Create a Ransomware in three easy steps - No knowledge of hacking (or even programming) is needed.

Apparently it is free ( I wonder why? )

It is called TOX

From the Article:

• Tox is free. You just have to register on the site.
• Tox is dependent on TOR and Bitcoin. That allows for some degree of anonymity.
• The malware works as advertised.
• Out of the gate, the standard of antimalware evasion is fairly high, meaning the malware’s targets would need additional controls in place (HIPS, whitelisting, sandboxing) to catch or prevent this.

Once you register for the product, you can create your malware in three simple steps.

1. Enter the ransom amount. (The site takes 20% of the ransom.)
2. Enter your “cause.”
3. Submit the captcha.

Follow this link for more information:

https://blogs.mcafee.com/mcafee-labs/meet-tox-ransomware-for-the-rest-of-us

Have you ever used words "MOOSE" and "WORM" in a single sentence - Now you can "Moose - Router Worm"

Interesting, it can even eradicate existing Malware 

I remember this use to happen during the "virus era"

Good news is it exploits the lazy users meaning,  poor configuration / weak credentials.

From the Article:

Moose worm does not rely upon amy underlying vulnerability in the routers – it is simply taking advantage of devices that have been weakly configured with poorly chosen login credentials.

The principal victims are likely to be routers – with devices from Actiontec, Hik Vision, Netgear, Synology, TP-Link, ZyXEL, and Zhone already identified as vulnerable

ESET’s team observed the worm creating bogus accounts on sites such as Instagram, and automatically following users. In many cases the rise in followers was carefully staggered over some days, seemingly to avoid raising alarms in automated systems built by the social networks to identify suspicious behaviour.

As well as social networking fraud, ESET’s paper considers that the malware could potentially be used for other activities – such as distributed denial-of-service attacks, targeted network exploration (where it works hard to dig deep past firewalls) and eavesdropping and DNS hijacking (which could lead itself to phishing and further malware attacks).

More here

http://www.welivesecurity.com/2015/05/26/moose-router-worm/

Thieves steal tax info from IRS

Anyone surprised?

Testing the software/code is more important than writing code.

(Anyone listening?)

From the Article:

In a statement Tuesday, the IRS said the thieves accessed a system called "Get Transcript." In order to access the information, the thieves cleared a security screen that required knowledge about the taxpayer, including the Social Security number, date of birth, tax filing status and street address.

More here

http://www.wsls.com/story/29159302/apnewsbreak-irs-says-thieves-stole-tax-info-from-100000

Security Researcher detects vulnerability - And Starbucks considers it FRAUD?

But, it also claims that it fixed this issue after being informed by this researcher.

From the Article:

Egor Homakov of the Sakurity security consultancy found a weakness known as a race condition in the section of the Starbucks website responsible for checking balances and transferring money to gift cards. To test if an exploit would work in the real world, the researcher bought three $5 cards. After a fair amount of experimentation, he managed to transfer the $5 balance from card A to card B, not just once as one would expect, but twice. As a result, Homakov now had a total balance of $20, a net—and fraudulent—gain of $5.

The researcher went on to visit a downtown San Francisco Starbucks location to make sure his attack would actually work. He used the two cards to make a $16.70 cent purchase. He went on to deposit an additional $10 from his credit card "to make sure the US justice system will not put us in jail over $1.70," he explained in a blog post.

"It was just completely uncalled for claiming that I committed fraud," Homakov said of the latter call. "It made me angry."

More here

http://arstechnica.co.uk/security/2015/05/researcher-who-exploits-bug-in-starbucks-gift-cards-gets-rebuke-not-love/

DOJO - Free web Application Security penetration testing. Tools + Targets + documentation (what els do you need? free beer, maybe)

What more can you ask for

This removes the possibility of remote attack on the targets, which are insecure by design. The Dojo contains everything needed to get started – tools, targets, and documentation.



Everything You need is here
https://www.mavensecurity.com/web_security_dojo/

Information beloging to Million+ customers handed over to hackers ( I mean not voluntarily) - I think I have heard this name (Blue Cross Blue Shield) name a few times before

Of course, if handed over voluntarily , it would be called insider theft.

If the external part gets hold of it , it would be called "being hacked". However, the word "hacked" somehow implies that the data was stolen by passing some complicated security controls.

Could it be that the company had shabby Security

OR

Just spent  a lot of money without having a "common sense" security approach?

However , there is one small gain

CareFirst is offering two years of free credit monitoring so, if you are one of the affected ones, take advantage of this offer.

From the Article

Attackers gained access to a single company database containing the sensitive and personal information of more than a million of its current and former health insurance customers. 

In an effort to downplay the attack, CareFirst CEO Chet Burrell and other spokespersons are claiming that Social Security numbers, medical claims, employment, payment card and financial information were not exposed in the breach. 

CareFirst claims it initially detected the attack but incorrectly believed it had contained the attack and prevented the attackers from accessing any information. It only became aware of the full scope of the attack after hiring an incident response firm to perform a network analysis 

For more info:

https://threatpost.com/1-1-million-affected-by-carefirst-bluecross-blueshield-breach/112951

Patch Your Watch - Does it sound funny?

Not if you are wearing a computer that calls itself a watch


From the Article

Among the other bugs fixed in Watch OS 1.01 are eight separate kernel vulnerabilities. A couple of those flaws can allow an attacker to cause a DoS, while others can give an attacker elevated privileges. There also is a potential code-execution vulnerability in the kernel.



For more details:
https://threatpost.com/apple-releases-patches-for-a-watch/112920

This is not good - Trojanized Putty Client

From the article:

According to Symantec researchers, an unofficial version of the open-source Secure Shell (SSH) client PuTTY has been discovered in the wild which may compromise the privacy and safety of developers.

The Trojanized PuTTY version was first discovered in 2013, however the researchers believe scanner tests were being performed at this time due to low levels of distribution. However, the file is now being downloaded after users seek a download through Google and inadvertently pick a compromised third-party website to download the program rather than its official source.

The compromised website then redirects the user several times, ultimately connecting them to an IP address in the United Arab Emirates, according to Symantec. The altered version of PuTTY then is downloaded.

Use the link below for more details:

http://www.zdnet.com/article/trojanized-version-of-putty-client-discovered-online/

4 strategies that could prevent 85% of targeted high risk vulnerabilities (??)

This is something most sensible security guys always knew.

1. Application white-listing 
2. Patching applications: 
3. Patching operating system vulnerabilities:  
4. Restricting administrative privileges to operating systems and applications based on user duties: 

Check the following link for more details
http://h30499.www3.hp.com/t5/HP-Security-Products-Blog/Can-these-4-strategies-prevent-85-of-targeted-high-risk/ba-p/6744269

FREE - Virtualization Security Best Practice White Paper from CSA

The link below has the PDF




https://downloads.cloudsecurityalliance.org/whitepapers/Best_Practices_for%20_Mitigating_Risks_Virtual_Environments_April2015_4-1-15_GLM5.pdf

VENOM - Perfect Name for a BUG

Good news is that the patch would be available tomorrow
Bad news is that we won't know if it  would be applied immediately by our  cloud vendors


From the Article:

Affected platforms include Xen hypervisors, KVM, Oracle VM VirtualBox and the native QEMU client. Geffner estimates that these machines account for the majority of the virtual machine market, due to their widespread use by cloud computing services, infrastructure as a service providers and appliance vendors.

It's a stealthy back door into corporate networks that is hard to detect with current security technology, he said.

To add insult to injury, even if administrators have disabled the virtual floppy drive code -- because really, who uses floppy drives? -- another, totally unrelated bug, still allows that code to be accessed.



For more details follow the link below:
http://www.csoonline.com/article/2921589/application-security/significant-virtual-machine-vulnerability-has-been-hiding-in-floppy-disk-code-for-11-years.html

Starbucks App Hacked?

From the Article:

Those carrying out the attacks have taken advantage of a feature of the smartphone apps called "auto top-up" which automatically added a pre-defined amount of money to your card when it drops below a certain figure.

In one attack, reported by consumer journalist Bob Sullivan, an Orlando woman had her balance of $34.77 (£23.93) wiped off her account before it auto-updated with $25 and then again with a further $75 after the hackers changed the auto top-up amount

For more details follow the link below:

http://www.ibtimes.co.uk/starbucks-customer-accounts-hacked-through-smartphone-apps-1501118

Smart Guys - Created a Botnet that exploits default username /passwords

Are there drivers that do not know how to adjust their car mirrors or the seats ?

If there are (almost) none, how come we still have users that do not change the default passwords

The vendors could  force us  change the default password when we configure the system the first time but, they are not responsible for our security so, they don't care. (after all, even we don't seem to care)

From the article:

Incapsula discovered a botnet, still largely active, that primarily consists of routers manufactured by the California-based networking company Ubiquiti Networks. While the firm initially assumed the routers suffered from a shared firmware flaw, researchers were able to determine that all units are remotely accessible via HTTP and SSH on their default ports, and could also be accessed via vendor-provided default login credentials. 

The botnet scans for other routers that may have been misconfigured and executes shell scripts to access their SSH ports via default credentials.

“For perpetrators, this is like shooting fish in a barrel, which makes each of the scans that much more effective,” the firm said in a report released Tuesday,

Follow the link below for more details

https://threatpost.com/default-credentials-lead-to-massive-ddos-for-hire-botnet/112767

I am sure you won't like this - A cybersecurity company faked hacks and extorted clients to buy its services

I guess they had a simple three step strategy: 

1. Hack a company
2. Inform the company and force them to get their service.
3. If they don't listen , destroy them (I am not exaggerating)

After all Fear is the best sales tool (Governments use them regularly )



From the article:

In a federal court this week, Richard Wallace, a former investigator at cybersecurity company Tiversa, said the company routinely engaged in fraud -- and mafia-style shakedowns.

The results were disastrous for at least one company that stood up to Tiversa and refused to pay.

In 2010, Tiversa scammed LabMD, a cancer testing center in Atlanta, Wallace testified. Wallace said he tapped into LabMD's computers and pulled the medical records.

The cybersecurity firm then alerted LabMD it had been hacked. Tiversa offered it emergency "incident response" cybersecurity services. After the lab refused the offer, Tiversa threatened to tip off federal regulators about the "data breach."

When LabMD still refused, Tiversa let the Federal Trade Commission know about the "hack."

Follow the link below for more details:

http://money.cnn.com/2015/05/07/technology/tiversa-labmd-ftc/index.html

AV Vendors should try to get better - Not Cheat

Tencent is one vendor that attempted to cheat 

From the article:

As part of our research, we found that all the tools we're using for the performance benchmark were "whitelisted" using their name (Eg "AcroRd32.exe"), so the Tencent scan engine won't check them anymore," Marx said.

This only applied to exactly the programs we're using (some are well know, like Acrobat Reader, but some are less commonly used).

"The "whitelist" was even extended from month to month by exactly the tools we used for the next benchmark, so this optimisation was clearly focusing on our tests only."

Once the tools were renamed, Tencent product performance decreased significantly, confirming the test-specific optimisations.

Follow the link below for more details

http://www.crn.com.au/News/403708,second-chinese-security-vendor-caught-cheating.aspx

Microsoft LAPS (Local Administrator Password Solution) - Something worth trying

Remember:

"Layered Security" is the common sense approach.
So, this is one additional layer
But , on the downside it makes Active Directory a more attractive Honey pot

Windows admins have long used a common local account with the same password on computers in the same domain. This provides attackers with a single point of failure to target; one password affords access to every machine. What the LAPS tool does is set a random password for the common local admin account on machines in the same domain, Microsoft said

Try the following link for more details:
https://technet.microsoft.com/en-us/library/security/3062591.aspx

USB KillSwitch - Interesting idea , maybe useful

From the article:

"USBKill" is a script that turns an innocent-looking thumb drive into a kill switch that, when unplugged, forces computers to shut down.

"USBKill waits for a change on your usb ports, then immediately kills your computer," Hephaestos says in a Github document.

For More details check the link below:

http://www.theregister.co.uk/2015/05/05/usbkills_laptops_to_beat_the_heat/

UBER Hacked?

Change your password now!

From the article:

“It was crazy,” Stephanie Crisco told the publication. “I used Uber for the first time Thursday night. On Friday morning I received a notification on my phone that my driver was en route. I didn't request a driver. I clicked on the notification and it said that the ride was cancelled but the pickup was in London.”

she wasn't alone in reporting Uber account problems. Many other users have posted on Twitter, saying that their Uber accounts have been hijacked by unknown individuals who took rides using their accounts.

The easiest thing you can do to protect your Uber account right now is actually to follow Uber's advice and change your Uber password to something unique, so hackers who have stolen credentials from other services can’t reuse them on Uber.

For More details check the link below:

http://bgr.com/2015/05/04/uber-username-and-password-change/

FREE - Source Code Audit Tool - GRAUDIT v1.9

From the Article:

Graudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility grep. It’s comparable to other static analysis applications and source code auditing tool sets like RATS, SWAAT and flaw-finder while keeping the technical requirements to a minimum and being very flexible.



Check the following link for more information:
http://www.darknet.org.uk/2015/05/graudit-v1-9-download-grep-source-code-auditing-tool/

Another day another CC Breach - Hard Rock Cafe takes a hard hit

With whatever is happening around we should:

1. Watch all credit card transactions.
2. Keep the phone numbers ready to cancel them

it is only a matter of time that it happens to one of us (oh, it already happened to me)


From the article:

The Hard Rock Hotel and Casino, a 640-room hotel in Las Vegas, has warned payment cards may have been compromised over an eight-month period ending early last month.

The hotel said the card details were exposed between Sept. 2, 2014 and April 2 this year. 

Check the following link for more information:
http://www.pcworld.com/article/2918057/hard-rock-hotel-and-casino-warns-of-possible-payment-card-hack.html

Sally Beauty Breached (Again???)

Approximately one year ago they had Credit Card data breach.

They are breached again?
Did they learn any lessons at all



From the Article

Last week, KrebsOnSecurity began hearing from multiple financial institutions about a pattern of fraudulent charges on cards that were all recently sally used at Sally Beauty locations in various states. 

The company also sent out an urgent alert today to its employees, asking associates to direct any customers with credit card issues to the Sally Beauty Web site or to call customer service. “We hadn’t gotten an email like that since last year when we had our breach,” the Sally Beauty employee said on condition of anonymity.

check this link for more details:

https://krebsonsecurity.com/2015/05/sally-beauty-card-breach-part-deux/

Link to the previous Breach article:

http://martin-news-bytes.blogspot.com/2014/03/beauty-chain-sally-beauty-turns-ugly.html

CareerBuilder accidentally turns Malware builder

It is bad but kinda funny

Here is the kicker

The actual payload that is dropped on the victim’s computer once the attachment is opened, is likely to slip past defenses, because it is concealed in an image.


From the article:

When a resume is submitted, CareerBuilder automatically sends a notification email to the company that posted the ad, along with the resume attached to it.


In this particular case, when the end-user opens the email and attempts to view the attachment, the document exploits a known vulnerability in Word to place a malicious binary on the user’s system. The binary then contacts a command and control server, which downloads and unzips a image file, which in turn drops a backdoor dubbed Sheldor on the victim’s computer, Proofpoint said in a blog post describing the attack.


For more info, follow the link below:
http://www.darkreading.com/vulnerabilities---threats/careerbuilder-attack-sends-malware-rigged-resumes-to-businesses/d/d-id/1320236