(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Researchers have encountered a denial-of-service botnet that's made up of more than 25,000 Internet-connected closed circuit TV devices.

The researchers with Security firm Sucuri came across the malicious network while defending a small brick-and-mortar jewelry shop against a distributed denial-of-service attack. The unnamed site was choking on an assault that delivered almost 35,000 HTTP requests per second, making it unreachable to legitimate users. When Sucuri used a network addressing and routing system known as Anycast to neutralize the attack, the assailants increased the number of HTTP requests to 50,000 per second.

The DDoS attack continued for days, causing the Sucuri researchers to become curious about the origins of the attack. They soon discovered the individual devices carrying out the attack were CCTV boxes that were connected to more than 25,500 different IP addresses. The IP addresses were located in no fewer than 105 countries around the world.

Read 5 remaining paragraphs | Comments


Last year there was an emergence of threats of DDoS against financial websites (that eventually broadened to others) under the DD4BC moniker. Eventually that morphed into Armada Collective with both stopping around December of 2015 with the arrest of a minor in Central Europe. Starting in March, threatening emails resumed from Armada Collective threatening massive DDoS attacks if a ransom wasnt paid. Occasionally they would use booter services to deliver smaller attacks threatening larger ones. Over at CloudFlare, there is a good write up on the latest round of threats. The short answer is that these latest threats rarely even include the predecessor attack, there is just someone who is spamming people with a bitcoin wallet and hoping to get paid (and unfortunately they are). The moral of the story is that the actors behind sending emails demanding ransom or DDoS are rarely to be taken seriously. Dont pay.

John Bambenek
bambenek \at\ gmail /dot/ com
Fidelis Cybersecurity

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Enlarge / A screenshot from the latest version of CryptXXX. (credit: SentinelOne)

Whoever said crime doesn't pay didn't know about the booming ransomware market. A case in point, the latest version of the scourge known as CryptXXX, which raked in more than $45,000 (£34,344) in less than three weeks.

Over the past few months, CryptXXX developers have gone back and forth with security researchers. The whitehats from Kaspersky Lab provided a free tool that allowed victims to decrypt their precious data without paying the ransom, which typically reaches $500 or more. Then, CryptXXX developers would tweak their code to defeat the get-out-of-jail decryptor. The researchers would regain the upper hand by exploiting another weakness and so on.

Earlier this month, the developers released a new CryptXXX variant that to date still has no decryptor available. Between June 4 and June 21, according to a blog post published Monday by security firm SentinelOne, the Bitcoin address associated with the new version had received 70 bitcoins, which at current prices is valued at around $45,228. The figure doesn't include revenue generated from previous campaigns.

Read 4 remaining paragraphs | Comments

BigTree CMS <= 4.2.11 Authenticated SQL Injection Vulnerability

(credit: Valentina Palladino)

Security researchers have discovered a vulnerability in the Google Chrome browser that could allow users to bypass itscopy protection system and download content from streaming video services like Netflix and Amazon Prime Video. According to Wired, Google was alerted to the problem on May 24, but is yet to issue a patch.

The vulnerability centers around the Widevine digital rights management system—which Google owns and has implemented into Chrome—and specifically how it handles decryption of encrypted media streams. Widevine uses two pieces of tech to protect content: the encrypted media extensions (EME), which handle key exchanges and other high-level functions, and a content decryption module (CDM), which unscrambles encrypted video for playback in the browser.

Unfortunately for Google, the researchers discovered it's possible to hijack the decrypted movie stream right after the CDM decrypts the film, before it's displayed in the browser. With the right software—and let's face it, it doesn't take long for pirating software to appear following the discovery of a vulnerability—any user would be able to download streaming content for keeps.

Read 6 remaining paragraphs | Comments

[SECURITY] [DSA 3606-1] libpdfbox security update
[slackware-security] php (SSA:2016-176-01)
MyLittleForum v2.3.5 PHP Command Injection
[fd] CVE ID request: Untangle NGFW <= v12.1.0 post-auth command injection
Internet Storm Center Infocon Status