Monthly Archives: September 2016

nastiest-of-all-ransomware-mamba-encrypts-entire-hard-drive-3Ransomware is indeed a growing threat for anything that is connected to the Internet but what Brazil-based security firm Morphus Labs has discovered has surpassed all previous discoveries in this domain. Yes, the IT security researchers at Morphus Labs have discovered a ransomware malware that’s not only locking up victims’ files but also encrypting their hard drives. Mamba ransomware is attacking computer around the globe; it is a Windows-based ransomware that was discovered to be infecting computers in Brazil, India and the United States.

Read more at
https://www.hackread.com/mamba-ransomware-encrypts-hard-drive/

openssl-ddos-attackThe OpenSSL Foundation has patched over a dozen vulnerabilities in its cryptographic code library, including a high severity bug that can be exploited for denial-of-service (DoS) attacks. OpenSSL is a widely used open-source cryptographic library that provides encrypted Internet connections using Secure Sockets Layer (SSL) or Transport Layer Security (TLS) for the majority of websites, as well as other secure services. The vulnerabilities exist in OpenSSL versions 1.0.1, 1.0.2 and 1.1.0 and patched in OpenSSL versions 1.1.0a, 1.0.2i and 1.0.1u. The Critical-rated bug (CVE-2016-6304) can be exploited by sending a large OCSP Status Request extension on the targeted server during connection negotiations, which causes memory exhaustion to launch DoS attacks, the OpenSSL Project said.

Read more at
http://thehackernews.com/2016/09/openssl-dos-attack.html

nsa-hacking-tool-exploitsIf you are a hacker, you might have enjoyed the NSA’s private zero-day exploits, malware and hacking tools that were leaked last month. But the question is: How these hacking tools ended up into the hands of hackers? It has been found that the NSA itself was not directly hacked, but a former NSA employee carelessly left those hacking tools on a remote server three years ago after an operation and a group of Russian hackers found them, sources close to the investigation told Reuters. The leaked hacking tools, which enable hackers to exploit vulnerabilities in systems from big vendors like Cisco Systems, Juniper, and Fortinet, were dumped publicly online by the group calling itself “The Shadow Brokers.”

Read more at
http://thehackernews.com/2016/09/nsa-hacking-tool-exploits.html

malware-usb-driveAustralia’s Victoria Police Force has issued a warning regarding unmarked USB flash drives containing harmful malware being dropped inside random people’s letterboxes in the Melbourne suburb of Pakenham. It seems to one of the latest tactics of cyber criminals to target people by dropping malware-laden USB sticks into their mailboxes, in the hope unsuspecting users will plug the infected devices into their personal or home computers. The warning, published on the official website of the Victoria Police, one of Australia’s state police departments, reads: “Members of the public are allegedly finding unmarked USB drives in their letterboxes. Upon inserting the USB drives into their computers victims have experienced fraudulent media streaming service offers, as well as other serious issues [malware]. The USB drives are believed to be extremely harmful and members of the public are urged to avoid plugging them into their computers or other devices.”The warning comes after a recent flood of reports from residents in the suburb of Pakenham who found compromised unmarked drives in their mailboxes and inserted them into their computers.

Read more at
http://thehackernews.com/2016/09/usb-malware.html

 

gchqThe Government Communications Headquarters (GCHQ), the UK’s secretive signals intelligence agency, is developing ‘automated defence’ tools – already dubbed the ‘Great British Firewall’ – to help combat a spike in cyberattacks over the past year. The scheme, which is still in the early planning stages, would see major UK service providers working alongside GCHQ in a voluntary capacity to help filter malicious website domains that could potentially be used by hackers or state-sponsored rivals to infect computer systems. The main base for the operation is likely to be the agency’s upcoming National Cyber Security Centre (NCSC), set to launch later this year, which will bring together experts from MI5, Cert, local law enforcement and private industry to help fight the threat of hacking. “We know automated defences work on the internet,” Ciaran Martin, GCHQ’s director-general for cyber security, said during a conference in Washington DC on 13 September.

Read more at
http://www.ibtimes.co.uk/gchq-plans-great-british-firewall-protect-uk-against-hackers-1581299

edward-snowden-nsaA former National Security Agency (NSA) intelligence analyst has hit out at agency whistleblower Edward Snowden for urging US president Barack Obama to grant him a presidential pardon on the grounds his infamous disclosures were beneficial to the public. Snowden, who currently resides in Russia under asylum after handing over one million secret NSA documents to journalists, previously said that he would return home to the US if he could be guaranteed a fair trial – an option that seems unlikely under the current administration.

Read more at
http://www.ibtimes.co.uk/former-nsa-intelligence-analyst-snowden-pardon-request-height-absurdity-1581366

email-is-not-privateThis “post-Sony attack” tweet from Olivia Nuzzi of The Daily Beast should have been framed and hung as motivational artwork on every office wall. Instead, a year and a half and numerous publicized email hacks later, it stands to remind us that people will continue to get caught with their pants down because they refuse to accept two simple certainties: Email is forever; and forever is a long time to keep anything truly secure. With more recent hacks on entities like the Democratic National Convention (DNC) and the State Department what’s particularly frustrating—beyond the hacks themselves, which are almost foregone conclusions in today’s connected world—is that people continue to send inappropriate emails. Why does it seem no one is learning from these blunders?

Read more at
http://www.securityweek.com/email-forever-and-its-not-private

911-emergency-callWhat would it take for hackers to significantly disrupt the US’ 911 emergency call system? It only takes 6,000 Smartphones. Yes, you heard it right! According to new research published last week, a malicious attacker can leverage a botnet of infected smartphone devices located throughout the country to knock the 911 service offline in an entire state, and possibly the whole United States, for days. The attacker would only need 6,000 infected smartphones to launch automated Distributed Denial of Service (DDoS) attacks against 911 service in an entire state by placing simultaneous calls from the botnet devices to the emergency numbers. However, as little as 200,000 infected mobile phones could knock the 911 emergency call system offline across the entire US.

Read more at
http://thehackernews.com/2016/09/hacking-911-emegency.html

hack-mysql-databaseTwo critical zero-day vulnerabilities have been discovered in the world’s 2nd most popular database management software MySQL that could allow an attacker to take full control over the database. Polish security researcher Dawid Golunski has discovered two zero-days, CVE-2016-6662 and CVE-2016-6663, that affect all currently supported MySQL versions as well as its forked such as MariaDB and PerconaDB. Golunski further went on to publish details and a proof-of-concept exploit code for CVE-2016-6662 after informing Oracle of both issues, along with vendors of MariaDB and PerconaDB.Both MariaDB and PerconaDB had fixed the vulnerabilities, but Oracle had not. The vulnerability (CVE-2016-6662) can be exploited by hackers to inject malicious settings into MySQL configuration files or create their own malicious ones.

Read more at
http://thehackernews.com/2016/09/hack-mysql-database.html

fbi-cia-director-hacked-crackas-with-attitudeUS authorities have arrested two North Carolina men on charges that they were part of the notorious hacking group “Crackas With Attitude.” Crackas with Attitude is the group of hackers who allegedly was behind a series of audacious and embarrassing hacks that targeted personal email accounts of senior officials at the CIA, FBI, the White House, Homeland Security Department, and other US federal agencies. Andrew Otto Boggs, 22, of North Wilkesboro, N.C., who allegedly used the handle “INCURSIO,” and Justin Gray Liverman, 24, of Morehead City, who known online as “D3F4ULT,” were arrested on Thursday morning on charges related to their alleged roles in the computer hacking, according to a press release by Department of Justice. A 16-year-old British teenager suspected of being part of the group was arrested in February by the FBI and British police.

Read more at
http://thehackernews.com/2016/09/fbi-cia-hacker-arrested.html