It’s hard to detect because once it infects it deletes the files and lays dormant in memory. It executes now and again to find and infect other hosts and can be used as part of a botnet.
Malwaremustdie
Film studio Warner Brothers has asked Google to remove its own website from search results, saying it violates copyright laws.
It also asked the search giant to remove links to legitimate movie streaming websites run by Amazon and Sky, as well as the film database IMDB.
The request was submitted on behalf of Warner Brothers by Vobile, a company that files hundreds of thousands of takedown requests every month.
Source: Warner Brothers reports own site as illegal – BBC News
Google decided to not enforce the DCMA takedown. Which is strange: why should large companies be exempt from DCMA and get a proper hearing, whilst smaller companies just get taken down without any proper judgement?
HITB Florian Lukavsky hacks criminals profiting from out-of-control multi-billion dollar CEO wire transfer scams… and they hate him for it.
The director of SEC Consult’s Singapore office has made a name striking back at so-called “whaling” scammers by sending malicious Word documents that breach their Windows 10 boxes and pass on identity information to police.
Whaling is a well-oiled social engineering scam that sees criminals dupe financial controllers at large lucrative organisations. Whalers’ main method is to send emails that appear to originate from chief executive officers, bearing instructions to wire cash into nominated bank accounts.
It works. The FBI estimates some $2.2bn (£1.7bn, A$2.9bn) in losses have arisen from nearly 14,000 whaling cases in the seven months to May this year. Some $800m (£601m, A$1bn) in losses occurred in the 10 months to August 2015.
Harpooned companies include Mattel, which shipped and by dumb luck recouped $3m its executive sent to a hacker’s Chinese bank account; Ubiquiti, which lost $46.7m in June last year; and Belgian bank Crelan, which lost $78m in January.
They join Accenture, Chanel, Hugo Boss, HSBC, and countless smaller victims.
Lukavsky told The Reg of his work on the back of his presentation at August’s Hack in the Box in Singapore, where he explained that he uses the attacker’s tactics to compromise scammers’ Microsoft accounts.
“Someone impersonated the CEO of an international company requesting urgent wire transfers and a couple of hours later they realise it was a scam … we worked together with law enforcement to trick the fraudsters,” Lukavsky says.
“We sent them a prepared PDF document pretending to be transaction confirmation and they opened it which led to Twitter handles, usernames, and identity information.”
“We were able to get the Windows 10 usernames and hashes which are tied by default to Outlook.”
Those Windows 10 password hashes only last a few hours when subjected to tools like John the Ripper.
The information Lukavsky passed on to police from that attack late last year lead to the arrest of the scammers located in Africa.
Source: Hacker takes down CEO wire transfer scammers, sends their Win 10 creds to the cops
If I plug in a device that masquerades as a USB Ethernet adapter and has a computer on the other end, can I capture credentials from a system, even when locked out (yes, logged in, just locked). (..or do even more, but we’ll save that for another time, this post is already too long)
Source: Snagging creds from locked machines · Room362
One in five firms that pay ransom fail to get their data back, according to new research from Trend Micro.
A poll of IT managers at 300 UK businesses sponsored by Trend Micro found that 44 per cent of UK businesses have been infected by ransomware in the last two years.
The study also found that around two-thirds (65 per cent) of UK companies confronted with a ransomware infected end up paying out in the hopes of getting their data back.
The average amount of ransom requested in the UK was £540, although 20 per cent of companies reported ransoms of more than £1,000. The majority – 57 per cent of companies – reported having been given under 24 hours to pay up.
Organisations affected by ransomware estimate they spent 33 person-hours on average fixing the problem.
The ransomware problem is growing. Trend Micro has identified 79 new ransomware families so far this year, compared to 29 in the whole of the 2015.
Source: When you’ve paid the ransom but you don’t get your data back
That’s a case for not paying the ransom then…
To accomplish the mammoth task of informing about 50 different vendors and various ISPs we teamed up with CERT/CC (VU#566724). We would really like to report that our efforts were successful, but as it turns out the number of devices on the web using known private keys for HTTPS server certificates has gone up by 40% in the last nine months (3.2 million in November 2015 vs. 4.5 million now). There are many explanations for this development. The inability of vendors to provide patches for security vulnerabilities including but not limited to legacy/EoL products might be a significant factor, but even when patches are available, embedded systems are rarely patched. Insufficient firewalling of devices on the WAN side (by users, but also ISPs in case of ISP-supplied customer premises equipment, CPE) and the trend of IoT-enabled products are surely a factor as well.
Source: SEC Consult: House of Keys: 9 Months later… 40% Worse
This means it’s quite easy to listen in and interfere with these devices as well.
Several Inteno routers do not validate the Auto Configuration Server (ACS) certificate (CWE-295). An attacker in a privileged network position can Man-in-the-Middle the connection between the device and the Auto Configuration Server (ACS). If ACS has been preconfigured by the ISP (this is usually the case) no user actions are required for exploitation.
Impact
——The attacker who can intercept the network traffic between the affected
device (CPE) and the Auto Configuration Server (ACS) gains full
administrative access to the device. The attacker can perform arbitrary
administrative operations on the device, such as flashing the device
firmware.
Interno refuses to fix the problem.
The 64-page report details a range of issues. It identifies 76 “capability deficiencies,” of which the Department of Defence (DoD) deems 60 to be “critical.”
[…]
On average, only 3.5 aircraft in the operational fleet of 16 helicopters were available on “any given day in 2015,” says ANAO. This is below targeted readiness of 12 aircraft.
[…]
Sustainment costs are also an issue. Initially, between 2004 and 2019 these were pegged at A$571 million ($431 million). This amount was eclipsed in 2014, and costs mounted to A$921 million in 2016. The cost per flight hour in June 2016 was A$30,335, compared with a target of A$20,000.
[…]
Weapons availability appears to be a challenge. In addition, there have been two incidents – one in Germany, one in Australia – where 70mm rocket pods were jettisoned with no command from the pilot. The cause of this problem has yet to be identified.
Source: Australian government auditor slams Tiger attack helicopter
Music service Last.fm was hacked on March 22nd, 2012 for a total of 43,570,999 users. This data set was provided to us by daykalif@xmpp.jp and Last.fm already knows about the breach but the data is just becoming public now like all the others. Each record contains a username, email address, password, join date, and some other internal data. We verified the legitimacy of this data set with Softpedia reporter Catalin C who was in the breach himself along with his colleagues.
[…]
Passwords were stored using unsalted MD5 hashing. This algorithm is so insecure it took us two hours to crack and convert over 96% of them to visible passwords, a sizeable increase from prior mega breaches made possible because we have significantly invested in our password cracking capabilities for the benefit of our users. Here are the top 50:Rank Password Frequency
1 123456 255,319
2 password 92,652
3 lastfm 66,857
4 123456789 63,984
5 qwerty 46,201
6 abc123 36,367
7 abcdefg 34,050
8 12345 33,785
9 1234 30,938
10 music 27,975
11 12345678 25,876
12 111111 25,313
13 abcdefg123 21,555
14 aaaaaa 19,098
15 123123 18,147
16 123 17,225
17 liverpool 17,191
18 1234567 17,168
19 000000 16,941
20 monkey 16,787
Source: LeakedSource Analysis of Last.fm Hack
(ok, top 20 here, go to leakedsource for the rest)
Have you ever wondered if those miracle sprays that promise to protect the liner of your pickup truck from damage actually work? Here’s proof they do. The amateur scientists at YouTube’s How Ridiculous covered a watermelon in Line-X spray and dropped it off a 150-feet tall tower. Not only did the watermelon survive the fall, it actually bounced on impact. Whoa.
Source: Miraculous Spray-On Coating Protects a Watermelon From a 150-Foot Drop