Information Security News
Underscoring the insecurity of many online dating, job, and e-mail services, security researchers said that they have tracked almost 360 million compromised login credentials for sale in underground crime forums over the past three weeks.
The haul, which included an additional 1.25 billion records containing only e-mail addresses, came from multiple breaches, according to a statement posted Tuesday by Hold Security. The biggest single list contained 105 million details, making it among the bigger online finds, the firm told Reuters. The cache included e-mail addresses that most likely served as user names and corresponding passwords. It remains unclear what service the account credentials unlock.
Hold Security is the same firm that in October discovered the circulation of 153 million user names and passwords stolen during a massive breach of Adobe's corporate network. A month later, the security firm uncovered 42 million plaintext passwords taken during a hack on niche dating service Cupid Media.
Brett, who alerted us earlier this month regarding the mass exploit against Linksys devices has surfaced a current issue he's facing with ongoing NTP amplification attacks. A good US-CERT summary of the attack is here: https://www.us-cert.gov/ncas/alerts/TA14-013A. Brett indicates that:
"We are seeing massive attacks on our NTP servers, attempting to exploit the traffic amplification vulnerability reported last month. Our IPs are being probed by an address in the Netherlands, and a couple of them -- at which unpatched servers were discovered -- are being hit with about 3 million spoofed packets per hour. (We've since patched and firewalled the vulnerable servers, but the packets keep coming.) The spoofed packets are crafted so that they appear to be originating mostly from port 53 and 80, but occasionally have other port numbers such as 3074 (XBox) and 6667 (IRC). This is a very serious attack for us, and I'd appreciate some help in alerting folks to it."
He also sent along a 8 second packet capture that I've visualized as seen below.
According to Brett, folks receiving similar traffic will see numerous "monitor" queries from spoofed source addresses and ports. His ISP is receiving roughly 3 million of these packets every hour, aimed at 3 IP addresses that belonged to FreeBSD servers that were vulnerable in their default configurations, servers that have now been patched and firewalled. He reminds us that even when The FreeBSD Project's patch has been applied, a vulnerable server will continue to respond to the queries with an equal number of rejection packets. While the patch eliminates the traffic amplification, the traffic is still echoed and its origin is further obscured.
Brett's ISP is are also seeing probes of their IPs looking for additional vulnerable servers originating from IP address 184.108.40.206 (NL), "which may be a server controlled by the person(s) behind the attack. The probes stand out because they are reported by tcpdump as being NTPv2, while most of the other traffic is NTPv3 or NTPv4. Level3 was apparently having congestion problems yesterday and today, and this may be why."
If readers are seeing similar traffic, please provide details in comments here.
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
PerspecSys Wins First Annual Cyber Defense Magazine InfoSec Technologies ...
Consumer Electronics Net
MCLEAN, VA and SAN FRANCISCO, CA -- (Marketwired) -- 02/24/14 -- RSA Conference -- PerspecSys Inc., the leader in enterprise cloud data protection, today announced it has been selected by Cyber Defense Magazine as a 2014 winner in its InfoSec ...
PacketSled CEO to Present at AGC's 10th Annual West Coast InfoSec and ...
IT Business Net
SAN FRANCISCO, Feb. 24, 2014 /PRNewswire/ -- PacketSled, the leading innovator in real-time Security Intelligence and Analytics for advanced targeted attacks, will be presenting at America's Growth Capital (AGC) Tenth Annual West Coast InfoSec and ...
InfoStretch Is Being Featured at the AGC Partners' Tenth Annual West Coast ...
Skyera CEO Presents at AGC Partners' 10th Annual West Coast Information ...
Posted by InfoSec News on Feb 26http://www.zdnet.com/apple-releases-os-x-10-9-2-update-patches-severe-ssl-bug-7000026765/
Posted by InfoSec News on Feb 26http://dailycaller.com/2014/02/25/first-contagious-wifi-computer-virus-goes-airborne-spreads-like-the-common-cold/
Posted by InfoSec News on Feb 26http://www.reuters.com/article/2014/02/25/us-cybercrime-databreach-idUSBREA1O20S20140225
Posted by InfoSec News on Feb 26http://news.techworld.com/security/3503842/marussia-formula-1-teams-race-testing-disrupted-by-trojan-malware/