Tag Archives: site

[ISN] FBI puts $3m bounty on head of Gameover Zeus malware creator

http://www.v3.co.uk/v3-uk/news/2416111/fbi-puts-usd3m-bounty-on-head-of-gameover-zeus-malware-creator By Dan Worth V3.co.uk 02 July 2015 The FBI has offered a reward of $3m for information leading to the capture of the infamous Gameover Zeus malware creator. Evgeniy Mikhailovich Bogachev has been in the FBI’s sights since June last year when he was accused of being one of the ringleaders behind the notorious Gameover Zeus malware. The Monster Jobs website was hit by Gameover Zeus earlier this year. Keen to ramp up pressure on Bogachev, the FBI has now put a sizeable bounty on his head. “Bogachev is wanted for his alleged involvement in a wide-ranging racketeering enterprise and scheme that installed, without authorisation, malicious software known as Zeus on victims’ computers,” the FBI said. […]




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] {Moderators Note} Infrequent Postings of InfoSec News

As you have probably noticed, postings to InfoSec News have been rather infrequent in the last few months, and the reason is relatively straightforward, I have been happily employed for the last six months with Evident.io. Subsequently after staring at a laptop for 8-10+ hours a day, staring at it for another couple to find all the security news everyone craves is some nights pretty tiring. I am in the process of bringing on a few interns to work in the background, so keep an eye on the website and mailing list as some cool things are in the works here. Likewise, if you have Amazon Web Services in your infrastructure and are curious where your risks lay, please visit https://evident.io and if you would like a demo, please drop me an email to: my first name AT evident.io Thank you for your time and support! Sincerely, William Knowles http://www.linkedin.com/in/williamknowles


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Attack on Lithuanian army’s website plotted for two weeks

http://en.delfi.lt/lithuania/defence/attack-on-lithuanian-armys-website-plotted-for-two-weeks.d?id=68228302 BNS June 12, 2015 The Wednesday’s cyber attack on the website of the Lithuanian Armed Forces Joint Staff was plotted for at least two weeks, with requests sent from Iran, among other countries, says Rimantas Černiauskas, director of the National Cyber Security Centre. “We see large amounts of interesting information. We see that there were continued various pings, for instance, there was an attempt from Iran to guess the password. We see that the server hosting the website was constantly checked by hackers, with attempts to enter it, most of the attempts were not successful,” said the expert. In his words, the final conclusions on the hacking should be submitted to the Armed Forces by the end of office hours on Friday – additional information has now been requested from the company managing the website content. Černiauskas confirmed that special robots had been checking the weak spots of the system on a daily basis, i.e., at least two or three times a day, attempting to guess the passwords and find system gaps, the attack was conducted by specific individuals. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] FBI, Europol and NCA gunning for top 200 black hats making exploit kits for criminals

http://www.v3.co.uk/v3-uk/news/2411419/fbi-europol-and-nca-gunning-for-top-200-black-hats-making-exploit-kits-for-criminals By Alastair Stevenson V3.co.uk 03 Jun 2015 Law enforcement agencies need to mount a coordinated effort to shut down the exploit developers and hosting sites powering organised crime, according to experts from the FBI, Europol and the UK’s National Crime Agency (NCA). The experts made the claim during a panel discussion at InfoSec 2015, when FBI assistant legal attaché Michael Driscoll listed taking down the “core group” of 200 black hats creating exploit kits as one of the biggest challenges facing law enforcement. “We’re looking to stop that marketplace of tools. There’s a small group creating the core technologies that feed the criminal world,” he said. “The problem is they’re easily bought on the criminal marketplace and distributed. I could go now and pick them up for $200. We’re focusing our resources on taking out the people that do the most damage.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Security sleuths, sniff out the stupid from your Oracle DBs

http://www.theregister.co.uk/2015/06/04/security_sleuths_sniff_out_the_stupid_from_your_oracle_dbs/ By Darren Pauli The Register 4 Jun 2015 Databases remain a security nightmare, says Datacom TSS hacker David Litchfield, so he’s built an application to give admins a hand. The Datacom TSS hacker says the Database Security Scorecard will help inform system administrators of security shortfalls in databases and help bridge the language gap between management and tech. Litchfield (@dlitchfield) revealed the scorecard at the AusCERT2015 conference on the Gold Coast, and will publish the free platform to his website later this week. “Database security does not receive the support it deserves,” Litchfield says. “It is a no-man’s land where security think it’s the DBA’s responsibility and DBAs think it’s security’s responsibility. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Renthacker site leaks Australian buyers’ names and addresses

http://www.theage.com.au/it-pro/security-it/rentahacker-site-leaks-australian-buyers-names-and-addresses-20150529-ghca3f.html By Liam Tung and Ben Grubb The Age May 29, 2015 The cat’s out of the bag for about 60 Australians who thought they could anonymously rent a hacker from a website to do their dirty work. If you’ve used the hacker-for-hire site Hacker’s List to contract out a hack job then your name, address and the reasons why you sought a hacker are now available on the web, potentially exposing you to legal action. Hacker’s List launched last November with the assurance that “only you and your hacker for hire know the details of your project”. A New York Times report in January highlighted that people across the world, from Sweden to Australia, were using it to anonymously request hacker services. Some jobs were legal, others were clearly not, such as one from an Australian who wanted to hack a business rival’s customer database. Would-be buyers appear to have assumed that job descriptions they gave on the site couldn’t be linked to information that would reveal their identity. But last week security researcher Jonathan Mayer discovered the site was in fact leaking information that linked buyers’ names and addresses to job descriptions, which may ultimately reveal who they are and their motivation for seeking a hacker. It’s also culminated in a potentially embarrassing list that should make anyone think twice before hiring a hacker online. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Dating site hack reveals sexual secrets of 4 million users

http://www.independent.co.uk/life-style/gadgets-and-tech/news/dating-site-hack-reveals-sexual-secrets-of-4-million-users-10268933.html By Dan Sung The Independent 22 May 2015 A hacker has exposed the personal and sexual details of nearly 4 million users on one of the world-leading dating sites. The details lifted from the database of Adult FriendFinder include the information of previous members who had previously deleted their accounts. The specifics of the illegally mined data are around sexual orientation, sexual preferences and even whether or not members of the service are already with partners but looking for extramarital affairs. A Channel 4 News investigation traced the discovery to a forum where a hacker known as ROR[RG] posted the information which also includes names, email addresses, postcodes, dates of birth, computer IP addresses and just about everything else short of credit card details. More than 7 million of Adult FriendFinder’s 63-million-user worldwide community are British and, of 3.9 million accounts leaked, “dozens” are linked to UK government and armed service addresses. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Korean Log-in Security Questions ‘Too Easy’

http://english.chosun.com/site/data/html_dir/2015/05/22/2015052201606.html Chosun.com May 22, 2015 Internet users in Korea are notoriously more exposed to security risks than their counterparts in other countries, partly because their password hints are too easy to guess, Google analysis released Thursday shows. The search giant analyzed security questions selected by the users around the world to help them when they forget the password. According to the analysis, a majority of Korean users selected too-easy-to-guess questions like “the city where you were born” and “what’s your favorite food.” If a hacker tries 10 times to crack the password, their chances of guessing the right answer are 39 percent and 43 percent. If “Seoul” is the answer to the birthplace question, the question is no more secure than the password “1234.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail