Information Security News
We are receiveing reports of an Azure outage. This is affecting Microsoft DNS, XBOX and other services. Thanks to Nick and Steve for reporting the outage. More information is available here:
The soaring value of bitcoins has prompted an update in CryptoLocker, the malware that encrypts the contents of victims' entire hard drives until they pay a ransom.
As Ars reported in September, Cryptolocker gives victims 72 hours to pay a ransom if they ever want to see their data again. (The trojan was later updated to allow laggards to retrieve their data for a higher price.) When CryptoLocker first emerged, the malware demanded two bitcoins. Based on the value of a single bitcoin at that time, that was in the neighborhood of $200 to $400, depending on the exchange rate and the day. Over the past month, the value of a bitcoin has risen sharply, from $100 to $150 in September to prices in excess of $700 this week, according to charts such as this one.
This spike hasn't been lost on the people behind CryptoLocker. According to researchers at F-Secure, a new version of the ransomware is demanding 0.5 bitcoin.
A second blogger has published evidence that his LG-manufactured smart television is sharing sensitive user data with the Korea-based company in a post that offers support for the theory that the snooping isn't isolated behavior that affects a small number of sets.
In addition to transmitting a list of shows being watched and the names of files contained on USB drives, the Internet-connected TV also sent the names of files shared on home or office networks, the blogger reported. He made the discovery after plugging the Wireshark packet-sniffing program into his home network and noticing that an LG TV—model number 42ls570, purchased in April—was transmitting file names that sounded vaguely familiar even though there was no USB drive plugged in.
"It turns out it was pulling filenames from my shared folders over the network and broadcasting those instead," he wrote in a blog post published Thursday. "I moved all the media out of the folder and put a few duds in named 'GiantPorn,' turned the TV off and on and it was still broadcasting the old filenames. The TV couldn't see those files whilst browsing manually so I'd hazard a guess it’s caching some of these locally."
Renesys is reporting two separate incidents where they observed traffic for 1500 IP blocks being diverted for extended periods of time. They observed the traffic redirection for more than 2 months over the last year. Does it seem unusual for internet traffic between Ashburn Virginia (18.104.22.168) and Washington DC (22.214.171.124) to go through Russia to Belarus? That is exactly what they observed. Once traffic flows through your routers there are countless opportunities to capture and modify the traffic with classic MiTM attacks. In my humble opinion we should put very little stock in the safety of SSL traffic as it flows through them. Attacks such as the SSL Crime attack, Oracle Padding attacks, Beast and others have shown SSL to be untrustworthy in circumstances such as this.
Advertising false BGP routes to affect the flow of traffic isn't new. You may remember when Pakistan "accidently" took down Youtube for a small portion of the internet when they attempted to blackhole the website within their country. (Maybe they knew the "twerking" fad was coming) But this is an excellent article that documents two cases where it has happened for extended periods of time.
Shameless self promotion:
Build a custom penetration testing backdoor that evades antivirus! Write your own SQL Injection, Password attack tools and more. Want to code your own tools in Python? Check out SEC573 Python for Penetration Testers. I am teaching it in Reston VA March 17th! Click HERE for more information.
Follow me on twitter? @MarkBaggett(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Posted by InfoSec News on Nov 21http://www.itbusiness.ca/news/management-is-one-of-biggest-roadblocks-to-it-security-study-says/44905
Posted by InfoSec News on Nov 21http://www.computerworld.com/s/article/9244201/GitHub_bans_weak_passwords_after_brute_force_attacks
Posted by InfoSec News on Nov 21http://www.nextgov.com/cybersecurity/2013/11/stuxnet-used-old-movie-trick-fool-irans-nuclear-program/74216/
Posted by InfoSec News on Nov 21http://www.forbes.com/sites/jasperhamill/2013/11/20/hackers-broke-into-syrias-secret-police-computers-and-found-porn/
Posted by InfoSec News on Nov 21Dear Hackers and Hackeranis,
Posted by InfoSec News on Nov 21http://arstechnica.com/security/2013/11/repeated-attacks-hijack-huge-chunks-of-internet-traffic-researchers-warn/
Posted by InfoSec News on Nov 21http://www.thisdaylive.com/articles/why-nigerian-banks-will-keep-losing-money-to-e-fraud/164810/?