(credit: Quinn Dombrowski)

A provider of end-to-end encrypted e-mail said it paid a ransom of almost $6,000 to stop highly advanced denial-of-service attacks that knocked its networks, and the networks of some of its upstream providers, offline.

In a blog post published Thursday, officials of Switzerland-based ProtonMail said they "grudgingly agreed" to pay 15 bitcoins, which at current valuations came to about $5,850, to the attackers in exchange for them halting the assault. Even after paying the sum, however, crippling attacks continued, although at the time the blog post was being written, they had subsided. The ransom payment is generating protest from critics who say it will only encourage more attacks. ProtonMail officials wrote:

We hoped that by paying, we could spare the other companies impacted by the attack against us, but the attacks continued nevertheless. Attacks against infrastructure continued throughout the evening and in order to keep other customers online, our ISP was forced to stop announcing our IP range, effectively taking us offline. The attack disrupted traffic across the ISP’s entire network and got so serious that the criminals who extorted us previously even found it necessary to write us to deny responsibility for the second attack.

The campaign began shortly after midnight on Tuesday, when ProtonMail received an extortion e-mail from a group of criminals said to be responsible for a string of DDoS attacks across Switzerland over the past few weeks. The message was soon followed by a distributed denial-of-service attack that lasted for about 15 minutes. The attack resumed at 11 a.m. the same day and was already showing "an unprecedented level of sophistication." By 2 p.m., the flood of junk traffic reached volumes of 100 gigabits per second and began targeting ProtonMail's datacenter and upstream providers, including routers in Zurich, Frankfurt, and other locations where the ISP has nodes.

Read 3 remaining paragraphs | Comments


Enlarge (credit: HotforSecurity/Bitdefender)

Ransomware that uses strong cryptography to hold entire hard drives' worth of data hostage keeps getting nastier, as criminals attempt to find new ways to extort more people into paying increasingly hefty ransoms to recover their files.

A case in point is Chimera, a relative newcomer to the crypto ransom racket that targets primarily businesses. In an attempt to turn up the pressure on infected victims, the malware threatens to publish their pictures and other personal data somewhere on the Internet unless a ransom of $638 in bitcoins is paid. There's no evidence yet that the new cryptoware title has made good on the threat to post victims' private data online, but it's a likely bet the prospect is enough to convince some undecided victims to go ahead and pay the fee.

(credit: Botfrei Blog)

The threat, according to a blog post published Tuesday, comes only after the cryptoware has encrypted data stored not only on local hard drives but also those on network drives. To add drama to the attack, all file extensions are changed to .crypt. Chimera is also programmed to target specific employees within an infected company, presumably to make sure the ransom demand doesn't get missed.

Read 7 remaining paragraphs | Comments

The National Institute of Standards and Technology (NIST) has published a guide to deploying automated application whitelisting to help thwart malicious software from gaining access to organizations computer systems. Guide to Application ...

Posted by InfoSec News on Nov 05


Defense One
NOVEMBER 3, 2015

The threat of a massive cyber attack on civilian infrastructure, leading
to loss of life and perhaps billions in damages, has kept lawmakers on
edge since before former Defense Secretary Leon Panetta warned of it back
in 2012 (or the fourth Die Hard movie in 2007). Many...
SEC Consult SA-20151105-0 :: Insecure default configuration in Ubiquiti Networks products

Posted by InfoSec News on Nov 05


By John Leonard
05 Nov 2015

ProtonMail, the Geneva-based encrypted email service that was developed by
CERN scientists, was taken off line on Tuesday November 3rd by what the
company describes as an "extrememly powerful DDoS attack".

At time of writing the service was still offline.

Writing in a blog, CEO Andy Yen...
[security bulletin] HPSBGN03519 rev.1 - HP Project and Portfolio Management Center, Remote Disclosure of Information
[SECURITY] [DSA 3393-1] iceweasel security update
Cisco Security Advisory: Cisco Web Security Appliance Certificate Generation Command Injection Vulnerability

Posted by InfoSec News on Nov 05


By Rob Price
Business Insider
November 4, 2015

Facebook's head of security, Alex Stamos, has a seriously high-pressure
job: Keeping 1.5 billion Facebook users safe and secure every day.

The American software engineer works at Facebook’s global head of
security, where he is ultimately responsible for protecting its billions

Posted by InfoSec News on Nov 05


November 5, 2015

Iranian regime hackers have reportedly been targeting US officials
involved in formulating American policy toward Tehran.

The cyber warfare unit of the Iranian Revolutionary Guard Corps, an
Iranian military force separate from the main and close to the regime’s
supreme leader, Ayatollah Ali Khamenei, has engaged in a...

Posted by InfoSec News on Nov 05


By Patrick Malone
Center for Public Integrity

The Pentagon was tipped off in 2011 by a longtime Army contractor that
Russian computer programmers were helping to write computer software for
sensitive U.S. military communications systems, setting in motion a
four-year federal investigation that ended this week with a

Posted by InfoSec News on Nov 05


By Shawn Donnan in Washington
November 4, 2015

Pacific Rim countries will be required to criminalise hacking attacks on
companies under a new regional trade pact that shows Washington’s
determination to clamp down on Chinese cyber theft and ban new forms of
digital protectionism.

The US, Japan and 10 other economies concluded five years of negotiations

Posted by InfoSec News on Nov 05


By Michael Inman
November 5, 2015

A former junior Defence bureaucrat has been jailed for uploading secret
information online.

But Australia's former army chief, Peter Leahy, says Michael Scerba should
have been locked up for longer his "self-indulgent and selfish"...
Cisco Security Advisory: Cisco Email Security Appliance Email Scanner Denial of Service Vulnerability
Cisco Security Advisory: Cisco Email Security Appliance Anti-Spam Scanner Bypass Vulnerability
Cisco Security Advisory: Cisco Mobility Services Engine Privilege Escalation Vulnerability
Cisco Security Advisory: Cisco Mobility Services Engine Static Credential Vulnerability
Internet Storm Center Infocon Status