(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

JPMorgan Chase was one of at least five US banks hit by a sophisticated attack against its networks that netted the attacker large volumes of bank account data—for an unknown purpose. (credit: Joe Mabel)

On Tuesday federal prosecutors unsealed charges against three men, revealing details of a sprawling criminal enterprise that involved hacking some of the US' biggest financial institutions as well as the theft of personal information pertaining to 100 million customers. With that information, the men allegedly made off with hundreds of millions of dollars.

Although the indictment does not name the hacked financial institutions directly, Reuters reports that JP Morgan Chase, ETrade, and News Corp. (which owns The Wall Street Journal) have confirmed that they were party to the crimes described by the indictment.

The newly unsealed charges (PDF) accuse Gery Shalon, a 31-year-old Israeli, of masterminding the hacks that resulted in the loss of personal information pertaining to some 100 million customers of US financial institutions and accuse Joshua Aaron, a 31-year-old American, of acting as a co-conspirator in the hacking operation. Ziv Orenstein, a 40-year-old Israeli, allegedly operated illegal casinos and payment processors with Shalon and controlled shell companies for Shalon. Both Shalon and Orenstein were arrested in July; Aaron remains at large.

Read 14 remaining paragraphs | Comments


Enlarge (credit: www.govcert.admin.ch/)

ProtonMail, the encrypted e-mail provider that buckled under crippling denial-of-service attacks even after it paid a $6,000 ransom, said it has finally recovered from the massive assaults seven days after they began.

"It has now been one week since the first attack was launched against ProtonMail," officials wrote in a blog post published Tuesday. "Since then, we have been subject to the largest and most extensive cyberattack in Switzerland, with hundreds of other companies also hit as collateral damage. In addition to hitting ProtonMail, the attackers also took down the datacenter housing our servers and attacked several upstream ISPs, causing serious damage."

Tuesday's update still maintains that there were two waves of attacks carried out by two separate groups. The first attack, the post said, was executed by the Armada Collective, a group that performs distributed denial-of-service attacks on selected targets and then demands a ransom of thousands of dollars to get the assaults to stop. As Ars reported last week, ProtonMail was roundly criticized by many security professionals for paying the group $6,000 in bitcoins, only to come under a much more powerful attack in the following days.

Read 6 remaining paragraphs | Comments


Overview of the November 2015 Microsoft patches and their status.

penType Fonts
CVE-2015-6014,CVE-2015-6109,">MS15-116Net Framework
CVE-2015-6096,CVE-2015-6099,">Critical: Anything that needs little to become interesting">Less Urt practices for servers such as not using outlook, MSIE, word etc. to do traditional office or leisure work.
  • The rating is not a risk analysis as such. It is a rating of importance of the vulnerability and the perceived or even predicted threatatches.
  • ---
    Johannes B. Ullrich, Ph.D.

    (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
    [SECURITY] [DSA 3396-1] linux security update
    [SECURITY] [DSA 3386-2] unzip regression update
    Internet Storm Center Infocon Status
    # Affected Contra Indications - KB Known Exploits Microsoft rating(**) ISC rating(*)
    clients servers
    MS15-112 Cumulative Security Update for Internet Explorer (Replaces MS15-106 )
    Internet Explorer
    CVE-2015-2427, CVE-2015-6064, CVE-2015-6065, CVE-2015-6066, CVE-2015-6067,
    CVE-2015-6068, CVE-2015-6069, CVE-2015-6070, CVE-2015-6071, CVE-2015-6072,
    CVE-2015-6073, CVE-2015-6074, CVE-2015-6075, CVE-2015-6076, CVE-2015-6077,
    CVE-2015-6078, CVE-2015-6079, CVE-2015-6080, CVE-2015-6081, CVE-2015-6082,
    CVE-2015-6084, CVE-2015-6085, CVE-2015-6086, CVE-2015-6087, CVE-2015-6088,
    KB 3104517 no. Severity:Critical
    Exploitability: 1 and higher
    Critical Critical
    MS15-113 Cumulative Security Update for Microsoft Edge (Replaces MS15-107 )
    Microsoft Edge
    Remote Code Execution Vulnerability in OpenType (Replaces MS15-097 MS15-111 MS15-073 )
    Remote Code Execution Vulnerabilties in Microsoft Office (Replaces MS15-046 MS15-110 MS12-066 MS14-048 MS14-020 MS13-035 MS15-081 MS15-022 )
    Office, Office Services and Web Apps, Skype, Lync
    Elevation of Privilege Vulnerabilities in .Net Framework (Replaces MS14-057 MS11-100 MS14-009 )