Information Security News
In the past two days, Ive infected two hosts from Angler exploit kit (EK) domains at 22.214.171.124/24. Both hosts were infected with CryptoWall 3.0 ransomware using the same bitcoin address for the ransom payment: 16Z6sidfLrfNoxJNu4qM5zhRttJEUD3XoB
On Tuesday, 2015-05-26 at 15:17 UTC, I infected a host whereAngler EK sent Bedep as a malware payload before getting CryptoWall 3.0 . On Wednesday, 2015-05-27 at 17:30 UTC, I infected a host whereAngler EK sent CryptoWall 3.0 as the malware payload.
Traffic from the infected host
CryptoWall 3.0 traffic has changed a bit from my first diaryabout it on 2015-01-19 . " />
Shown above: Angler EK and CryptWall 3.0 traffic as seen in Wireshark
Traffic caused by viewing the CryptoWall decrypt instructions in a browser:
Preliminary malware analysis
Malware payload delivered by Angler EK on 2015-05-27:
A pcap of the 2015-05-27 infection traffic is available at:
A zip file of the associated malware is available at:
The zip file is password-protected with the standard password. If you dont know it, email [email protected] and ask.
So #wassenaar has infected your Twitter timeline for the past several days. I thought I'd explain what the big deal is.
Wassenaar is a town in Europe, where in 1996 a total of 41 nations agreed to an arms control treaty. The name of the agreement, the Wassenaar Arrangement, comes from the name of the town. The US, Europe, and Russia are part of the agreement. Africa, the Middle East, and China are not.
The primary goal of the arrangement is anti-proliferation, stopping uranium enrichment and chemical weapons precursors. Another goal is to control conventional weapons, keeping them out of the hands of regimes that would use them against their own people or to invade their neighbors.
A New, Post-Snowden InfoSec Model
"There were so many worries about intelligence agencies being able to get at communications that the amount of encryption being used by commercial [email] providers has gone way up," Swire says in an interview with Information Security Media Group.
by Dan Goodin
There's yet another iOS bug that causes Apple devices to crash when they receive text messages containing a string of special characters. With further finessing, the same exploit may be able to attack Macs, since OS X is also unable to process the same combination of characters, which are technically known as glyphs.
The menacing combination of ASCII and unicode-based characters looks like this:
According to people investigating the bug on reddit, the text causes iPhones running various versions of iOS to promptly crash. A flurry of Twitter users, angry that their devices fell victim to text messages, indicates that the bug is causing problems. Apple will almost certainly issue a fix. In the meantime, users can protect themselves against the nuisance text by going to system settings, navigating to Notifications>Messages>Show Previews, and turning it to off.
Get into Infosec Europe 2015 for free, hear great talks!
If so, why not drop in and see us at Infosec Europe at Olympia? Get a free show pass on us! The event is open on Tuesday, Wednesday and Thursday (2/3/4 June 2015). Several of the Naked Security team will be there, including our tireless Editor-in-Chief ...
John McAfee to give talk on hacking scandals at Infosec
Security expert John McAfee will be a guest speaker at this year's Infosecurity Europe's special 20th anniversary event. The event will be held at London's Olympia from June 2nd to the 4th. McAfee will share his insights with attendees on various ...
South African security firm Thinkst is hoping to give new life to an old idea—the honeypot—in a bid to help organizations detect security breaches and intruders in their private networks. Thinkst's Canary is a simple network appliance and corresponding online monitoring service that makes it easy to set up juicy-looking targets on the corporate LAN that will sound the alarm if any attempt is made to access them.
One of the consistent features of large hacks, such as the late 2013 Target breach, is that attackers have been able to move around their victims' networks to find systems with interesting or valuable data without being detected. From one point of entry—a compromised Web server, say—the hackers perform what's called "lateral movement;" accessing other systems and computers on the same network, discovering new sets of user credentials to gain further access to their victims, and finding valuable information to steal.
This behavior appears to go undetected, giving the attackers weeks or months to learn about their victims and steal vast quantities of sensitive data. It's this lateral movement that Canary is designed to detect by presenting the hackers with a juicy target that will ring the alarm bell whenever they access it.