News & Updates

A new round of the weekly SecurityAffairs newsletter arrived!

The best news of the week with Security Affairs.

·      Crooks used Infrared insert skimmers in a recent wave of ATM attacks
·      Did you receive a WhatsApp subscription ending email or text? Watch out!
·      Hackshit PhaaS platform, even more easy to power Phishing campaigns
·      Security Affairs newsletter Round 119 – News of the week
·      Ashley Madison agrees to an $11.2 Million settlement for a 2015 massive data breach
·      For the second time in the year, experts found a flaw in Cisco WebEx Extension
·      Russian nation-state actors blamed for cyber attacks against Irish energy networks
·      SMS Phishing induces victims to photograph its own token card
·      Whats new after the AlphaBay Market Shutdown in the darkweb?
·      Android Backdoor GhostCtrl can spy on victims and take over Windows Systems
·      Hacker steals $7 Million in Ethereum from CoinDash in just 3 minutes
·      Lithuania to extradite the man responsible for 100M email scam against Google and Facebook
·      Two CryptoMix Ransomware variants emerged in a few days
·      IntelliAV: Toward the Feasibility of Building Intelligent Anti-Malware on Android Devices
·      Oracle July 2017 Critical Patch Update addresses record-breaking 308 issues
·      SHELLBIND IoT malware targets NAS devices exploiting SambaCry flaw
·      Wikileaks: CIA tasked Raytheon for analyzing TTPs used by threat actors in the wild
·      A bug in Gnome pic parser can be exploited to run malicious VBScripts
·      Black Hat is coming and with it a good reason to update your Broadcom-based devices
·      DDoS Tools availability Online, a worrisome trend
·      How to hack a Segway Ninebot miniPRO hoverboard in 20 seconds
·      Huge blow to the criminal underground in the dark web, authorities shut down AlphaBay and Hansa black marketplaces
·      Tor launches Bug Bounty Program, hackers can earn between $2,000 and $4,000 for high severity flaws
·      DarkHotel APT group leverages new methods to target politicians
·      Microsoft sued Fancy Bear to gain control of the domains used in the cyber espionage campaigns
·      Modified versions of Nukebot Trojan spotted in wild after code leak
·      A Russian man involved in the development and maintenance of Citadel was sentenced to five years in prison
·      Lloyds of London: A massive cyber attack could cause an average of $53 billion of economic losses
·      Russias Duma has approved the bill to prohibit tools used to surf outlawed websites
·      Stantinko botnet was undetected for at least 5 years while infecting half a million systems

Hurry up, subscribe to the newsletter, next Sunday you will receive all the news directly in your inbox.I desire to inform you that Security Affairs is now open to sponsored content..I desire to inform you that Security Affairs is now open to sponsored content.
I’ll offer the opportunity to:
•    Insert banners of various sizes in all the posts on Security Affairs.
•    Publish sponsored posts written by the customers that can include any kind of commercial reference.
•    Arrange a monthly/quarterly/annual campaign (for big customers) to advertise customers’ activities and discoveries.
For more info contact me at [email protected]
Thanks for supporting Security Affairs.

(function() {
if (!window.mc4wp) {
window.mc4wp = {
listeners: [],
forms : {
on: function (event, callback) {
window.mc4wp.listeners.push({
event : event,
callback: callback
});
}
}
}
}
})();

newsletter

Once again thank you!

medianet_width=’300′; medianet_height= ‘250’; medianet_crid=’762221962′;

Pierluigi Paganini

(Security Affairs – Newsletter)

medianet_width = “600”;
medianet_height = “120”;
medianet_crid = “757750211”;
medianet_versionId = “111299”;
(function() {
var isSSL = ‘https:’ == document.location.protocol;
var mnSrc = (isSSL ? ‘https:’ : ‘http:’) + ‘//contextual.media.net/nmedianet.js?cid=8CU5BD6EW’ + (isSSL ? ‘&https=1’ : ”);
document.write(”);
})();

The post Security Affairs newsletter Round 120 – News of the week appeared first on Security Affairs.

Source: Security affairs

Worst known governmental leak ever affected the Swedish Transport Agency, data includes records of members of the military secret units.

Sweden might be the scenario for the worst known governmental leak ever, the Swedish Transport Agency moved all of its data to “the cloud,” but it transferred it to somebody else’s computer.

The huge trove of data includes top secret documents related to the fighter pilots, SEAL team operators, police suspects, people under witness relocation.

“The responsible director has been found guilty in criminal court of the whole affair, and sentenced to the harshest sentence ever seen in Swedish government: she was docked half a month’s paycheck.” wrote PrivacyNewsOnline.

Full data of top-secret governmental individuals, including photo, name, and home address, was leaked.

Director General Maria Ågren in Sweden was fined half a month’s salary in a very short trial.

Further investigation in the governmental data leak revealed that the Swedish Transport Agency moved all its data to “the cloud”, as managed by IBM, two years ago, but suddenly the Director General of the Transport Agency, Maria Ågren, was quickly retired from her position in January 2017.

On July 6 it was disclosed the news that the Director was found guilty of exposing classified information in a criminal court of law.

But on July 6th, she is known to be secretly investigated to have cleared confidential information. According to the Security Unit for Security Objectives, the data may damage the security of the country. She is ordered to pay 70,000 kronor in daily fines.” reported the website SvtNyHeater.se.

“Among other things, the entire Swedish database of driving license photos has been available to several Czech technologies, which have not been tested for security. This means that neither the SÄPO nor the Transport Agency had control over the persons who handled the information that could be said to damage the security of the country.

Leaked data included information related to people in the witness protection program and similar programs. This information was wrongly included in the register distributed outside the Agency as part of a normal procedure. Another unacceptable mistake was discovered by the investigators when a new version without the sensitive identities was distributed, the Agency did not instruct recipients of destroying the old copy.

“Last March, the entire register of vehicles was sent to marketers subscribing to it. This is normal in itself, as the vehicle register is public information, and therefore subject to Freedom-of-Information excerpts.” continues the Swedish website. “What was not normal were two things: first, that people in the witness protection program and similar programs were included in the register distributed outside the Agency, and second, when this fatal mistake was discovered, a new version without the sensitive identities was not distributed with instructions to destroy the old copy. Instead, the sensitive identities were pointed out and named in a second distribution with a request for all subscribers to remove these records themselves. This took place in open cleartext e-mail.”

Swedish Transport Agency

Sensitive data on Swedish vehicles was released to companies with no security clearance. Credit: Jonas Ekströmer/TT

Leaked information is precious data for a foreign government in an Information warfare scenario, data includes records of fighter pilots in the Air Force, policemen, and members of the military’s most secret units.

The archive also includes any kind of information about any government and military vehicle, including their “operator, which says a ton about the structure of military support units;”

The PrivacyNewsOnline confirmed that the governmental data leak is still ongoing and that it can be expected to be fixed “maybe this fall”.

“Much of the available analysis of the leak is still in the form of fully-redacted documents from the Security Police and similar agencies.” concluded the news agency.

medianet_width=’300′; medianet_height= ‘250’; medianet_crid=’762221962′;

Pierluigi Paganini

(Security Affairs –  (Sweden governmental leak, Swedish Transport Agency)

medianet_width = “600”;
medianet_height = “120”;
medianet_crid = “757750211”;
medianet_versionId = “111299”;
(function() {
var isSSL = ‘https:’ == document.location.protocol;
var mnSrc = (isSSL ? ‘https:’ : ‘http:’) + ‘//contextual.media.net/nmedianet.js?cid=8CU5BD6EW’ + (isSSL ? ‘&https=1’ : ”);
document.write(”);
})();

The post Worst known governmental leak ever affected the Swedish Transport Agency. Homeland security at risk appeared first on Security Affairs.

Source: Security affairs

The hacker BestBuy pleaded guilty in court on Friday to hijacking more than 900,000 routers from the network of Deutsche Telekom

The notorious hacker BestBuy, also known as Popopret, pleaded guilty in court on Friday to hijacking more than 900,000 routers from the network of Deutsche Telekom. The 29-year-old man, whom name wasn’t revealed by authorities. used a custom version of the Mirai IoT malware.

bestbuy

Earlier July the popular investigator Brian Krebs announced to have discovered the real BestBuy’s identity. according to the experts, the hacker is the Briton Daniel Kaye.

BestBuy was also known as the author of the GovRAT malware, he offered the source code of the RAT, including a code-signing digital certificate, for nearly 4.5 Bitcoin on the TheRealDeal black market.

German authorities referenced the man as Spiderman which is the name he used to register the domain names that the hacker used as C&C for his botnet.

According to the German website FutureZone.de, Deutsche Telekom estimated that the losses caused by the cyber attack were more than two million euros.

BestBuy targeted the routers in late November 2016 with the intent to recruit them in its botnet that was offered as a DDoS for hire service, but accidentally the malicious code variant he used triggered a DoS condition in the infected devices.

“The hacker admitted in court that he never intended for the routers to cease functioning. He only wanted to silently control them so he can use them as pawns in a DDoS botnet. ” wrote Bleepingcomputer.com.

Early December 2016, the man used another flawed version of Mirai that caused the same widespread problem in UK where more than 100,000 routers went offline. The routers belonged to Kcom, TalkTalk, a UK Postal Office, TalkTalk ISPs.

BestBuy was arrested in late February 2017 by the UK police at the London airport, then he was extradited to Germany to face charges in a German court in Cologne.

On July 21, the hacker BestBuy pleaded guilty, according to German media the man explained that he was hired by a Liberian ISP to carry out DDoS attacks on local competitors.

The hacker said the Liberian ISP paid him $10,000 to hit its competitors.

BestBuy’s sentencing hearing is scheduled July 28, the man faces up to ten years in the jail.

medianet_width=’300′; medianet_height= ‘250’; medianet_crid=’762221962′;

Pierluigi Paganini

(Security Affairs –  (Mirai, Deutsche Telekom)

medianet_width = “600”;
medianet_height = “120”;
medianet_crid = “757750211”;
medianet_versionId = “111299”;
(function() {
var isSSL = ‘https:’ == document.location.protocol;
var mnSrc = (isSSL ? ‘https:’ : ‘http:’) + ‘//contextual.media.net/nmedianet.js?cid=8CU5BD6EW’ + (isSSL ? ‘&https=1’ : ”);
document.write(”);
})();

The post Hacker BestBuy pleads guilty to hijacking more than 900k Deutsche Telekom routers appeared first on Security Affairs.

Source: Security affairs

The news came in on Saturday, July 22nd, when the game’s servers went down. Masses of Pokemon Go players were unable to get the game to work. The Pokemon Go Fest event was held in the vicinity of Butler Field in the Grant Park. It was planned and announced by Niantic that the players will […]

The post Pokemon Go Fest Faces A Rough Start, Niantic CEO Booed by Fans Over Game Malfunctions appeared first on MobiPicker.

Source: http://www.mobipicker.com/feed/

The Russian hacker Mark Vartanyan was sentenced to five years in prison for his involvement in the development and maintenance of the Citadel botnets.

It’s a terrific moment for cyber criminals, law enforcement worldwide continues their fight against illegal activities online and the recent shut down of AlphaBay and Hansa black markets demonstrate it.

The news of the day is that the Russian hacker Mark Vartanyan was sentenced to five years in prison for his involvement in the development and maintenance of the Citadel botnets.

Vartanyan, also known with the pseudonymous of “Kolypto” was arrested in Norway and extradited to the United States in December 2016.

Kolypto pleaded guilty in court in March 2017, he was charged with one count of computer fraud.

“Citadel caused vast amounts of harm to financial institutions and individuals around the world. Mark Vartanyan utilized his technical expertise to enable Citadel into becoming one of the most pernicious malware toolkits of its time, and for that, he will serve significant time in federal prison,” said US Attorney John Horn.

Citadel started being offered for sale in 2011 on invite-only, Russian cybercriminal forums, it is directly derived from the popular Zeus banking Trojan, in June 2013 Microsoft and the FBI carried out takedowns that eradicated more than 1,400 bots (nearly 88% of overall Citadel botnet) associated with this malware.

citadel panel

Experts estimated that the malware has been responsible for over $500 million in financial fraud.

Across the years, the Citadel malware affected more than 11 million computers globally, the most recent variant derived by Citadel is Atmos and it was spotted in April 2016 when he infected more than 1,000 bots.

The Vartanyan’s role was crucial for the malware distribution, the man was involved in the development and improving maintenance of Citadel. He was active from August 21, 2012 and January 9, 2013, while residing in Ukraine, and between on or about April 9, 2014 and June 2, 2014, while residing in Norway.

“Malicious software and botnets are rarely created by a single individual. Cybercrime is an organized team effort involving sophisticated, talented, and tech savvy individuals. Today’s sentencing of Mr. Vartanyan […] both removes a key resource from the cyber underworld and serves as a strong deterrent to others who may be contributing to the development of botnets and malware. The threat posed by cyber criminals in the U.S. and abroad is ever increasing,” David J. LeValley, Special Agent in Charge, FBI Atlanta Field Office, said.

medianet_width=’300′; medianet_height= ‘250’; medianet_crid=’762221962′;

Pierluigi Paganini

(Security Affairs –  (Citadel botnet, hacking)

medianet_width = “600”;
medianet_height = “120”;
medianet_crid = “757750211”;
medianet_versionId = “111299”;
(function() {
var isSSL = ‘https:’ == document.location.protocol;
var mnSrc = (isSSL ? ‘https:’ : ‘http:’) + ‘//contextual.media.net/nmedianet.js?cid=8CU5BD6EW’ + (isSSL ? ‘&https=1’ : ”);
document.write(”);
})();

The post A Russian man involved in the development and maintenance of Citadel was sentenced to five years in prison appeared first on Security Affairs.

Source: Security affairs

Enlarge (credit: EWE)

A German energy company recently announced that it’s partnering with a university to build a massive flow battery in underground salt caverns that are currently used to store natural gas. The grid-tied battery, the company says, would be able to power Berlin for an hour.

The technology that the project is based on should be familiar to Ars readers. Two years ago, Ars wrote about an academic paper published in Nature that described “a recipe for an affordable, safe, and scalable flow battery.” German researchers had developed better components for a large, stationary battery that used negatively and positively charged liquid electrolyte pools to exchange electrons through a reasonably priced membrane. These so-called “flow batteries” are particularly interesting for grid use—they have low energy-density, so they don’t work for portable energy storage. But as receptacles for utility-scale electricity storage, their capacity is limited only by the amount of space you have.

Now the ideas in that paper are graduating to real-world use. EWE Gasspeicher, a gas-storage company owned by German power company EWE, announced in June that it’s looking into building the researchers’ flow battery in two medium-sized salt caverns that the company has been using to store natural gas. EWE is calling the project “brine4power,” reflecting how a saltwater brine is used in the electrolyte.

Read 7 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

Many users have been left in the lurch by the very famous “iMessage Waiting for Activation” error. iMessage is a great feature but comes with its own set of issues. Are you troubled by “iMessage Waiting for Activation” error? Looking for an easy fix? We know how it feels when you badly want to get the […]

The post “iMessage Waiting for Activation” Error on iPhone – 7 Ways to Fix [How-to] appeared first on MobiPicker.

Source: http://www.mobipicker.com/feed/

Enlarge / Welcome to the nerdiest, most-inside-baseball TV event this side of network upfronts. (credit: Nathan Mattise)

AUSTIN, Texas—Familiar IP (intellectual property) runs rampant on TV these days no matter where a viewer turns. Netflix openly exploits its access to the Marvel universe and has a penchant for reinvigorating classic IP across medium (from Wet Hot American Summer to Fuller House). Small cable networks offer numerous examples: CW has opted for DC with Arrow and The Flash; FX has FargoSyFy has The Expanse; Showtime has American Godsand on and on. Even the big networks have embraced this, and recently they can’t seem to leave vintage movies alone (whether we’re discussing Fox’s Minority Report and Lethal Weapon attempts or NBC’s departed-too-soon Hannibal).

At this summer’s ATX Television Festival, execs from major players like HBO, Freeform, Marvel, and Dreamworks took the stage together hoping to shed some light on the trend. High rates of IP recycling haven’t coincided with a lack of engaging originals (see: Stranger Things, Mad Men, Breaking Bad/Better Call Saul, The Americans, GLOW, etc.). Evidently, the modern TV landscape offers room for both, so why the glut of familiar franchises? Everyone in attendance had plenty of theories.

“To start, it’s a risky business, and most of the stuff we develop just fails,” Marvel’s Grant Gish said. “But when you have a leg up—a great book, comic book, old movie, or TV show—it eliminates some of that.” Gish notes a known Marvel entity carries with it automatic audience awareness. And if network execs remain conservative when greenlighting productions, assurances of an inherent audience can go a long way.

Read 13 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

A huge botnet dubbed Stantinko was undetected for at least 5 years, the disconcerting discovery was made by researchers from security firm ESET.

According to ESET, the Stantinko botnet has infected around half a million computers worldwide. Operators behind the botnet powered a massive adware campaign active since 2012, crooks mainly targeted users in Russia and Ukraine searching for pirated software.

The researchers discovered that the attack vector used by the cyber criminals is an app called FileTour, it is used to install a variety of programs on the victim’s machine, while also launching Stantinko in the background.

“Making heavy use of code encryption and rapidly adapting so as to avoid detection by anti-malware, Stantinko’s operators managed to stay under the radar for at least the last five years, attracting very little attention to their operations.” states the analysis published by ESET.

The botnet is mainly used to install on the infected systems browser extensions that are used to inject ad and perform click fraud.

The malicious browser extensions installed by the Stantinko malware are called The Safe Surfing and Teddy Protection. Both extensions distributed through the Chrome Web Store are used to block unwanted URLs. The botnet installs its versions of both browser extensions that are able to receive a configuration to perform click fraud and ad injection.

The researchers also noticed that the Stantinko malware could be used take full control of the target systems, it leverages on services that allow attackers conduct several malicious activities (i.e. performing massive searches on Google, performing brute-force attacks on Joomla and WordPress installs).

The malware installs two specific Windows services after compromise, each of them is able to reinstall the other if deleted. This means that in order to sanitize the system it is necessary to remove both services at the same time.

Stantinko botnet

The Stantinko malware is a modular backdoor, its components embed a loader allowing them to execute any Windows executable sent by the C&C server directly in memory.

“This feature is used as a very flexible plugin system allowing the operators to execute anything on an infected system. Table 1 is a description of known Stantinko plugins.

Module Name Analysis
Brute-force Distributed dictionary-based attack on Joomla and WordPress administrative panels.
Search Parser Performs massive distributed and anonymous searches on Google to find Joomla and WordPress websites. It uses compromised Joomla websites as C&C servers.
Remote Administrator Backdoor that implements a full-range of actions from reconnaissance to data exfiltration.
Facebook Bot Bot performing fraud on Facebook. Its capabilities include creating accounts, liking picture or pages, and adding friends.

Experts speculate that crooks work close to the advertisers that pay for the traffic they receive from the botnet.

“On the other hand, traditional click-fraud malware relies on a series of redirections between several ad networks to launder their malicious traffic. This shows that not only are the Stantinko operators able to develop highly stealthy malware, but they are also able to abuse the traditional ad-serving economy without getting caught,” ESET points out.

 

medianet_width=’300′; medianet_height= ‘250’; medianet_crid=’762221962′;

Pierluigi Paganini

(Security Affairs – Stantinko botnet, cybercrime)

medianet_width = “600”;
medianet_height = “120”;
medianet_crid = “757750211”;
medianet_versionId = “111299”;
(function() {
var isSSL = ‘https:’ == document.location.protocol;
var mnSrc = (isSSL ? ‘https:’ : ‘http:’) + ‘//contextual.media.net/nmedianet.js?cid=8CU5BD6EW’ + (isSSL ? ‘&https=1’ : ”);
document.write(”);
})();

The post Stantinko botnet was undetected for at least 5 years while infecting half a million systems appeared first on Security Affairs.

Source: Security affairs

Here are we with our weekly roundup, briefing this week’s top cyber security threats, incidents and challenges.

This week has been very short with big news from shutting down of two of the largest Dark Web marketplaces and theft of millions of dollars in the popular Ethereum cryptocurrency to the discovery of new Linux malware leveraging SambaCry exploit.

We are here with the outline of this


Source: http://feeds.feedburner.com/TheHackersNews