Hackin9
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

Highlighting crucial weaknesses in Apple's and Google's processes for admitting new titles into their competing app stores, both companies have ejected a third-party Instagram app after discovering it probably pilfered user passwords and pictures.

InstaAgent, as the app was called, marketed itself as a program that tracked people who visited a user's Instagram account. It had between 100,000 and 500,000 downloads from Google's Play Store and was in the top charts of the iOS App Store. But behind the scenes, an app developer said earlier this week, the app sent users' Instagram login credentials to a server controlled by the InstaAgent developer. Google was the first to pull the app. Apple later followed.

According to a blog post published Thursday by the iOS developer:

Read 2 remaining paragraphs | Comments

 

Enlarge (credit: Ransomizer.com)

A number of sites have been hit by distributed denial-of-service attacks over the past week. Strong enough to knock some of them offline for days at a time, these DDoS attacks have been launched by extortionists demanding thousands of dollars in ransom money.

One of the latest sites to be targeted is FastMail. In a blog post published Wednesday, the Australian e-mail provider said it was hit by a wave of data assaults on Sunday that were soon followed by e-mails demanding a payment of 20 Bitcoins, worth about $6,600 at current exchange rates. Other services reporting similar shakedowns include Hushmail, Runbox, and VFEMail. As Ars reported last week, ProtonMail paid a $6,000 ransom only to be taken out by a new round of attacks. Zoho also reported a week-long struggle to beat back DDoS attackers but made no mention of receiving a ransom demand.

"The attackers have demanded a ransom, which we will not pay, and have promised an increase in the intensity of the attacks," Hushmail wrote in their advisory, which was published last Friday. "As such we expect that there will be continued attacks, which may result in further interruptions in service. We are continuing to improve our protection against these attacks, and have filed a criminal complaint with the relevant authorities."

Read 7 remaining paragraphs | Comments

 

(credit: Aurich Lawson / Thinkstock)

This post was originally published on the blog A Few Thoughts on Cryptographic Engineering. Matthew Green is a cryptographer and professor at Johns Hopkins University who has designed and analyzed cryptographic systems used in wireless networks, payment systems and digital content protection platforms.

On Wednesday, Motherboard posted a court document filed in a prosecution against a Silk Road 2.0 user indicating that the user had been de-anonymized on the Tor network thanks to research conducted by a "university-based research institute."

As Motherboard pointed out, the timing of this research lines up with an active attack on the Tor network that was discovered and publicized in July 2014. Moreover, the details of that attack were eerily similar to the abstract of a (withdrawn) BlackHat presentation submitted by two researchers at the CERT division of Carnegie Mellon University (CMU).

Read 10 remaining paragraphs | Comments

 

Lost in the hoopla around Microsoft and Adobe patch Tuesday was a critical patch released by Oracle which addressed CVE-2015-4852. CVE-2105-4852is a critical vulnerability in Apache Commons which affects Oracle WebLogic Server. This vulnerability permits remote exploitation without authentication and should be patchedas soon as practical.

More information can be found at the Oracle Blog.

-- Rick Wanner MSISE - rwanner at isc dot sans dot edu - http://namedeplume.blogspot.com/ - Twitter:namedeplume (Protected)

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

We have received a report that a domain critical in delivering the Cisco Cloud Web Security product had for a while earlier today been hijacked. The report indicates thatthe DNS entryies forscansafe.net were hijacked and pointed to 208.91.197.132, a site which both VirusTotal and Web of Trust indicate has a reputation for delivering malware.">Guidance that has been provided to customers is that the issue has been resolved but that the TTL on the DNS entries are 48 hours so it will take a while for caches to clear. In the meantime customers should should use the IP, not the FQDN to access the site.

If anyone has any further details please pass them our way.

-- Rick Wanner MSISE - rwanner at isc dot sans dot edu - http://namedeplume.blogspot.com/ - Twitter:namedeplume (Protected)

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

As a follow-up to the this months Microsoft Patch Tuesday. It appears that Microsoft has quietlyre-released the problematic KB3097877fix. The original was reportedly causing some versions ofOutlook to crash on systems and other Windows issueswith this patch applied.

Please let us know if you are still experiencing difficulties with the new version applied.

-- Rick Wanner MSISE - rwanner at isc dot sans dot edu - http://namedeplume.blogspot.com/ - Twitter:namedeplume (Protected)

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

The Register

German ATM displays bank's network config data to infosec bod
The Register
A chance finding by a German security researcher has revealed ATMs run by German Bank Sparkasse leaked potentially sensitive information during a software update. Benjamin Kunz-Mejri, chief exec and founder of Germany based security firm ...

 
Internet Storm Center Infocon Status