3/4/2014

MASSIVE DDOS Attack Hit Leading Companies

Filed under: — Aviran Mordo

Since last week a massive Denial of service attack (DDOS) hit major internet services in an attempt to bring the service down.

Companies like Wix, StatCounter, Namecheap, Meetup and Bit.ly where the target of an unprecedented large scale and sophisticated DDOS attack.

In an email sent to Wix customers Avishay Abrahami, Wix CEO, explains about the attack:

“…Since Thursday, 2/27 at 07:00am EST Wix has been the target of a malicious DDoS attack, a technique used by hackers to take an internet service offline by overloading its servers. (To read more about DDoS attacks: http://en.wikipedia.org/wiki/Denial-of-service_attack).

We have robust systems in place to deal with such instances; however the scale of this particular attack caused Wix.com and some Wix user websites to experience significant but intermittent downtime. Throughout the attack, we were able to guarantee that the vast majority of websites remained live and unaffected. Rest assured, all your personal data, including billing information, is secure and was never compromised….“

StatCounter announced via Twitter that they managed to restore the service after is was down.

Some of the companies got a blackmail letter asking for money in order to stop the attack such as published my Meetup.com, however they did not surrender to the blackmailer and trying to fight off the attack.

The DDOS attack started around the same time on 2/27/2014 for most of the services being targeted which raises the suspicion that it is the same group of criminals attacking all of these companies, trying to blackmail them for money. It is unknown if and how many other companies did pay out the ransom money and avoided being hit.

10/8/2013

Android adware vulnerabilities are so BAD, researchers won’t ID it

Filed under: — Aviran Mordo

A popular mobile ad library used by multiple Android apps poses a severe malware threat, researchers at infosec firm FireEye have warned. The security researchers said that altogether 200 million affected apps had been downloaded.

This ad library aggressively collects sensitive data and is able to perform dangerous operations such as calling home to a command-and-control server before downloading and running secondary components on demand.

Mobile ad libraries are third-party software included by host apps in order to display ads. Because this library could potentially be used to conduct large-scale attacks on millions of users, FireEye refers to it anonymously by the code name “Vulna” rather than revealing its true identity.

An analysis of the most popular apps (those with over one million downloads) on Google Play reveals that 1.8 per cent of them used “Vulna”. The potentially affected apps have been downloaded more than 200 million times in total.

FireEye catalogues a variety of built-in aggressive behaviours which, in addition to vulnerabilities with the technology, make Vulna a threat.

Adobe deals with data breach affecting 2.9m customers

Filed under: — Aviran Mordo

Adobe has been hit with a massive cyber attack, where hackers obtained customer IDs, passwords and encrypted credit card information of more than 2.9 million customers. Adobe believes the hackers also breached source-code data of several Adobe products, including Acrobat and ColdFusion.

The software giant behind products like Photoshop, InDesign and Shockwave Flash announced last week they had been hit by two separate attacks targeting customer and company information. Adobe is in the process of sending password-reset e-mails and customer security alerts to affected customers to try to mitigate the damage, but there’s a bit of a problem with that approach.

According to independent security reporter Brian Krebs, Adobe has known about the breach since Sept. 17, and they believe the attack happened sometime in mid-August. Considering those customers’ information has been in the hackers’ hands for nearly two months, resetting passwords and canceling credit cards at this point may be moot.

Adobe’s investigation is still in its early stages, and the company hasn’t finished unearthing the full scope of what data may have been compromised.

7/21/2013

New vulnerability found in Java 7

Filed under: — Aviran Mordo

Security researchers from Polish vulnerability research firm Security Explorations claim to have identified a new vulnerability in Java 7 that could allow attackers to bypass the software’s security sandbox and execute arbitrary code on the underlying system.

The vulnerability was reported this week to Oracle along with proof-of-concept PoC exploit code, said Adam Gowdiak, the CEO and founder of Security Explorations, in a message to the Full Disclosure mailing list.

According to Gowdiak, the vulnerability is located in the Reflection API application programming interface, a feature that was introduced in Java 7 and which has been the source of many critical Java vulnerabilities so far. Security Explorations confirmed that its PoC exploit code works against Java SE 7 Update 25 and earlier versions, he said.

6/7/2012

Worst Companies at Protecting User Privacy: Skype, Verizon, Yahoo, AT&T, Apple, Microsoft

Filed under: — Aviran Mordo

We’re living our lives more and more in the online environment. Eventually, we end up giving a lot of our personal data, whether we’re talking about a social network account, email service or a national carrier. Our conversations are being wire-tapped, our online surfing is being stored. Which are the companies that fight for our rights when the government wants to know more? Who protects our privacy?

This privacy report has been done by the Electronic Frontier Foundation and should be taken seriously. When government agencies come asking for your personal data and your activity logs, who is fighting for your rights and who’s acting like a peaceful sheep, pleasing the Big Brother?

The chart shows how many stars the participating companies has been given.

12/10/2011

New zero-day vulnerabilities found in Adobe Flash Player

Filed under: — Aviran Mordo

Recently a vulnerability was found in both Mac and Windows versions of Adobe’s Acrobat and Reader products that could allow an attacker to crash the programs and gain control of the system. So far only attacks on Windows machines have been found, but Mac systems could be affected as well.

Now two similar vulnerabilities have been found in Adobe’s Flash Player, which likewise could result in arbitrary code being executed on the system.

11/24/2011

Mobile “rootkit” maker tries to silence critical Android dev

Filed under: — Aviran Mordo

A data-logging software company is seeking to squash an Android developer’s critical research into its software that is secretly installed on millions of phones, but Trevor Eckhart is refusing to publicly apologize for his research and remove the company’s training manuals from his website.

Though the software is installed on millions of Android, BlackBerry, and Nokia phones, Carrier IQ was virtually unknown until the 25-year-old Eckhart analyzed its workings, recently revealing that the software secretly chronicles a user’s phone experience, from its apps, battery life and texts. Some carriers prevent users who actually find the software from controlling what information is sent.

Eckhart called the software a “rootkit,” a security term that refers to software installed at a low-level on a device, without a user’s consent or knowledge in order to secretly intercept the device’s workings. Malware such as keyloggers and trojans are two examples.

8/13/2011

Attack targeting open-source web app keeps growing

Filed under: — Aviran Mordo

An attack targeting sites running unpatched versions of the osCommerce web application kept growing virally this week, more than three weeks after a security firm warned it was being used to install malware on the computers of unsuspecting users.

When researchers from Armorize first spotted the exploit on July 24, they estimated it had injected malicious links into about 91,000 webpages. By early last week, The Reg reported it had taken hold of almost 5 million pages. At time of writing, Google searches suggested that the number exceeded 8.3 million

7/28/2011

Hackers attack South Korean sites; up to 35 mln users affected

Filed under: — Aviran Mordo

South Korea’ communications regulator said Thursday hackers from China had attacked an Internet portal and blogging site operated by SK Comms, accessing the personal information of up to 35 million users in what could be the country’s biggest cyber attack so far.

The incident follows a series of hacking incidents at South Korean financial firms in recent months, exposing the vulnerabilities of networks in the world’s most wired country.

The Korea Communications Commission said in a statement that hacking attacks Thursday morning targeted personal information including phone numbers, e-mail addresses, names and coded data of users of the Nate portal and Cyworld blogging sites, both operated by SK Comms.

Police are investigating the case and have yet to request the assistance of the Chinese authorities, an official at the commission said.

6/30/2011

Hacker attack cripples al-Qaida on Web

Filed under: — Aviran Mordo

Computer hackers shut down al-Qaida’s ability to communicate its messages to the world through the Internet, interrupting the group’s flow of videos and communiqués, according to a terrorism expert.

“Al-Qaida’s online communications have been temporarily crippled, and it does not have a single trusted distribution channel available on the Internet,” said Evan Kohlmann, of Flashpoint Global Partners, which monitors the group’s communications.

The attack was carried out within the past few days by unknown hackers targeting al-Qaida’s Internet communications systems. It was “well coordinated and involved the use of an unusual cocktail of relatively sophisticated techniques,” Kohlmann said.

Android app offers Wi-Fi hacking of Facebook accounts

Filed under: — Aviran Mordo

Sometimes seeing is believing. The FaceNiff Android app, released earlier this month, allows anyone to snoop on traffic on Wi-Fi networks and even hijack Facebook accounts. Sounds bad, but this video demo drives the message home by showing just how easy it is to do:

The app, which works on Android phones that have been rooted, offers “one-touch hacking,” says Kevin Mahaffey, founder and chief technology officer at mobile security firm Lookout. The technique isn’t new–it’s akin to a mobile version of the Firesheep Firefox extension released last year–but it makes it super easy and mobile.

Massive botnet ‘indestructible,’ say researchers

Filed under: — Aviran Mordo

A new and improved botnet that has infected more than four million PCs is “practically indestructible,” security researchers say.

“TDL-4,” the name for both the bot Trojan that infects machines and the ensuing collection of compromised computers, is “the most sophisticated threat today,” said Kaspersky Labs researcher Sergey Golovanov in a detailed analysis Monday.

“[TDL-4] is practically indestructible,” Golovanov said.

“I wouldn’t say it’s perfectly indestructible, but it is pretty much indestructible,” said Joe Stewart, director of malware research at Dell SecureWorks and an internationally-known botnet expert, in an interview today. “It does a very good job of maintaining itself.”

Because TDL-4 installs its rootkit on the MBR, it is invisible to both the operating system and more, importantly, security software designed to sniff out malicious code.

But that’s not TDL-4’s secret weapon.

What makes the botnet indestructible is the combination of its advanced encryption and the use of a public peer-to-peer (P2P) network for the instructions issued to the malware by command-and-control (C&C) servers. “The way peer-to-peer is used for TDL-4 will make it extremely hard to take down this botnet”.

Powered by WordPress