digest – Page 52

Kingpin behind large chunk of world’s malware exploits led lavish life

A screenshot showing BlackHole statistics. Group-IB An online crime kingpin arrested in October and charged with creating and distributing the Blackhole exploit kit may have had his hand in as much as 40 percent of the world’s malware infections, according to information released by the security firm that helped track him down. The 27-year-old Russian, identified only as Paunch, allegedly earned about $50,000 per month selling BlackHole subscriptions for as much as $500 per month, according to a report published Friday by security firm Group-IB. He is also alleged to be behind the much more expensive Cool Exploit Kit and a “Crypt” service used to obfuscate malware to go undetected by antivirus programs. With more than 1,000 customers, he was able to lead a lavish lifestyle that included driving a white Porsche Cayenne, Group-IB said. A man Group-IB identifies as “Paunch” standing in front of a Porsche Cayenne. Group-IB Exploit kits are the do-it-yourself tools used to embed crimeware into hacked or malicious websites so they target a host of vulnerabilities found on end-user computers. People who visit the websites are exposed to “drive-by” attacks that are often able to install highly malicious software on the computers with no sign that anything is amiss. Group-IB estimated that Paunch may have supplied the code used in as much as 40 percent of the PC crimeware infections worldwide. Researchers arrived at that guess by gauging sales of BlackHole and Cool, which they said accounted for about 40 percent of world revenue for exploit kits. Even assuming that some crimeware is installed independent of exploit kits, it’s hard to overstate the role these two kits played in seeding the Web with exploit code that installed malware used in bank fraud and other forms of online crime. Read 3 remaining paragraphs | Comments

See the original article here:
Kingpin behind large chunk of world’s malware exploits led lavish life

Hack on JPMorgan website exposes data for 465,000 card holders

JPMorgan Chase has warned 465,000 holders of prepaid cash cards that their personal information may have been obtained by hackers who breached the bank’s network security in July, according to a report published Thursday. JPMorgan issued the cards on behalf of corporations and government agencies, which in turn used them to pay employees and issue tax refunds, unemployment compensation, and other benefits, Reuters reported . In September, bank officials discovered an attack on Web servers used by its www.ucard.chase.com site and reported it to law enforcement authorities. In the months since, bank officials have investigated exactly which accounts were involved and what pieces of information were exposed. Wednesday’s warning came after investigators were unable to rule out the possibility that some card holders’ personal data may have been accessed. The bank usually keeps customers’ personal information encrypted, but during the course of the breach, data belonging to notified customers temporarily appeared in plaintext in log files, Reuters said. The notified card holders account for about two percent of the roughly 25 million UCard users. Read 1 remaining paragraphs | Comments

See the original post:
Hack on JPMorgan website exposes data for 465,000 card holders

Charged with theft, man arrested for plugging car into school’s outlet

Nissan A man in an Atlanta suburb was confronted by a police officer for plugging his electric car into an outside outlet at a school. Ten days later, he was arrested at home and charged with theft for taking about 5 cents worth of electricity “without consent.” Kaveh Kamooneh plugged an extension cable from his Nissan Leaf into a 110-volt external outlet at Chamblee Middle School while his son was practicing tennis. A short time later, he noticed someone in his car and went to investigate—and found that the man was a Chamblee police officer. “He informed me he was about to arrest me, or at least charge me, for electrical theft,” Kamooneh told Atlanta’s Channel 11 News . Kamooneh said that the car, when plugged into a 110-volt outlet, draws a kilowatt an hour. “Over an hour, that’s maybe eight or nine cents” worth of electricity, he said, depending on the rates. He was plugged in for less than 20 minutes, so he estimated the amount of power he drew from the school at less than 5 cents. Read 2 remaining paragraphs | Comments

Read this article:
Charged with theft, man arrested for plugging car into school’s outlet

Found: hacker server storing two million pilfered paswords

Spider Labs Researchers have unearthed a server storing more than two million pilfered login credentials for a variety of user accounts, including those on Facebook, Yahoo, Google, Twitter, and a handful of other websites. More than 1.5 million of the user names and passwords are for website accounts, including 318,121 for Facebook, 59,549 for Yahoo, 54,437 for Google, and 21,708 for Twitter, according to a blog post published Tuesday by researchers from security firm Trustwave’s Spider Labs. The cache also included credentials for e-mail addresses, FTP accounts, remote desktops, and secure shells. More than 1.8 million of the passwords, or 97 percent of the total, appeared to come from computers located in the Netherlands, followed by Thailand, Germany, Singapore, and Indonesia. US accounts comprised 0.1 percent, with 1,943 compromised passwords. In all, the data may have come from as many as 102 countries. Read 5 remaining paragraphs | Comments

Link:
Found: hacker server storing two million pilfered paswords

Google compute cloud load balances 1 million requests per second for $10

We hold Google ransom for… one million Web requests. New Line Cinema Google Compute Engine, the company’s infrastructure-as-a-service cloud that competes against Amazon Web Services, is trying to take reliability and scale to the extreme. Yesterday, the company said it was able to serve “one million load balanced requests per second” with a single IP address receiving the traffic and distributing it across 200 Web servers. Each of the million requests was just “one byte in size not including the http headers,” Google Performance Engineering Manager Anthony F. Voellm wrote in a blog . It’s thus not representative of real-world traffic, but the simulation shows that Compute Engine should be able to let websites absorb big bursts in traffic without shutting down. According to Google, the test showed the load balancer was able to serve the aforementioned one million requests “within five seconds after the setup and without any pre-warming.” The test ran for more than seven minutes. “The 1M number is measuring a complete request and successful response,” Voellm wrote. Read 9 remaining paragraphs | Comments

Scientist-developed malware covertly jumps air gaps using inaudible sound

Topology of a covert mesh network that connects air-gapped computers to the Internet. Hanspach and Goetz Computer scientists have developed malware that uses inaudible audio signals to communicate, a capability that allows the malware to covertly transmit keystrokes and other sensitive data even when infected machines have no network connection. The proof-of-concept software—or malicious trojans that adopt the same high-frequency communication methods—could prove especially adept in penetrating highly sensitive environments that routinely place an “air gap” between computers and the outside world. Using nothing more than the built-in microphones and speakers of standard computers, the researchers were able to transmit passwords and other small amounts of data from distances of almost 65 feet. The software can transfer data at much greater distances by employing an acoustical mesh network made up of attacker-controlled devices that repeat the audio signals. The researchers, from Germany’s Fraunhofer Institute for Communication, Information Processing, and Ergonomics , recently disclosed their findings in a paper published in the Journal of Communications . It came a few weeks after a security researcher said his computers were infected with a mysterious piece of malware that used high-frequency transmissions to jump air gaps . The new research neither confirms nor disproves Dragos Ruiu’s claims of the so-called badBIOS infections, but it does show that high-frequency networking is easily within the grasp of today’s malware. Read 6 remaining paragraphs | Comments

More:
Scientist-developed malware covertly jumps air gaps using inaudible sound

Anti-GMO crop paper to be forcibly retracted

Chiot’s Run Last year, a French researcher made waves by announcing a study that suggested genetically modified corn could lead to an increased incidence of tumors in lab animals. But the way the finding was announced seemed designed to generate publicity while avoiding any scientific evaluation of the results. Since then, the scientific criticisms have rolled in, and they have been scathing. Now, the editor of the journal that published it has decided to pull the paper despite the objections of its primary author. The initial publication focused on corn that had been genetically engineered to carry a gene that allowed it to break down a herbicide. French researchers led by Gilles-Eric Séralini fed the corn, with and without herbicide, to rats. Control populations were given the herbicide alone or unmodified corn. The authors concluded that the genetically-modified corn led to an elevated incidence of tumors and early death. But even a cursory glance at the results suggested there were some severe problems with this conclusion. To begin with, there were similar effects caused by both the genetically engineered crop and by the herbicide it was designed to degrade. None of the treatments showed a dose effect; in some cases, the lowest doses had the most dramatic effect. And, if the treatment populations were combined, in some cases they were healthier than the controls. Tests of whether the results were statistically significant were completely lacking. Read 8 remaining paragraphs | Comments

More:
Anti-GMO crop paper to be forcibly retracted

TV news team falls for Facebook doppelgänger scam

The doppelgänger Facebook profile scraped from WBAL producer Chris Dachille convinced many of his friends that it was actually him—and then spammed them with requests for money and malicious links. WBAL Reporters and producers at a television station in Baltimore recently found out the hard way that they shouldn’t blindly accept Facebook friend requests. Last month, they found that their profiles had been cloned by an attacker who quickly used their network of friends to spread malicious links and ask for money. Attacks on media organizations’ social media accounts have been at an all-time high this past year, including “hacktivist” and state-sponsored attacks on media outlets from the Syrian Electronic Army. But the attack on the staff of WBAL-TV was directed toward staff members’ personal accounts. And this initiative was a more workaday one, less targeted at the station itself than the friends, co-workers, and viewers who were connected to the cloned accounts. Because some of WBAL’s staff members mixed their personal and professional social networking together, the attack gave the scammer access to a huge audience’s Facebook news feeds. After the attack was discovered, it took weeks for Facebook to shut down the fake accounts. Read 12 remaining paragraphs | Comments

New Linux worm targets routers, cameras, “Internet of things” devices

Wesley Fryer Researchers have discovered a Linux worm capable of infecting a wide range of home routers, set-top boxes, security cameras, and other consumer devices that are increasingly equipped with an Internet connection. Linux.Darlloz , as the worm has been dubbed, is now classified as a low-level threat, partly because its current version targets only devices that run on CPUs made by Intel, Symantec researcher Kaoru Hayashi wrote in a blog post published Wednesday . But with a minor modification, the malware could begin using variants that incorporate already available executable and linkable format (ELF) files that infect a much wider range of “Internet-of-things” devices, including those that run chips made by ARM and those that use the PPC, MIPS, and MIPSEL architectures. “Upon execution, the worm generates IP addresses randomly, accesses a specific path on the machine with well-known ID and passwords, and sends HTTP POST requests, which exploit the vulnerability,” Hayashi explained. “If the target is unpatched, it downloads the worm from a malicious server and starts searching for its next target. Currently, the worm seems to infect only Intel x86 systems, because the downloaded URL in the exploit code is hard-coded to the ELF binary for Intel architectures.” Read 4 remaining paragraphs | Comments

More:
New Linux worm targets routers, cameras, “Internet of things” devices

Google launches Play Newsstand: a hybrid magazine store and RSS reader

The long-rumored Google Play Newsstand for Android has finally launched , and it’s not at all what we were expecting. Early reporting and investigation pinned it as a newspaper section of the Play Store, but it’s much more than that. Google is selling newspapers and magazines under a single banner, and there’s a visual-heavy RSS reader, sort of like Flipboard. This means Newsstand is replacing two of Google’s existing apps: Google Play Magazines and Google Currents. Google is pitching it as “all your subscriptions in one place.” Like most things “Google” these days, calling it an “app” isn’t really the whole story. There’s also a new section of the desktop Play Store, and some magazines and newspapers are even viewable in the browser. RSS is strictly confined to the app, though. Just like the old Play Magazines, paid content is available as a subscription or on a per-issue basis, and 30-day trials are available for some premium content. RSS feeds, magazines, and newspaper can be downloaded for offline reading later, and there’s also a bookmark function. Read 1 remaining paragraphs | Comments

See the original post:
Google launches Play Newsstand: a hybrid magazine store and RSS reader

Ken May

Tag: digest