- Brazilian Hospitals Infected with Ransomware After RDP Brute-Force Attacks. From Softpedia.
Members of TeamXRat, a hacking crew based in Brazil, have created their own ransomware variant that they spread to local companies and hospitals after taking control over their servers and networks via RDP (Remote Desktop Protocol) brute-force attacks.
The group, who has previously created and sold banking malware, is at its first attempt at creating ransomware, which, based on a Kaspersky Lab analysis, seems to be derived from the Xorist ransomware, detected and decrypted back in March.
Guccifer 2.0 and Russia’s hidden agenda. From SC Magazine.
Among the routine stream of network compromises and dumped login credentials this year, one attack stands head and shoulders above the rest for intrigue – the Democratic National Committee (DNC) breach. The hack led to political uproar, a high-level resignation, damaging leaks and, in a complete reversal of the norm, the nation state hackers have become more public since being discovered.
It is worth starting with a recap. The FBI alerted the DNC to the presence of attackers on their network in April this year, but incident response specialists CrowdStrike found that there were two state-sponsored attackers with access to sensitive emails and data. The investigators assessed the network was first breached in the summer of 2015 and established the attackers had stolen large quantities of emails, campaign documents and donor information. Before the hack was publicly disclosed in mid-June, WikiLeaks founder Julian Assange announced the whistle-blowing website had ‘enough evidence’ to indict Hillary Clinton.
The FBI has asked to examine the cell phones of a small number Democratic Party staffers as it investigates a possible hack, law enforcement and Democratic sources told CNN Tuesday.The development comes on the same day Homeland Security Secretary Jeh Johnson told lawmakers that 18 states have asked for help in warding off cyberattacks on their electronic voting systems.
- Latest IoT DDoS Attack Dwarfs Krebs Takedown At Nearly 1Tbps Driven By 150K Devices. From HotHardware. If you thought that the massive DDoS attack earlier this month on Brian Krebs’ security blog was record-breaking, take a look at what just happened to France-based hosting provider OVH. OVH was the victim of a wide-scale DDoS attack that was carried via network of over 152,000 IoT devices.According to OVH founder and CTO Octave Klaba, the DDoS attack reached nearly 1 Tbps at its peak. Of those IoT devices participating in the DDoS attack, they were primarily comprised of CCTV cameras and DVRs. Many of these types devices’ network settings are improperly configured, which leaves them ripe for the picking for hackers that would love to use them to carry our destructive attacks.
- Trump hotel chain fined over data breaches. From ComputerWorld.
Trump Hotel Collection has arrived at a settlement with New York Attorney General Eric T. Schneiderman over hacks that are said to have led to the exposure of over 70,000 credit card numbers and other personal data.
The hotel chain, one of the businesses of Republican presidential candidate Donald Trump, has agreed to pay $50,000 in penalties and promised to take measures to beef up its data security practices, according to the attorney general’s office.
The chain is one of many hotels and retailers that have been hit recently by malware that skimmed payment card information.
The Democratization of Censorship. From KrebsOnSecurity.
John Gilmore, an American entrepreneur and civil libertarian, once famously quipped that “the Internet interprets censorship as damage and routes around it.” This notion undoubtedly rings true for those who see national governments as the principal threats to free speech.
However, events of the past week have convinced me that one of the fastest-growing censorship threats on the Internet today comes not from nation-states, but from super-empowered individuals who have been quietly building extremely potent cyber weapons with transnational reach.
- Why the silencing of KrebsOnSecurity opens a troubling chapter for the ‘Net. From Ars Technica.
For the better part of a day, KrebsOnSecurity, arguably the world’s most intrepid source of security news, has been silenced, presumably by a handful of individuals who didn’t like a recent series of exposés reporter Brian Krebs wrote. The incident, and the record-breaking data assault that brought it on, open a troubling new chapter in the short history of the Internet.
The crippling distributed denial-of-service attacks started shortly after Krebs published stories stemming from the hack of a DDoS-for-hire service known as vDOS. The first article analyzed leaked data that identified some of the previously anonymous people closely tied to vDOS. It documented how they took in more than $600,000 in two years by knocking other sites offline. A few days later, Krebs ran a follow-up piece detailing the arrests of two men who allegedly ran the service
The White House is looking into a cyber breach after what appeared to be a scan of first lady Michelle Obama’s passport was posted online.
The fresh disclosures, which included emails to and from White House staff, raised further concerns about the security of sensitive systems following a string of breaches affecting government agencies, private companies and the Democratic National Committee. Though officials declined to say whether the disclosures were authentic, there were no immediate reasons to suspect they were not.
The US att
Yahoo Confirms At Least 500 Million Accounts Were Hacked. From Fortune.
Yahoo said on Thursday that information for at least 500 million user accounts was stolen from its network in 2014 by what it believed was a state-sponsored actor, a theft that appeared to the biggest cyber breach ever.
Yahoo said data stolen may have included names, email addresses, telephone numbers, dates of birth, and encrypted passwords but that unprotected passwords, payment card data, and bank account information did not appear to have been compromised, the company said.
“This is the biggest data breach ever,” said well-known cryptologist Bruce Schneier.