It has been an odd day for Newsweek – its main site was taken offline after it published a story claiming a company owned by Republican presidential candidate Donald Trump broke an embargo against doing deals with Cuba.

The magazine first thought that the sheer volume of interest in its scoop was the cause for the outage, but quickly realized that something more sinister was afoot.

The site was being bombarded by junk traffic from servers all around the world, but the majority came from Russia, the editor in chief Jim Impoco has now said.

“Last night we were on the receiving end of what our IT chief called a ‘massive’ DoS [denial of service] attack,” he told Talking Points Memo.

“As with any DDoS [distributed DoS] attack, there are lots of IP addresses, but the main ones are Russian, though that in itself does not prove anything. We are still investigating.”

Source: Criticize Donald Trump, get your site smashed offline from Russia

systemd fails an assertion in manager_invoke_notify_message when a zero-length message is received over /run/systemd/notify. This allows a local user to perform a denial-of-service attack against PID 1.Proof-of-concept:NOTIFY_SOCKET=/run/systemd/notify systemd-notify “”

Source: Assertion failure when PID 1 receives a zero-length message over notify socket · Issue #4234 · systemd/systemd · GitHub

By creating config files you can escalate through the mysqld_safe script using malloc_lib

Source: Bad news: MySQL can dish out root access to cunning miscreants

ClixSense, a site which pays users to view ads and take surveys, was the victim of a massive data breach compromising around 6.6 million user accounts.

Usually when there’s a data breach of this size, the information stolen contains usernames, passwords, and some other personal information, but due to the nature of ClixSense and the service it provided, home addresses, payment histories, and other banking details have also been compromised.

Source: Reset those passwords — again: Over 6 million ClixSense users compromised by data breach

Perhaps feeling a little bent out of shape about how much shit their country caught for running a massive, Cold War-style doping program for Olympic athletes, a group of Russian hackers have obtained confidential documents that they claim prove American Olympians are also big fat cheaters. The only problem is that the leaked documents don’t actually contain any evidence of cheating.

Source: Russian Hackers Get Into WADA Data, Find Nothing Incriminating

How hackers broke into millions of US govt personnel files

Source: Read the damning dossier on the security stupidity that let China ransack OPM’s systems

It’s hard to detect because once it infects it deletes the files and lays dormant in memory. It executes now and again to find and infect other hosts and can be used as part of a botnet.
Malwaremustdie

HITB Florian Lukavsky hacks criminals profiting from out-of-control multi-billion dollar CEO wire transfer scams… and they hate him for it.

The director of SEC Consult’s Singapore office has made a name striking back at so-called “whaling” scammers by sending malicious Word documents that breach their Windows 10 boxes and pass on identity information to police.

Whaling is a well-oiled social engineering scam that sees criminals dupe financial controllers at large lucrative organisations. Whalers’ main method is to send emails that appear to originate from chief executive officers, bearing instructions to wire cash into nominated bank accounts.

It works. The FBI estimates some $2.2bn (£1.7bn, A$2.9bn) in losses have arisen from nearly 14,000 whaling cases in the seven months to May this year. Some $800m (£601m, A$1bn) in losses occurred in the 10 months to August 2015.

Harpooned companies include Mattel, which shipped and by dumb luck recouped $3m its executive sent to a hacker’s Chinese bank account; Ubiquiti, which lost $46.7m in June last year; and Belgian bank Crelan, which lost $78m in January.

They join Accenture, Chanel, Hugo Boss, HSBC, and countless smaller victims.

Lukavsky told The Reg of his work on the back of his presentation at August’s Hack in the Box in Singapore, where he explained that he uses the attacker’s tactics to compromise scammers’ Microsoft accounts.

“Someone impersonated the CEO of an international company requesting urgent wire transfers and a couple of hours later they realise it was a scam … we worked together with law enforcement to trick the fraudsters,” Lukavsky says.

“We sent them a prepared PDF document pretending to be transaction confirmation and they opened it which led to Twitter handles, usernames, and identity information.”

“We were able to get the Windows 10 usernames and hashes which are tied by default to Outlook.”

Those Windows 10 password hashes only last a few hours when subjected to tools like John the Ripper.

The information Lukavsky passed on to police from that attack late last year lead to the arrest of the scammers located in Africa.

Source: Hacker takes down CEO wire transfer scammers, sends their Win 10 creds to the cops

If I plug in a device that masquerades as a USB Ethernet adapter and has a computer on the other end, can I capture credentials from a system, even when locked out (yes, logged in, just locked). (..or do even more, but we’ll save that for another time, this post is already too long)

Source: Snagging creds from locked machines · Room362

One in five firms that pay ransom fail to get their data back, according to new research from Trend Micro.

A poll of IT managers at 300 UK businesses sponsored by Trend Micro found that 44 per cent of UK businesses have been infected by ransomware in the last two years.

The study also found that around two-thirds (65 per cent) of UK companies confronted with a ransomware infected end up paying out in the hopes of getting their data back.

The average amount of ransom requested in the UK was £540, although 20 per cent of companies reported ransoms of more than £1,000. The majority – 57 per cent of companies – reported having been given under 24 hours to pay up.

Organisations affected by ransomware estimate they spent 33 person-hours on average fixing the problem.

The ransomware problem is growing. Trend Micro has identified 79 new ransomware families so far this year, compared to 29 in the whole of the 2015.

Source: When you’ve paid the ransom but you don’t get your data back

That’s a case for not paying the ransom then…

Music service Last.fm was hacked on March 22nd, 2012 for a total of 43,570,999 users. This data set was provided to us by daykalif@xmpp.jp and Last.fm already knows about the breach but the data is just becoming public now like all the others. Each record contains a username, email address, password, join date, and some other internal data. We verified the legitimacy of this data set with Softpedia reporter Catalin C who was in the breach himself along with his colleagues.
[…]
Passwords were stored using unsalted MD5 hashing. This algorithm is so insecure it took us two hours to crack and convert over 96% of them to visible passwords, a sizeable increase from prior mega breaches made possible because we have significantly invested in our password cracking capabilities for the benefit of our users. Here are the top 50:

Rank Password Frequency
1 123456 255,319
2 password 92,652
3 lastfm 66,857
4 123456789 63,984
5 qwerty 46,201
6 abc123 36,367
7 abcdefg 34,050
8 12345 33,785
9 1234 30,938
10 music 27,975
11 12345678 25,876
12 111111 25,313
13 abcdefg123 21,555
14 aaaaaa 19,098
15 123123 18,147
16 123 17,225
17 liverpool 17,191
18 1234567 17,168
19 000000 16,941
20 monkey 16,787

Source: LeakedSource Analysis of Last.fm Hack

(ok, top 20 here, go to leakedsource for the rest)

Dubbed USBee, the technique turns a computer’s USB ports into mini RF transmitters by modulating the data fed at high speed to plugged-in devices. By banging out a string of ‘0’ bits to a USB port, the voltage changes in the interface generate detectable emissions between 240MHz and 480MHz, according to Guri.

Next, by writing sequences of ‘0’ and ‘1’, we’re told you can create a carrier wave from the rapid voltage changes on the interface’s data pins. You can then use binary frequency shift keying (B-FSK) to encode useful information into the wave.

Guri reckons you can beam 80 bytes per second over the air using this technique, which is fast enough to send a 4,096-bit crypto key to a nearby receiver in less than 10 seconds.

Source: USBee stings air-gapped PCs: Wirelessly leak secrets with a file write

A data dump purported to contain 60 million Dropbox user IDs [and passwords] is the real thing, with the company confirming it to The Register, and independent verification from security researcher Troy Hunt.

Source: Dropbox: 2012 credentials file is real

At its then peak, Angler was behind a whopping 40 percent of all exploit kit infections having compromised nearly 100,000 websites and tens of millions of users, generating some US$34 million annually for its authors.

Source: Angler’s obituary: Super exploit kit was the work of Russia’s Lurk group

The explanation is first rate and will allow anyone to perform a non-technical man in the middle attack, going from eavesdropping to exploitation.

Source: Tinder Social Engineering Attack – HERT

Infowars, created by famed radio host and conspiracy theorist Alex Jones, produces radio, documentaries and written pieces. The dumped data relates to Prison Planet TV, which gives paying subscribers access to a variety of Infowars content. The data includes email addresses, usernames, and poorly hashed passwords.

The administrator of breach notification site Databases.Land provided a copy of 100,223 records to Motherboard for verification purposes. Vigilante.PW, another breach notification service, also has the Infowars dump listed on its site, and says the data comes from 2014. However, every record appears to have been included twice in the data, making the actual number of user accounts closer to 50,000.

Source: Tens of Thousands of Infowars Accounts Hacked

The FBI has uncovered evidence that foreign hackers penetrated two state election databases in recent weeks, prompting the bureau to warn election officials across the country to take new steps to enhance the security of their computer systems, according to federal and state law enforcement officials.

The FBI warning, contained in a “flash” alert from the FBI’s Cyber Division, a copy of which was obtained by Yahoo News, comes amid heightened concerns among U.S. intelligence officials about the possibility of cyberintrusions, potentially by Russian state-sponsored hackers, aimed at disrupting the November elections.

Source: FBI says foreign hackers penetrated state election systems [Video]

On Monday, a hacking group calling itself the “ShadowBrokers” announced an auction for what it claimed were “cyber weapons” made by the NSA. Based on never-before-published documents provided by the whistleblower Edward Snowden, The Intercept can confirm that the arsenal contains authentic NSA software, part of a powerful constellation of tools used to covertly infect computers worldwide.

The provenance of the code has been a matter of heated debate this week among cybersecurity experts, and while it remains unclear how the software leaked, one thing is now beyond speculation: The malware is covered with the NSA’s virtual fingerprints and clearly originates from the agency.

Source: The NSA Leak Is Real, Snowden Documents Confirm

Protecting GPS From Spoofers Is Critical to the Future of Navigation – IEEE Spectrum

http://spectrum.ieee.org/telecom/security/protecting-gps-from-spoofers-is-critical-to-the-future-of-navigation

‘DiskFiltration,’ a covert channel which facilitates the leakage of data from an air-gapped compute via acoustic signals emitted from its hard disk drive (HDD). Our method is unique in that, unlike other acoustic covert channels, it doesn’t require the presence of speakers or audio hardware in the air-gapped computer. A malware installed on a compromised machine can generate acoustic emissions at specific audio frequencies by controlling the movements of the HDD’s actuator arm. Digital Information can be modulated over the acoustic signals and then be picked up by a nearby receiver (e.g., smartphone, smartwatch, laptop, etc.)

Source: [1608.03431] DiskFiltration: Data Exfiltration from Speakerless Air-Gapped Computers via Covert Hard Drive Noise

Doesn’t work for SSDs 🙂

The hack can be used by thieves to wirelessly unlock as many as 100 million VW cars, each at the press of a button. Almost every vehicle the Volkswagen group has sold for the past 20 years – including cars badged under the Audi and Skoda brands – is potentially vulnerable, say the researchers. The problem stems from VW’s reliance on a “few, global master keys.”

Source: Thieves can wirelessly unlock up to 100 million Volkswagens, each at the press of a button

The web interface contains a number of critical vulnerabilities that can be abused by unauthenticated attackers. These consist of monitoring backdoors left in the PHP files that are supposed to be used by NUUO’s engineers, hardcoded credentials, poorly sanitised input and a buffer overflow which can be abused to achieve code execution on NUUO’s devices as root, and on NETGEAR as the admin user.

Source: Full Disclosure: Multiple remote vulnerabilities (RCE, bof) in Nuuo NVR and NETGEAR Surveillance

That’s a disaster! And the manufacturers are not responding!

A new ransomlock variant, which mainly affects the US, tricks users into calling a toll-free number to reactivate their Windows computer.
[…]
Victims of this threat can unlock their computer using the code: 8716098676542789

Source: New ransomware mimics Microsoft activation window | Symantec Connect Community

It also turns out that calling the support number on the screen no longer has people picking up.