Study finds malware lurking in Amazon, Google and Groupon cloud services. From SC Magazine.
A recent study detected more than 600 cloud repositories hosting malware and other malicious activities on major cloud platforms including Amazon, Google, Groupon and thousands of other sites.
Researchers from the Georgia Institute of Technology, Indiana University Bloomington and the University of California Santa Barbara scanned more than 140,000 sites on 20 major cloud hosting services and found that as many as 10 percent of the repositories hosted by them had been compromised, according to the “Lurking Malice in the Cloud: Understanding and Detecting Cloud Repository as a Malicious Service”.
The Democratization of Censorship. From KrebsOnSecurity.
John Gilmore, an American entrepreneur and civil libertarian, once famously quipped that “the Internet interprets censorship as damage and routes around it.” This notion undoubtedly rings true for those who see national governments as the principal threats to free speech.
However, events of the past week have convinced me that one of the fastest-growing censorship threats on the Internet today comes not from nation-states, but from super-empowered individuals who have been quietly building extremely potent cyber weapons with transnational reach.
- Cracking Android Full Disk Encryption. From Hacker News. The heated battle between Apple and the FBI provoked a lot of talk about encryption – the technology that has been used to keep all your bits and bytes as safe as possible.
We can not say a lot about Apple’s users, but Android users are at severe risk when it comes to encryption of their personal and sensitive data. Android’s full-disk encryption can be cracked much more easily than expected with brute force attack and some patience, affecting potentially hundreds of millions of mobile devices.
- Inside the World of the Dark DDoS. From The Register. Today’s distributed denial of service attacks are different than the kinds that we saw at the dawn of the millennium when the threat emerged. They’re becoming more nuanced, and subtle – and they could result in a lot more than a downed web server. In the early days of DDoS, volumetric attacks were all the rage. Politically or financially motivated attackers would launch thousands of clients against a particular target, overwhelming their servers. Such attacks are still common, but increasingly they’re giving way to another kind of more sophisticated DDoS attack: “dark” DDoS, or as Andy Shoemaker likes to call them, smokescreen attacks.
Scientology Seeks Captive Converts Via Google Maps, Drug Rehab Centers. From Krebs On Security. Fake online reviews generated by unscrupulous marketers blanket the Internet these days. Although online review pollution isn’t exactly a hot-button consumer issue, there are plenty of cases in which phony reviews may endanger one’s life or well-being. This is the story about how searching for drug abuse treatment services online could cause concerned loved ones to send their addicted, vulnerable friends or family members straight into the arms of the Church of Scientology.
- ‘Godless’ Malware Is Attacking Android Devices. From PC Magazine. Researchers at Trend Micro recently discovered new Android-based malware called Godless, which targets devices running Android Lollipop or earlier. As Trend Micro points out, that covers almost 90 percent of Android devices. “Based on the data gathered from our Trend Micro Mobile App Reputation Service, malicious apps related to this threat can be found in prominent app stores, including Google Play, and has affected over 850,000 devices worldwide,” the company said in a statement.
- Data breach possible for users of Annapolis parking garages. From Capital Gazette. Malware was discovered on parking garage servers that officials believe could have stolen credit and debit card information from transient parkers using the city’s three garages. The breach is still under investigation, but officials believe it could have impacted anyone using those parking facilities between Dec. 23 and June 11. These servers handle payments for Noah Hillman, Gott’s Court and Knighton Garages.
The 414’s: The beginning of hacking. From WTMJ. In 1983 Neal Patrick was a 17-year-old student at Rufus King High School with an interest in computers when the FBI came knocking on the door. “They weren’t too happy,” Patrick said. For months Patrick and some friends had been hacking into different systems using the phone lines. They even gave themselves a name “The 414’s” and hacking was born.
- Google Suffers Minor Data Breach via Third-Party Benefits Vendor. From Softpedia.
Google has started notifying affected employees of a data breach that occurred when one of the managers of a third-party benefits vendor sent a file containing sensitive information about Google employees to the wrong person. The search giant has already informed all authorities regarding the accidental sensitive data exposure but has not specified how many employees were affected
- The Malware Museum lets you look at old viruses without getting infected. From Daily Dot. Usually when you end up with a virus on your computer, you do everything possible to get rid of it. Over at the Internet Archive, viruses are being preserved in the new Malware Museum. Launched in February, the Malware Museum gives users the opportunity to experience viruses from the 1980s and 1990s. The defanged versions of the malicious programs were curated by Mikko Hypponen, the chief research officer at Finnish security company F-Secure.
Rio Olympics Likely a Magnet for Cybercriminals. From Wall Street Journal. As cybercriminals gear up for action ahead of the summer Olympic and Paralympic Games, host country Brazil and the Rio Games’ global sponsors are bracing for countless virtual showdowns. The increased level of economic transactions during such a large sporting event is a natural attraction for cybercriminals as it presents more opportunities for identity theft and fraud, experts say. Also, the Olympics’ global status offers a stage for politically motivated cyberactivists, they said, and the country’s current economic and political turmoil give plenty of ammunition for the discontent
A 10-year-old hacked Instagram so Facebook gave him $10,000. From Mashable. Before he even reached the age requirement to make a Facebook account, a 10-year-old found a major flaw in Instagram, earning him a cool $10,000 from Facebook. Jani (his parents withheld his last name), figured out a way to get into Instagram’s servers and delete text posted by Instagram users, Finnish news site Iltalehti reported.
Big data breaches found at major email services – expert. From Reuters. Hundreds of millions of hacked user names and passwords for email accounts and other websites are being traded in Russia’s criminal underworld, a security expert told Reuters.The discovery of 272.3 million stolen accounts included a majority of users of Mail.ru, Russia’s most popular email service, and smaller fractions of Google, Yahoo and Microsoft email users, said Alex Holden, founder and chief information security officer of Hold Security.
- A four-step plan to prevent ransomware attacks. From The Advisory Board. Ransomware attacks encrypt your files and demand ransom for the decryption key. In some cases, hospitals have paid thousands of dollars to regain access to their data. To protect your data, Advisory Board experts recommend four common-sense steps.
- Critical flaws in ImageMagick library expose websites to hacking. From CIO.com. A tool used by millions of websites to process images has several critical vulnerabilities that could allow attackers to compromise Web servers. To make things worse, there’s no official patch yet and exploits are already available. The vulnerabilities were discovered by Nikolay Ermishkin from the Mail.Ru security team and were reported to the ImageMagick developers who attempted a fix in version 6.9.3-9, released on April 30. However, the fix is incomplete and the vulnerabilities can still be exploited.
- Introduction to Digital Certificates. From Comodo. Digital Certificates are a means by which consumers and businesses can utilise the security applications of Public Key Infrastructure (PKI). PKI comprises of the technology to enables secure e-commerce and Internet based communication. The number of people and businesses online is continuing to increase. As access becomes faster and cheaper such people will spend even more time connected to the Internet for personal communication and business transactions. The Internet is an open communications network that was not originally designed with security in mind. Criminals have found they can exploit its vulnerabilities for fraudulent gain. If the Internet is to succeed as a business and communications tool users must be able to communicate securely