Hacking & Security

Arrests made after international cyber-ring targets StubHub

Computerworld.com [Hacking News] - 23 Červenec, 2014 - 21:34
Six people have been indicted on charges of running an international ring that resold tickets bought through compromised StubHub accounts for some of New York's biggest concerts and sporting events.
Kategorie: Hacking & Security

WordPress Sites Seeing Increased Malware, Brute Force Attacks This Week

Threatpost - 23 Červenec, 2014 - 21:11
A glut of Wordpress sites have fallen victim to both malware infections and a series of brute force attacks that have making the rounds over the past several days, researchers claim.
Kategorie: Hacking & Security

Researchers Demo TAILS Flaw Exploit, Disclose Details to Developers

Threatpost - 23 Červenec, 2014 - 20:22
The critical vulnerability in the TAILS operating system discovered by researchers at Exodus Intelligence lies in the I2P software that's bundled with the OS and the company has released some details and a video demonstrating an exploit against the bug.
Kategorie: Hacking & Security

Google given 18 months to change its handling of user data

Sophos Naked Security - 23 Červenec, 2014 - 18:21
The Italian Data Protection Commissioner has given Google 18 months to change the way it treats and stores user data.

Feds: Hackers Ran Concert Ticket Racket

Krebs on Security - 23 Červenec, 2014 - 17:42

A Russian man detained in Spain is facing extradition to the United States on charges of running an international cyber crime ring that allegedly stole more than $10 million in electronic tickets from e-tickets vendor StubHub.

Vadim Polyakov, 30, was detained while vacationing in Spain. Polyakov is wanted on conspiracy charges to be unsealed today in New York, where investigators with the Manhattan District Attorney’s office and the U.S. Secret Service are expected to announce coordinated raids of at least 20 people in the United States, Canada and the United Kingdom accused of running an elaborate scam to resell stolen e-tickets and launder the profits.

Sources familiar with the matter describe Polyakov, from St. Petersburg, Russia, as the ringleader of the gang, which allegedly used thousands of compromised StubHub user accounts to purchase huge volumes of electronic, downloadable tickets that were fed to a global network of resellers.

Robert Capps, senior director of customer success for RedSeal Networks and formerly head of StubHub’s global trust and safety organization, said the fraud against StubHub — which is owned by eBay — largely was perpetrated with usernames and passwords stolen from legitimate StubHub customers. Capps noted that while banks have long been the target of online account takeovers, many online retailers are unprepared for the wave of fraud that account takeovers can bring.

“In the last year online retailers have come under significant attack by cyber criminals using techniques such as account takeover to commit fraud,” Capps said. “Unfortunately, the transactional risk systems employed by most online retailers are not tuned to detect and defend against malicious use of existing customer accounts.  Retooling these systems to detect account takeovers can take some time, leaving retailers exposed to significant financial losses in the intervening time.”

Polyakov is the latest in a recent series of accused Russian hackers detained while traveling abroad and currently facing extradition to the United States. Dmitry Belorossov, a Russian citizen wanted in connection with a federal investigation into a cyberheist gang that leveraged the Gozi Trojan, also is facing extradition to the United States from Spain. He was arrested in Spain in August 2013 while attempting to board a flight back to Russia.

Last month, federal authorities announced they had arrested Russian citizen Roman Seleznev as he was vacationing in the Maldives. Seleznev, the son of a prominent Russian lawyer, is currently being held in Guam and is awaiting extradition to the United States.

Arkady Bukh, a New York criminal lawyer who frequently represents Russian and Eastern European hackers who wind up extradited to the United States, said the Polyakov case will be interesting to watch because his extradition is being handled by New York authorities, not the U.S. government.

“I’m not saying they won’t get some help from the feds, but extradition by state prosecutors is often a failure,” Bukh said. “In fact, I don’t remember the last time we saw a successful extradition of cybercrime suspects by U.S. state prosecutors. You have to have a lot of political juice to pull off that kind of thing, and normally state prosecutors don’t have that kind of juice.”

Nevertheless, Bukh said, U.S. authorities have made it crystal clear that there are few countries outside of Russia and Ukraine which can be considered safe havens for wanted cybercriminals.

“The U.S. government has delivered the message that these guys can get arrested anywhere, that there are very few places they can go and go safely,” Bukh said.

Kategorie: Hacking & Security

WSJ website hacked, data offered for sale for 1 bitcoin

Ars Technica - 23 Červenec, 2014 - 16:51
A screenshot posted by "w0rm" showing he had dumped the user table from a Wall Street Journal database.

Dow Jones & Co. took two servers that store the news graphics for The Wall Street Journal website offline yesterday evening after a confirmed intrusion by a hacker calling himself “w0rm.” The hacker was offering what he claimed was user information and server access credentials that would allow others to “modify articles, add new content, insert malicious content in any page, add new users, delete users, and so on,” Andrew Komarov, chief executive officer of cybersecurity firm IntelCrawl, told The Wall Street Journal.

W0rm, according to Komarov, is the same individual previously known as “Rev0lver” and “Hash,” a Russian hacker who tried to sell access to the BBC’s servers last December and attacked the Web servers of Vice Media earlier this year. At 5:30pm ET on July 21, he posted a screenshot to Twitter that showed the e-mail address, username, and hashed password for the database admin on a wsj.com server. He offered to sell the full dump of the database table of authorized users for one bitcoin through an exploit marketplace at w0rm.in.

According to The Journal, Dow Jones has taken the servers offline to isolate them and prevent further intrusions into their systems. A spokeperson for the company said, “At this point we see no evidence of any impact to Dow Jones Customers or customer data.”

Read 1 remaining paragraphs | Comments

Kategorie: Hacking & Security

Apple documents previously undocumented services that can leak user data

Ars Technica - 23 Červenec, 2014 - 16:40

Four days after a forensics expert warned that undocumented functions in iOS could leak personal user data, Apple has documented three services it says serve diagnostic purposes.

"iOS offers the following diagnostic capabilities to help enterprise IT departments, developers, and AppleCare troubleshoot issues," the support article published Tuesday stated. "Each of these diagnostic capabilities requires the user to have unlocked their device and agreed to trust another computer. Any data transmitted between the iOS device and trusted computer is encrypted with keys not shared with Apple. For users who have enabled iTunes Wi-Fi Sync on a trusted computer, these services may also be accessed wirelessly by that computer." As Ars reported Monday, three undocumented services include a packet sniffer dubbed com.apple.mobile.pcapd, a file downloader called com.apple.mobile.file_relay, and com.apple.mobile.house_arrest, a tool that downloads iPhone and iPad files to an iTunes folder stored on a computer.

Jonathan Zdziarski, the forensics expert who brought the undocumented functions to light on Saturday, published a blog post in response that criticized Apple's characterization of the services. He continued to maintain that at least one of the capabilities—stemming from the file relay service—constitutes a "backdoor" as defined by many security and forensics practitioners. He also took issue with Apple's suggestion that the purpose of the services was limited to diagnostics. He reiterated his previous stance that he doesn't believe Apple added the functions at the request of the National Security Agency.

Read 3 remaining paragraphs | Comments

Kategorie: Hacking & Security

File-encrypting Android ransomware 'Simplocker' targets English-speaking users

Computerworld.com [Hacking News] - 23 Červenec, 2014 - 16:23
A ransomware threat that encrypts files stored on the SD memory cards of Android devices has been updated to target English-speaking users with FBI-themed alerts.
Kategorie: Hacking & Security

Firefox 31 Patches 11 Security Flaws

Threatpost - 23 Červenec, 2014 - 15:40
Mozilla has released a new version of Firefox, which includes patches for 11 security vulnerabilities. Three of the bugs fixed in Firefox 31 are critical, including a use-after-free vulnerability and a handful of memory safety issues.
Kategorie: Hacking & Security

Pafish (Paranoid Fish)

InfoSec Institute Resources - 23 Červenec, 2014 - 14:42

Introduction In this tutorial we’ll take a look at a Pafish tool, which performs anti debugger/vm/sandbox tricks to detect whether the malware is being executed in a debugger, in a virtual machine or in a sandbox. Malware analysis today depends on a great deal of factors, but we’re often using [...]

The post Pafish (Paranoid Fish) appeared first on InfoSec Institute.

Kategorie: Hacking & Security

New Feature: "Live" SSH Brute Force Logs and New Kippo Client, (Wed, Jul 23rd)

SANS [Internet Storm Center] - 23 Červenec, 2014 - 14:33

We are announcing a new feature we have been working on for a while, that will display live stati ...(more)...

Kategorie: Hacking & Security

New Feature: "Live" SSH Brute Force Logs and New Kippo Client, (Wed, Jul 23rd)

SANS [Internet Storm Center] - 23 Červenec, 2014 - 14:33

We are announcing a new feature we have been working on for a while, that will display live stati ...(more)...

Kategorie: Hacking & Security

SQL injection flaw opens door for Wall Street Journal database hack

Computerworld.com [Hacking News] - 23 Červenec, 2014 - 14:32
A vulnerability in a web-based graphics system led to a breach of The Wall Street Journal's network by a hacker, the newspaper acknowledged late Tuesday.
Kategorie: Hacking & Security

SecOS Challenge

InfoSec Institute Resources - 23 Červenec, 2014 - 14:31

In this article, we are going to solve the SecOS challenge, an entry level boot2root challenge. So we start the game from hosting the vulnerable VM on the virtual box. After running the box, now we run a ping-based Nmap scan for identifying the live systems on the network. As [...]

The post SecOS Challenge appeared first on InfoSec Institute.

Kategorie: Hacking & Security

Black Hat presentation on TOR suddenly cancelled

LinuxSecurity.com - 23 Červenec, 2014 - 14:22
LinuxSecurity.com: A presentation on a low-budget method to unmask users of a popular online privacy tool, TOR, will no longer go ahead at the Black Hat security conference early next month.
Kategorie: Hacking & Security

A Convicted Hacker and an Internet Icon Join Forces to Thwart NSA Spying

LinuxSecurity.com - 23 Červenec, 2014 - 14:16
LinuxSecurity.com: The internet is littered with burgeoning email encryption schemes aimed at thwarting NSA spying. Many of them are focused on solving the usability issues that have plagued complicated encryption schemes like PGP for years. But a new project called Dark Mail plans to go further: to hide your metadata.
Kategorie: Hacking & Security

Attackers raid SWISS BANKS with DNS and malware bombs

LinuxSecurity.com - 23 Červenec, 2014 - 14:14
LinuxSecurity.com: Attackers suspected of residing in Russia are raiding Swiss bank accounts with a multi-faceted attack that intercepts SMS tokens and changes domain name system settings, researchers have warned.
Kategorie: Hacking & Security

Anti-surveillance advocates want you to run an open, secure WiFi router

LinuxSecurity.com - 23 Červenec, 2014 - 14:13
LinuxSecurity.com: Plenty of WiFi routers have guest modes for visitors; some companies base their entire business models around them. Many of these devices are full of security holes, however, and the Electronic Frontier Foundation doesn't see that as acceptable in an era where widespread government surveillance is a fact of life.
Kategorie: Hacking & Security

HTML5 Canvas Fingerprint — Widely Used Unstoppable Web Tracking Technology

The Hacker News - 23 Červenec, 2014 - 14:11
Till Now we have seen many traditional way of tracking web users, such as using cookies that get saved on user’s system may not be available forever to many companies, but a new method of tracking users has emerged that worked without the use of cookies. From last two years, many websites and tracking softwares are utilizing the fingerprinting power of HTML5 Canvas, which is a HTML element
Kategorie: Hacking & Security

iSpy? Researcher exposes backdoor in iPhones and iPads

Sophos Naked Security - 23 Červenec, 2014 - 13:55
A "backdoor" that Apple built into iOS for developers can be used to spy on iPhones and iPads by governments, law enforcement, or cyber criminals, according to forensics researcher Jonathan Zdziarski.
Syndikovat obsah