Russian Website Phishing Bluehost Accounts

Well, I woke up to a nice attempt to phish-me. A closer look at the email shows a Russian URL on this attempt to phish bluehost accounts to perform account takeovers. Bluehost users, beware of this activity. The Russian Phishing site looks identical to the bluehost login page. See screenshot of the email and website below:

russian-bluehost-phishing

russian-phish-webpage




Facebooktwittergoogle_plusredditpinterestlinkedinmail

Politically Correct way to say “Merry Christmas” (2015 Edition)

Please accept with no obligation, implied or implicit, my best wishes for an environmentally conscious, socially responsible, low-stress, non-addictive, gender-neutral celebration of the winter or in some locations summer solstice holiday, practiced within the most enjoyable traditions of the religious persuasion of your choice, or secular practices of your choice, with respect for the religious/secular persuasion and/or traditions of others, or their choice not to practice religious or secular traditions at all. I also wish you a fiscally successful, personally fulfilling and medically uncomplicated recognition of the onset of the generally accepted calendar year 2015, but not without due respect for the calendars of choice of other cultures whose contributions to society have helped make America great. Not to imply that America is necessarily greater than any other country nor the only America in the Western Hemisphere. Also, this wish is made without regard to the race, creed, color, age, physical ability, religious faith or sexual preference of the wishee.


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] ICANN HACKED: Intruders poke around global DNS innards

http://www.theregister.co.uk/2014/12/17/icann_hacked_admin_access_to_zone_files/ By Kieren McCarthy The Register 17 Dec 2014 Domain-name overseer ICANN has been hacked and its DNS zone database compromised, the organization has said. Attackers sent staff spoofed emails appearing to coming from icann.org. The organization notes it was a “spear phishing” attack, suggesting employees clicked on a link in the messages that took them to a bogus login page – into which staff typed their usernames and passwords, providing hackers with the keys to their work email accounts. No sign of two-factor authentication, then. “The attack resulted in the compromise of the email credentials of several ICANN staff members,” ICANN’s statement on the matter reads, noting that the attack happened in late November and was discovered a week later. With those details, the hackers then managed to access a number of systems within ICANN, including the Centralized Zone Data System (CZDS), the wiki pages of the Governmental Advisory Committee (GAC), the domain registration Whois portal, and the organization’s blog. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Why the Sony hack is unlikely to be the work of North Korea.

http://marcrogers.org/2014/12/18/why-the-sony-hack-is-unlikely-to-be-the-work-of-north-korea/ By Marc Rogers 12/18/2014 Everyone seems to be eager to pin the blame for the Sony hack on North Korea. However, I think it’s unlikely. Here’s why:1. The broken English looks deliberately bad and doesn’t exhibit any of the classic comprehension mistakes you actually expect to see in “Konglish”. i.e it reads to me like an English speaker pretending to be bad at writing English. 2. The fact that the code was written on a PC with Korean locale & language actually makes it less likely to be North Korea. Not least because they don’t speak traditional “Korean” in North Korea, they speak their own dialect and traditional Korean is forbidden. This is one of the key things that has made communication with North Korean refugees difficult. I would find the presence of Chinese far more plausible.See here – http://www.nytimes.com/2006/08/30/world/asia/30iht-dialect.2644361.html?_r=0 here – http://www.nknews.org/2014/08/north-korean-dialect-as-a-soviet-russian-translation/ and here – http://www.voanews.com/content/a-13-2009-03-16-voa49-68727402/409810.html This change in language is also most pronounced when it comes to special words, such as technical terms. That’s possibly because in South Korea, many of these terms are “borrowed” from other languages, including English. For example, the Korean word for “Hellicopter” is: 헬리콥터 or hellikobteo. The North Koreans, on the other hand, use a literal translation of “vehicle that goes straight up after takeoff”. This is because such borrowed words are discouraged, if not outright forbidden, in North Korea – http://pinyin.info/news/2005/ban-loan-words-says-north-korea/ Lets not forget also that it is *trivial* to change the language/locale of a computer before compiling code on it. 3. It’s clear from the hard-coded paths and passwords in the malware that whoever wrote it had extensive knowledge of Sony’s internal architecture and access to key passwords. While it’s plausible that an attacker could have built up this knowledge over time and then used it to make the malware, Occam’s razor suggests the simpler explanation of an insider. It also fits with the pure revenge tact that this started out as. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Look How Cute this Military Cyber Warfare Training Ground Is

http://www.wnyc.org/story/cyber-city-military-grade-miniature-town/ By Eric Molinsky WNYC.org December 17, 2014 Somewhere hidden in the sleepy suburbs of New Jersey, there is a very small town. This all-American village boasts good public transit, its own reservoir, a coffee shop, a church, a bank… you name it. Their international airport rarely has delays. Where is this idyllic hideaway? That’s a military secret. CyberCity, as it’s called, serves as a training ground for a new class of specialized “cyber warriors,” capable of defending against cyber attack. Every day, soldiers plot to take over the town, by hacking into its schools, its water systems, its power grid, and its Internet, as colleagues and instructors watch on screens in the other room. It’s run by the SANS Institute’s Ed Skoudis, whom the military hired to design a new generation of training equipment – and, as Skoudis said, your average digital simulator wasn’t going to cut it: “If you tell them, ‘Hey, one of your folks was able to hack into a power grid and turn the lights back on,’ certain people in the military leadership would look at that and say, ‘You just showed me that my people can play a video game.’ Whereas we can say it was a real power grid. Admittedly controlling a city whose surface area was 48 square feet – but still.” While we can’t disclose CyberCity’s precise location, we can say this: Skoudis’ souped-up model train set sits very near the center of innovation in military training, national security and technology-fueled warfare. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

My latest Gartner research: Competitive Landscape: Endpoint Detection and Response Tools, 2014

The endpoint detection andresponse (EDR) market (also referred to in Gartner research as endpoint threat detection and response[ETDR]) is an emerging security technology market created … Carbon Black EDR software solution to provide both endpoint prevention, visibility, detection and response in an integrated solution. The latest version 7. …

Gartner clients may access this research by clicking here.


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Is Iran is the new China? FBI warning suggests it’s not far off

http://news.techworld.com/security/3591027/is-iran-is-the-new-china-fbi-warning-suggests-its-not-far-off/ By John E Dunn Techworld 15 December 2014 The FBI has sent a formal warning to US energy, defence and education organisations to be on the lookout for targeted Iranian cyberattacks, Reuters has reported. Flagged as confidential, probably because it goes into detail about the techniques used, the ‘Flash’ document offers advice on combatting yet another sophisticated state-backed cyberattack campaign to add to the suspected Chinese, Russian and North Korean ones some of the firms will already be battling. According to the brief details offered by Reuters, the FBI urged affected businesses to contact them. Iranian attacks on US firms are nothing new but news of the latest campaign confirms the warning of the same attacks last week by security consultancy Cylance, which dubbed them ‘Operation Cleaver’. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] The US Needs To Stop Pretending The Sony Hack Is Anything Less Than An Act Of War

http://www.businessinsider.com/sony-hack-should-be-considered-an-act-of-war-2014-12 By MICHAEL B KELLEY AND ARMIN ROSEN Business Insider DEC. 15, 2014 The most devastating cyberattack ever on a US-based company wasn’t an act of war, according to established guidelines of cyberwarfare. NATO’s Tallinn Manual defines an act of cyberwar that permits a military response as “a cyber operation, whether offensive or defensive, that is reasonably expected to cause injury or death to persons or damage or destruction to objects.” The world after the Sony Pictures hack may require a new perspective. Dave Aitel, a former NSA research scientist and CEO of the cybersecurity firm Immunity, argues that while the attack “doesn’t meet the threshold for a response by our military,” it should still be viewed as an act of war. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail