drew parallels between the two mass spam campaigns, pointing to a significant overlap in Russia-based Internet addresses used to send the junk emails. Yet one aspect of these seemingly related campaigns that has been largely overlooked is the degree to which each achieved an unusually high rate of delivery to recipients.</code><code>Large-scale spam campaigns often are conducted using newly-registered or hacked email addresses, and/or throwaway domains. The trouble is, spam sent from these assets is trivial to block because anti-spam and security systems tend to discard or mark as spam any messages that appear to come from addresses which have no known history or reputation attached to them.</code><code>However, in both the sextortion and bomb threat spam campaigns, the vast majority of the email was being sent through Web site names that had already existed for some time, and indeed even had a trusted reputation. Not only that, new research shows many of these domains were registered long ago and are still owned by dozens of Fortune 500 and Fortune 1000 companies. </code><code>Thatβs according to Ron Guilmette, a dogged anti-spam researcher who has made a living suing spammers and helping law enforcement officials apprehend online scammers. Researching the history and reputation of more than 5,000 Web site names used in each of the extortionist spam campaigns, Guilmette made a startling discovery: Virtually all of them had at one time been registered via GoDaddy.com, a Scottsdale, Ariz. based domain name registrar and hosting provider.</code><code>Guilmette told KrebsOnSecurity he initially considered the possibility that GoDaddy had been hacked, or that thousands of the registrarβs customers perhaps had their GoDaddy usernames and passwords stolen.</code><code>But as he began digging deeper, Guilmette came to the conclusion that the spammers were exploiting an obscure β albeit widespread β weakness among hosting companies, cloud providers and domain registrars that was first publicly detailed in 2016.</code><code>EARLY WARNING SIGNS</code><code>In August 2016, security researcher Matthew Bryant wrote about spammers hijacking some 20,000 established domain names to blast out junk email. A few months later, Bryant documented the same technique being used to take over more than 120,000 trusted domains for spam campaigns. And Guilmette says he now believes the attack method detailed by Bryant also explains whatβs going on in the more recent sextortion and bomb threat spams.</code><code>Graspingβ¦
β Hijacked Nest cam broadcasts bogus warning about incoming missiles β
π Read
via "Naked Security".
A hacked Nest camera broadcast the fake warning about incoming North Korean missiles, sending a family into βfive minutes of sheer terror.βπ Read
via "Naked Security".
Naked Security
Hijacked Nest cam broadcasts bogus warning about incoming missiles
A hacked Nest camera broadcast the fake warning about incoming North Korean missiles, sending a family into βfive minutes of sheer terror.β
β Google fined $57m for data protection violations β
π Read
via "Naked Security".
In a landmark ruling, Franceβs data protection commissioner has fined Google 50 million Euros (around $57m) for violating Europeβs privacy laws.π Read
via "Naked Security".
Naked Security
Google fined $57m for data protection violations
In a landmark ruling, Franceβs data protection commissioner has fined Google 50 million Euros (around $57m) for violating Europeβs privacy laws.
β RogueRobin Malware Uses Google Drive as C2 Channel β
π Read
via "Threatpost | The first stop for security news".
The RogueRobin uses a mix of novel techniques.π Read
via "Threatpost | The first stop for security news".
Threat Post
RogueRobin Malware Uses Google Drive as C2 Channel
The RogueRobin uses a mix of novel techniques.
β Microsoft Windows RCE Flaw Gets Temporary Micropatch β
π Read
via "Threatpost | The first stop for security news".
0patch released the fix for the remote code execution vulnerability in Windows, which has a CVSS score of 7.8.π Read
via "Threatpost | The first stop for security news".
Threat Post
Microsoft Windows RCE Flaw Gets Temporary Micropatch
0patch released the fix for the remote code execution vulnerability in Windows, which has a CVSS score of 7.8.
β PewDiePie-spammers and whale-flingers exploit hole in Atlas game β
π Read
via "Naked Security".
Last week hackers allegedly compromised an adminβs Steam account and used it to spawn planes, tanks, and whales in Atlas.π Read
via "Naked Security".
Naked Security
PewDiePie-spammers and whale-flingers exploit hole in Atlas game
Last week hackers allegedly compromised an adminβs Steam account and used it to spawn planes, tanks, and whales in Atlas.
β 100 million online bets exposed by leaky database β
π Read
via "Naked Security".
Online gamblers lose their private data as yet another unsecured Elasticsearch database is discovered.π Read
via "Naked Security".
Naked Security
100 million online bets exposed by leaky database
Online gamblers lose their private data as yet another unsecured Elasticsearch database is discovered.
β Ep. 016 β Email fraud, Android apps, Collection #1 and the 10 year challenge [PODCAST] β
π Read
via "Naked Security".
Here's the latest Naked Security podcast. Enjoy!π Read
via "Naked Security".
Naked Security
Ep. 016 β Email fraud, Android apps, Collection #1 and the 10 year challenge [PODCAST]
Hereβs the latest Naked Security podcast. Enjoy!
π Trojan malware is back and it's the biggest hacking threat to your business π
π Read
via "Security on TechRepublic".
Old school but effective, hackers are shifting aware from in-your-face ransomware to attacks that are much more subtle.π Read
via "Security on TechRepublic".
TechRepublic
Trojan malware is back and it's the biggest hacking threat to your business
Old school but effective, hackers are shifting aware from in-your-face ransomware to attacks that are much more subtle.
π΄ Discover New Tools for Network Testing & Defense at Black Hat Asia π΄
π Read
via "Dark Reading: ".
Find yourself some of the latest and most exciting cybersecurity tools at the Arsenal, where you can meet and chat with their creators.π Read
via "Dark Reading: ".
Dark Reading
Discover New Tools for Network Testing & Defense at Black Hat Asia
Find yourself some of the latest and most exciting cybersecurity tools at the Arsenal, where you can meet and chat with their creators.
π΄ Enterprise Malware Detections Up 79% as Attackers Refocus π΄
π Read
via "Dark Reading: ".
A new report on the state of malware shows a spike in B2B malware, with former banking Trojans Emotet and TrickBot topping the list.π Read
via "Dark Reading: ".
Darkreading
Enterprise Malware Detections Up 79% as Attackers Refocus
A new report on the state of malware shows a spike in B2B malware, with former banking Trojans Emotet and TrickBot topping the list.
π Hackers impersonate these 10 brands the most in phishing attacks π
π Read
via "Security on TechRepublic".
Phishers often spoof major tech brands in their efforts to gain payments from individuals and businesses, according to a Vade Secure report.π Read
via "Security on TechRepublic".
TechRepublic
Hackers impersonate these 10 brands the most in phishing attacks
Phishers often spoof major tech brands in their efforts to gain payments from individuals and businesses, according to a Vade Secure report.
β U.S. Gov Issues Urgent Warning of DNS Hijacking Attacks β
π Read
via "Threatpost | The first stop for security news".
An emergency directive from the Department of Homeland Security provides "required actions" for U.S. government agencies to prevent widespread DNS hijacking attacks.π Read
via "Threatpost | The first stop for security news".
Threat Post
U.S. Gov Issues Urgent Warning of DNS Hijacking Attacks
An emergency directive from the Department of Homeland Security provides "required actions" for U.S. government agencies to prevent widespread DNS hijacking attacks.
π How to authenticate a Linux client with LDAP server π
π Read
via "Security on TechRepublic".
If you've ever wanted to authenticate a Linux desktop to an OpenLDAP server, here's how it's done.π Read
via "Security on TechRepublic".
TechRepublic
How to authenticate a Linux client with LDAP server
If you've ever wanted to authenticate a Linux desktop to an OpenLDAP server, here's how it's done.
π How to authenticate a Linux client with LDAP server π
π Read
via "Security on TechRepublic".
With OpenLDAP, you can manage users on a centralized directory server and then configure each desktop to authenticate to that server.π Read
via "Security on TechRepublic".
TechRepublic
How to authenticate a Linux client with LDAP server
With OpenLDAP, you can manage users on a centralized directory server and then configure each desktop to authenticate to that server.
π΄ Think Twice Before Paying a Ransom π΄
π Read
via "Dark Reading: ".
Why stockpiling cryptocurrency or paying cybercriminals is not the best response.π Read
via "Dark Reading: ".
Darkreading
Think Twice Before Paying a Ransom
Why stockpiling cryptocurrency or paying cybercriminals is not the best response.
π΄ Cybercriminals Home in on Ultra-High Net Worth Individuals π΄
π Read
via "Dark Reading: ".
Research shows that better corporate security has resulted in some hackers shifting their sights to the estates and businesses of wealthy families.π Read
via "Dark Reading: ".
Darkreading
Cybercriminals Home in on Ultra-High Net Worth Individuals
Research shows that better corporate security has resulted in some hackers shifting their sights to the estates and businesses of wealthy families.
π Security is the no. 1 IT barrier to cloud and SaaS adoption π
π Read
via "Security on TechRepublic".
More than 70% of tech professionals said security spending has increased in the past year, according to a Ping Identity report.π Read
via "Security on TechRepublic".
TechRepublic
Security is the no. 1 IT barrier to cloud and SaaS adoption
More than 70% of tech professionals said security spending has increased in the past year, according to a Ping Identity report.
β βChaosβ iPhone X Attack Alleges Remote Jailbreak β
π Read
via "Threatpost | The first stop for security news".
The attack makes use of previously disclosed critical vulnerabilities in the Apple Safari web browser and iOS.π Read
via "Threatpost | The first stop for security news".
Threat Post
βChaosβ iPhone X Attack Alleges Remote Jailbreak
The attack makes use of previously disclosed critical vulnerabilities in the Apple Safari web browser and iOS.
π How to Lock a User Account After X Number of Incorrect Logins on Cent OS 7 π
π Read
via "Security on TechRepublic".
Jack Wallen shows you how to lock out users after failed login attempts in CentOS 7.π Read
via "Security on TechRepublic".