(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Enlarge (credit: Randomizer.com)

Security researchers have disrupted an online criminal operation they estimated drew $30 million per year pushing ransomware on unsuspecting people browsing the Internet.

The takedown was performed by investigators from Cisco Systems' Talos security unit, which was researching the Angler Exploit kit. The hack-by-numbers tool is sold in underground crime forums to people who don't want to go through the hassle of developing and testing exploits themselves. Angler is one of the most potent of the exploit kits available, with the ability to successfully infect an estimated 40 percent of the end users it targets using attack code that surreptitiously exploits vulnerabilities in browsers and browser plugins. In most cases, the security flaws have already been patched, but, in some cases, the kits exploit zero-day vulnerabilities for which there is no currently available fix.

The Talos researchers quickly noticed that a large percentage of infected end users were connecting to servers operated by service provider Limestone Networks. After getting the cooperation of Limestone and examining some of the servers responsible for carrying out the operation, the researchers found that the single operation was targeting as many as 90,000 end users per day. They estimated that if just three percent of targets paid the average ransom demand of $300, the operation would generate more than $30 million in 12 months. The estimate is consistent with log files retrieved from just one of the servers accessed by Talos researchers. It showed the operation generating more than $3 million.

Read 4 remaining paragraphs | Comments


The Trump resort in Waikiki is among a group of Trump properties that were infected with transaction-stealing malware for over a year. (credit: Simon_sees)

In an announcement on the chain's website, the Trump Hotel Collection informed its customers that their credit card data may have been stolen through malware installed on its payment systems. The malware apparently was active at a number of Trump hotels for over a year.

The breach, first reported by security reporter Brian Krebs in June, affected seven hotels and resorts in the chain, according to a Trump Hotel spokesperson. But the company's executives claim that they have found "no forensic evidence" that credit card data was actually stolen, despite the fact that several banks have claimed a pattern of fraudulent charges stemming from transactions at the hotels.

"Between May 19, 2014, and June 2, 2015, we believe that there may have been unauthorized malware access to some of the computers that host our front desk terminals and payment card terminals in our restaurants, gift shops and other point-of-sale purchase locations at some hotels managed by the Trump Hotel Collection," a company spokesperson wrote in a statement on the Trump Hotel website. "For those customers that used credit or debit cards to make purchases during this time, we believe that the malware may have affected payment card data including payment card account number, card expiration date and security code." At the Trump hotels in Las Vegas and Waikiki, the data may have also included customers' first and last names.

Read 5 remaining paragraphs | Comments

Authentication Bypass in Netgear Router Firmware N300_1.1.0.31_1.0.1.img and N300-
Email. The modern working world cannot exist without it, but hackers exploit this vital service to steal money and valuable information. The National Institute of Standards and Technology (NIST) is tackling this threat with two new ...

(credit: Showtime)

Admittedly, many of my colleagues at Ars—not to mention readers—have far more extensive knowledge of computer security than I do. But even I can recognize a ridiculous hacking scene when I see one.

And boy, Sunday night’s season opener of Homeland contained a doozy. If you’re not a Homeland fan, all you need to know for a basis is that this show is set within a fictional but modern-day CIA. (This particular season is set in Berlin.) Within the first four minutes of Season 5, Episode 1—before any recognizable characters show up on screen—two IT guys working for a Berlin-based porn site somehow manage to penetrate the CIA Berlin Station’s firewall and steal over 1,000 sensitive files. (Art imitating life, anyone?)

Here’s how Homeland depicts an epic CIA hack:

http://arstechnica.com/the-multiverse/2015/10/im-no-expert-but-holy-crap-the-hacking-on-homeland-was-bad/#p3">Read 5 remaining paragraphs | Comments

Advisory: web-based VM detection and coarse-grained fingerprinting
LanWhoIs.exe Stack Buffer Overflow

Johannes introduced yesterdaythe Cyber Security Awareness month. As security professionals, our job is to take care of our systems and networks but also our users!Instead of giving repetitive technical tips (do dont), why not try an alternative way to push messages to them via proverbs? Wikipedia define a proverb as ">, popularly known and repeated, that expresses a truth based on common sense or the practical experience of humanity. In this definition, the keywords are: simple, truth, common and experience. Lets review some proverbs which address security of end-users as well as">">In the kingdom of the blind, the one-eyed man is king Visibility is a key aspect of information security. You have to be aware and understand what is happeningin your environment. Due to the amount of information to process, tools exist (like a SIEM)but can bevery expensive. Even if you don">">Never put off to tomorrow what can be done today New vulnerabilities are discovered every day. Some may affect your assets. If its the case, apply a countermeasure as soon as possible. If available, install the patch provided by the manufacturer/developer. If it remains unpatched (or waiting for a newrelease), implement extra controls like access lists, monitoring. Don">">Clothes dont make the man ">">Never tell an enemy that your foot aches Protect your assets by not disclosing sensitive information in public forums or mailing lists. Some">">Little brooks make great rivers A suite of small incidents may lead to a bigger security breach. All issues must be properly addressed. A small incident can be a first step in the process of compromizing a system. Information security can be compared to airlines: Crashes are often">">Sow the wind and reap the whirlwind If you dont properly implement security controls, be prepared to the worst. Be honest and dont pretend to be bullet-proof">">Better late than never ">">An ounce of prevention is worth a pound of cure Do not follow the ">action reaction">">Practice makes perfect or ">Errare humanum est ">">Two heads are better than one Do not be afraid to ask for help! First, share your issues internally and discuss with your colleagues. If more help is needed, there are plenty of ways to discuss security online via forums, mailing lists or social networks.People will be glad to help you. Don">Dont put the cart before the horse Your security controls must be implemented in the right order. Do not implement highly-technical solutions (expensive and difficult to maintain) before applying basic security principles! Example: why deploy a WAF (">WebApplication Firewall">When the cats away, the mice will play ">In too much discourse, truth is lost ">Im sure they are plenty of other examples

Xavier Mertens
ISC Handler - Freelance Security Consultant

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Internet Storm Center Infocon Status