*** The Security News Thread ***

[harrybarracuda]

I didn't notice that Pornhub quietly announced a free VPN service.

Make's sense I suppose.



https://www.vpnhub.com/

[harrybarracuda]

Talos have updated the list of devices vulnerable to VPNFilter:

ASUS DEVICES:

RT-AC66U (new)
RT-N10 (new)
RT-N10E (new)
RT-N10U (new)
RT-N56U (new)
RT-N66U (new)

D-LINK DEVICES:

DES-1210-08P (new)
DIR-300 (new)
DIR-300A (new)
DSR-250N (new)
DSR-500N (new)
DSR-1000 (new)
DSR-1000N (new)

HUAWEI DEVICES:

HG8245 (new)

LINKSYS DEVICES:

E1200
E2500
E3000 (new)
E3200 (new)
E4200 (new)
RV082 (new)
WRVS4400N

MIKROTIK DEVICES:

CCR1009 (new)
CCR1016
CCR1036
CCR1072
CRS109 (new)
CRS112 (new)
CRS125 (new)
RB411 (new)
RB450 (new)
RB750 (new)
RB911 (new)
RB921 (new)
RB941 (new)
RB951 (new)
RB952 (new)
RB960 (new)
RB962 (new)
RB1100 (new)
RB1200 (new)
RB2011 (new)
RB3011 (new)
RB Groove (new)
RB Omnitik (new)
STX5 (new)



NETGEAR DEVICES:

DG834 (new)
DGN1000 (new)
DGN2200
DGN3500 (new)
FVS318N (new)
MBRN3000 (new)
R6400
R7000
R8000
WNR1000
WNR2000
WNR2200 (new)
WNR4000 (new)
WNDR3700 (new)
WNDR4000 (new)
WNDR4300 (new)
WNDR4300-TN (new)
UTM50 (new)

QNAP DEVICES:

TS251
TS439 Pro
Other QNAP NAS devices running QTS software

TP-LINK DEVICES:

R600VPN
TL-WR741ND (new)
TL-WR841N (new)

UBIQUITI DEVICES:

NSM2 (new)
PBE M5 (new)

UPVEL DEVICES:

Unknown Models* (new)

ZTE DEVICES:

ZXHN H108N (new)

* Malware targeting Upvel as a vendor has been discovered, but we are unable to determine which specific device it is targeting.

Blog post is here:

https://blog.talosintelligence.com/2...er-update.html

[harrybarracuda]

Oh, and update your FOSCAM cameras, too.

https://blog.vdoo.com/2018/06/06/vdo...oscam-cameras/

[harrybarracuda]

Retailer Dixons Carphone said it has uncovered unauthorised access of data held by the company, involving 5.9 million payment cards and 1.2 million personal data records.

Read more: https://metro.co.uk/2018/06/13/hacke...9/?ito=cbshare
Twitter: https://twitter.com/MetroUK | Facebook: https://www.facebook.com/MetroUK/

[harrybarracuda]

Bit more from the Beeb:

Dixons Carphone has admitted a huge data breach involving 5.9 million payment cards and 1.2 million personal data records.
It has begun investigating the unauthorised access of data.


It said 5.8 million of the credit and debit cards had chip-and-pin protection and that pin codes had not been accessed.
As a result, about 105,000 non-EU cards, which were not chip-and-pin, had been compromised, it said.

Dixons Carphone said it had no evidence that any of the cards had been used fraudulently following the breach.





https://www.bbc.co.uk/news/business-44465331

[David48atTD]

Google confirms external apps can scan your emails:

Google has confirmed it allows some external software developers to read and analyse the inboxes of Gmail users, following
scrutiny about privacy on the platform.

External apps can integrate with Gmail so customers have options around how they use their email, director of security at
Google Cloud Suzanne Frey said in a blog post.

Before an app is able to access your data, she wrote, the company always shows a "permissions screen" that details the
data the app can access.

In 2017, Google announced it would no longer scan Gmail to personalise advertisements.

"To be absolutely clear: no-one at Google reads your Gmail," Ms Frey said.

[harrybarracuda]

Talking of Google...

Just a simple reminder that Google Chrome will mark unencrypted websites as “not secure” sometime this month. Make sure to get your website encrypted if you do not want Google to call you out on the address bar in the Chrome browser.

https://www.androidauthority.com/jul...chrome-836247/

[harrybarracuda]

Time to update Adobe Reader (and Acrobat) if you are using it.

https://helpx.adobe.com/security/pro...apsb18-09.html

Also some Microsoft recent updates that are being exploited in the wild on Windows 7 (and Server 2008).

https://portal.msrc.microsoft.com/en.../CVE-2018-8120


Interesting that someone found them after somebody else uploaded a Proof of Concept to Virustotal. You would have thought they would have sent them to Adobe and MS and trousered the bug bounty!

[harrybarracuda]

Voice-activated digital assistants—such as the Amazon Echo that sits on your counter to Cortana on your Windows systems or Siri on Apple's iPhones—are intended to connect users to services through an easy-to-use voice interface. However, the voice assistants are making cyber-attackers' jobs easier as well.


At the Black Hat conference later this month, for example, four researchers will show how Cortana can be used to bypass the security on locked Windows PCs and other devices. While the group is exploiting a specific vulnerability—dubbed "Open Sesame"—the issues with voice assistants are deeper, said Tal Be'ery, an independent researcher and part of the team.


"Voice interfaces can be a good idea, but it is not relevant to all devices and all actions," he said. "Enabling everything the PC does, and going through a voice interface on a corporate environment—this is not a very smart architecture decision."


The research involves just the latest attack that utilizes voice assistants, which often prioritize convenience over security. Digital assistants have been added to phones and PCs as a convenient new way of interacting with the devices. Smart speakers—such as the Amazon Echo and the Google Home—have taken off, with 1 in 6 Americans owning one of the devices.


Yet, there already has been incidents. In January 2017, an on-air news caster said, "I love the little girl saying, 'Alexa ordered me a dollhouse,'" leading to Alexa devices in viewers' homes attempting to order dollhouses. And in May 2018, Amazon's smart speaker picked up a couples' conversation, recorded it, and sent it to a friend.


The incidents underscore that, in addition to bypassing many security controls, voice assistants are nothing less than sleepless sensors that are almost always listening for potential commands, which makes them a privacy issue.


"The cases that will be handled first are those that are triggered accidentally—like the dollhouse incident," said Nicholas Carlini, a recent PhD graduate from the University of California, Berkeley, who researched adversarial attacks against artificial intelligence systems. "It is an active area of research of how to stop these issues."


Here are five ways that voice assistants can be used to attack.


1. Hiding commands in the audio


Among adversarial attacks against machine-learning and artificial-intelligence systems are a class that attempt to change an input—an image for vision systems and an audio clip for voice systems—so that the machine recognizes it as something completely different.


UC Berkeley's Carlini used just such a technique in his research by modifying an audio clip that transcribes to one phrase to a 99.9-percent similar clip that transcribes into a completely different phrase. The technique can even hide commands inside music.


Currently, the effort only works in the most controlled environments, but creating a generalized attack should be feasible, said Carlini.


"It's still unknown whether this can be done over the air," he said. "We tried some obvious things, but we didn't try too hard…I believe it would be possible."


2. Machines can hear it, you can't


Hiding commands inside other audio is not the only way to create a covert way to manipulate voice assistants. In an attack presented in 2017, six researchers from Zhejiang University showed that they could use sound inaudible to human to command Siri to make a phone call or to take other actions.


Called the DolphinAttack, the hack shows that a lack of security can be used to command a voice assistant to visit a malicious site, spy on the users, inject fake information or conduct a denial-of-service attack, the researchers stated in their paper.


This "serves as a wake-up call to reconsider what functionality and levels of human interaction shall be supported in voice controllable systems," the researchers said.


3. It this on? Yes, it is


Even when a voice assistant is not taking an action on your behalf, it continues to listen for commands. Like mobile phones, home voice assistants are sensors that know a lot about you. This gives the companies behind the devices a privileged place in your home, and your life, making them an ideal target for attackers.


"To operate, these devices need to listen all the time by design—once you say the keyword, and then they start collecting data and sending it to the cloud," researcher Be'ery said. "So this is a bug that is placed in your house by design."


In addition to malicious attacks, the devices have already been shown to expose privacy inadvertently. The incident where a couple was recorded by an Amazon Echo, required the device to mishear three commands or prompts before sending the message to a friend.


4. Trumping system security


Multiple portions of the code base in many general-purpose devices, such as a PC or a phone, could be exploited by hackers. This "attack surface area" is only made larger and more porous when you add voice-assistant technology and prioritize convenience over security, said researcher Be'ery.


Along with two researchers from the Israel Institute of Technology and the former chief technology officer of security firm Imperva, Be'ery will demonstrate at the Black Hat conference the weaknesses that the Cortana digital assistant adds to Windows devices.


"Introducing such a complex logic and extending it to so many places, all happening when the computer is supposed to be locked—it is not going to end up well," he said. "There is too much attack surface area."


5. Jumping from device to device


Attackers often find ways into a home through the router or an unsecured wireless network. Voice assistants add another vector that allows them to bridge attacks, using an audio device—such as a TV or even a loud car radio on the street—to issue commands to the devices.


The dollhouse incident is an inadvertent version of this attack.


For most of these issues, there is no easy solution. While filters can be put in place to limit using inputs outside of human hearing, most security fixes for the other problems would make the devices more difficult to use and so are only requested in certain cases, such as purchasing items or transferring money.


"From a usability aspect, the answer is no, we don't want to add a second factor," said Carlini. "I don't see an obvious solution that is not to ask for a second factor."


How Voice-Activated Assistants Pose Security Threats in Home, Office

[harrybarracuda]

Video showing how shockingly easy it is to install a skimmer on a POS terminal while the clerk is distracted....

[harrybarracuda]

SINGAPORE: Hackers have stolen the health records of 1.5 million Singaporeans including Prime Minister Lee Hsien Loong, authorities said Friday, with the leader specifically targeted in the city-state’s biggest ever data breach.

Singapore’s health and information ministries said a government database was broken into in a “deliberate, targeted and well-planned” strike, describing the attack as “unprecedented”.

“Attackers specifically and repeatedly targeted the personal particulars and outpatient information of Prime Minister Lee Hsien Loong,” health minister Gan Kim Yong told a press conference.

Forensic analysis by Singapore’s Cyber Security Agency “indicates this is a deliberate, targeted, and well-planned cyber-attack and not the work of casual hackers or criminal gangs,” he added.

Officials declined to comment on the identity of the hackers, citing “operational security”, but said the prime minister’s data has not shown up anywhere on the internet.

“I don’t know what the attackers were hoping to find. Perhaps they were hunting for some dark state secret, or at least something to embarrass me,” Lee wrote on Facebook.

“My medication data is not something I would ordinarily tell people about, but there is nothing alarming in it.”

Hackers used a computer infected with malware to gain access to the database between June 27 and July 4 before administrators spotted “unusual activity”, authorities said.

The compromised data includes personal information and medication dispensed to patients, but medical records and clinical notes have not been affected, the health and communications ministries said.

“Health records contain information that is valuable to governments,” said Eric Hoh, Asia-Pacific president of cyber-security firm FireEye.

“Nation-states increasingly collect intelligence through cyber-espionage operations which exploit the very technology we rely upon in our daily lives.”

Earlier this month, the US National Intelligence Director Dan Coats described Russia, China, Iran and North Korea as the “worst offenders” when it came to attacks on American “digital infrastructure”.

Some hackers have in the past offered stolen data and software for sale online.

Wealthy Singapore is hyper-connected and on a drive to digitise government records and essential services, including medical records which public hospitals and clinics can share via a centralised database.

But authorities have put the brakes on these plans while they investigate the cyber-attack. A former judge will head a committee looking into the incident.

While the city-state has some of the most advanced military weaponry in the region, the government says it fends off thousands of cyberattacks every day and has long warned of breaches by actors as varied as high-school students in their basements to nation-states.

In his Facebook post about the attack, Loong warned that “those trying to break into our data systems are extremely skilled and determined. They have huge resources, and never give up trying.”

In 2017, hackers broke into a defence ministry database, stealing the information of some 850 Singapore army conscripts and ministry staff. -AFP

https://www.thestar.com.my/news/regi...e-cyberattack/

[harrybarracuda]

SophosLabs has uncovered a mobile malware distribution campaign that uses advertising placement to distribute the Red Alert Trojan, linking counterfeit branding of well-known apps to Web pages that deliver an updated, 2.0 version of this bank credential thief.


The group distributing this family of malware decorates it in the branding and logos of well-known social media or media player apps, system update patches, or (in its most recent campaign) VPN client apps in an attempt to lure users into downloading, installing, and elevating the privileges of a Trojanized app hosted on a site not affiliated with any reputable app market or store.

Aside from the inescapable irony of disguising a security-reducing Trojan as an ostensibly security-enhancing app, and the righteous affront to the whole concept of a VPN’s purpose a Trojan so disguised inspires, this represents an escalation in the variety of app types targeted by this campaign of bankbots in disguise.

https://news.sophos.com/en-us/2018/0...urity-seekers/

[harrybarracuda]

Hackers threaten to disrupt Moscow Domodedovo Airport navigation system unless they Bitcoin Ransom

on Thursday, July 26, 2018 |

Unknown Hackers demand several hundred of Bitcoins from the administration of the Airport "Domodedovo" (Moscow International airport), otherwise they will intervene in the navigation systems of the Airport.

According to the Airport staff, the attackers sent threatening e-mail to the Domodedovo Contact Center. They said they will interrupt the function of the Airport's navigation equipment this weekend on July 28-29.

The hackers have claimed that they have the technical capabilities to do it.

Should people be worried about this? Vladimir Ulyanov, Head of the Analytical Center "Zecurion", believes that if cyber criminals have an accomplice inside the Airport "Domodedovo", then there are reasons to be concerned.

But a person who is sitting in another country or inside the country can't simply hack into these system via Internet, says Ulyanov.

"In this case, threats were sent to some common box. If we are talking about serious attacks, then in this case the letter would most likely have come to the person who is responsible for information security or can make a decision that he is ready to pay ransom." local media quote Ulyanov as saying.

The Airport administration has tightened security measures at terminals and at airfields.

Domodedovo Safety Officials confirmed reports of an anonymous threatening e-mail and stressed that the functioning of the Airport "Domodedovo" is not under threat.

Hackers threaten to disrupt Moscow Domodedovo Airport navigation system unless they Bitcoin Ransom - E Hacking News

[harrybarracuda]

After extensive testing, Google introduces the Titan Security Key

Google recently shared that since it made employees use physical security keys instead of passwords and one-time codes none of them – and there are over 85,000 – have been successfully phished.
Then, on Wednesday, the company announced that they have created their own line of security keys – the Titan Security Key – and that they’ve been testing it in-house for over a year.

The Titan Security Key

Security keys are physical keys that are used to provide user authentication over Bluetooth and USB. They won’t work on phishing sites made to look like the real deal.
Titan Security Key adheres to the FIDO (Fast IDentity Online) specification and includes firmware developed by Google to verify its integrity.
“We’ve long advocated the use of security keys as the strongest, most phishing-resistant authentication factor for high-value users, especially cloud admins, to protect against the potentially damaging consequences of credential theft,” noted Jennifer Lin, Product Management Director, Google Cloud.
Titan Security Keys are currently available now Google Cloud customers and will soon be available for anyone to purchase on the Google Store.
Users will be able to use the key to authenticate to non-Google services, too, although they integrity verification firmware might not work on them.



https://www.helpnetsecurity.com/2018...-security-key/

[harrybarracuda]

It seems Win 10 has a crapware blocker that is not enabled by default on consumer PCs.

https://www.howtogeek.com/360648/how...pware-blocker/

[harrybarracuda]

Big fucking Oops!

Snap Inc. was forced to send a takedown request to a website used to host computer files after Snapchat source code was leaked online, potentially exposing company secrets.


Last Friday, the Microsoft-owned code repository GitHub received an urgent request. The individual had a simple complaint: Someone had published code from what purported to be Snapchat’s iOS app. “We would appreciate you take down the whole thing,” he or she wrote. Source code is not typically made public, and is the basic component of an app’s design.

“I am [redacted] at Snap Inc., owner of the leaked source code,” the complaint stated. The takedown request was filed under the Digital Millennium Copyright Act (DMCA), which is the main U.S. copyright law. The notice listed the description as “Snapchat source code.”

Pointing to a webpage hosting the seemingly stolen material, a further description read: “It was leaked, and a user has put it in this GitHub repository. Snap Inc. doesn’t publish it publicly.” The complaint listed a California contact address—the same as Snap Inc.’s corporate HQ.

https://www.newsweek.com/snapchat-so...s-risk-1060345

[harrybarracuda]

WPA2 Wifi Encryption just got a whole lot more vulnerable....

https://medium.com/@billbuchanan_276...r-55d7775a7a5a

[baldrick]

^

If you have a home-based router — using WPA-Personal — then the device may be vulnerable if you use a simple password.

if you are using a simple password on anything you are going to lose control of the device

[harrybarracuda]

Little fuckers at it again:

https://www.us-cert.gov/ncas/analysis-reports/AR18-221A

[harrybarracuda]

FBI Warns of ‘Unlimited’ ATM Cashout Blitz

The Federal Bureau of Investigation (FBI) is warning banks that cybercriminals are preparing to carry out a highly choreographed, global fraud scheme known as an “ATM cash-out,” in which crooks hack a bank or payment card processor and use cloned cards at cash machines around the world to fraudulently withdraw millions of dollars in just a few hours.



“The FBI has obtained unspecified reporting indicating cyber criminals are planning to conduct a global Automated Teller Machine (ATM) cash-out scheme in the coming days, likely associated with an unknown card issuer breach and commonly referred to as an ‘unlimited operation’,” reads a confidential alert the FBI shared with banks privately on Friday.

The FBI said unlimited operations compromise a financial institution or payment card processor with malware to access bank customer card information and exploit network access, enabling large scale theft of funds from ATMs.

“Historic compromises have included small-to-medium size financial institutions, likely due to less robust implementation of cyber security controls, budgets, or third-party vendor vulnerabilities,” the alert continues. “The FBI expects the ubiquity of this activity to continue or possibly increase in the near future.”
Organized cybercrime gangs that coordinate unlimited attacks typically do so by hacking or phishing their way into a bank or payment card processor. Just prior to executing on ATM cashouts, the intruders will remove many fraud controls at the financial institution, such as maximum ATM withdrawal amounts and any limits on the number of customer ATM transactions daily.

The perpetrators also alter account balances and security measures to make an unlimited amount of money available at the time of the transactions, allowing for large amounts of cash to be quickly removed from the ATM.

“The cyber criminals typically create fraudulent copies of legitimate cards by sending stolen card data to co-conspirators who imprint the data on reusable magnetic strip cards, such as gift cards purchased at retail stores,” the FBI warned. “At a pre-determined time, the co-conspirators withdraw account funds from ATMs using these cards.”

Virtually all ATM cashout operations are launched on weekends, often just after financial institutions begin closing for business on Saturday. Last month, KrebsOnSecurity broke a story about an apparent unlimited operation used to extract a total of $2.4 million from accounts at the National Bank of Blacksburg in two separate ATM cashouts between May 2016 and January 2017.

In both cases, the attackers managed to phish someone working at the Blacksburg, Virginia-based small bank. From there, the intruders compromised systems the bank used to manage credits and debits to customer accounts.

The 2016 unlimited operation against National Bank began Saturday, May 28, 2016 and continued through the following Monday. That particular Monday was Memorial Day, a federal holiday in the United States, meaning bank branches were closed for more than two days after the heist began. All told, the attackers managed to siphon almost $570,000 in the 2016 attack.

The Blacksburg bank hackers struck again on Saturday, January 7, and by Monday Jan 9 had succeeded in withdrawing almost $2 million in another unlimited ATM cashout operation.

The FBI is urging banks to review how they’re handling security, such as implementing strong password requirements and two-factor authentication using a physical or digital token when possible for local administrators and business critical roles.

Other tips in the FBI advisory suggested that banks:

-Implement separation of duties or dual authentication procedures for account balance or withdrawal increases above a specified threshold.

-Implement application whitelisting to block the execution of malware.

-Monitor, audit and limit administrator and business critical accounts with the authority to modify the account attributes mentioned above.

-Monitor for the presence of remote network protocols and administrative tools used to pivot back into the network and conduct post-exploitation of a network,
such as Powershell, cobalt strike and TeamViewer.

-Monitor for encrypted traffic (SSL or TLS) traveling over non-standard ports.

-Monitor for network traffic to regions wherein you would not expect to see outbound connections from the financial institution.

Update, Aug. 15, 11:11 a.m. ET: Several sources now confirm that the FBI alert was related to a breach of the Cosmos cooperative bank in India. According to multiple news sources, thieves using cloned cards executed some 12,000 transactions and stole roughly $13.5 million from Cosmos accounts via 25 ATMs located in Canada, Hong Kong and India.

https://krebsonsecurity.com/2018/08/...tz/#more-44642

[harrybarracuda]

Hackers obtained the credit card details of some 380,000 British Airways travellers during a two-week data breach this northern summer that leaves the customers vulnerable to financial fraud, the airline says.



BA's CEO, Alex Cruz, said today that enough data was stolen to allow criminals to use credit card information for illicit purposes, and that police are investigating.


"We know that the information that has been stolen is name, address, email address, credit card information; that would be credit card number, expiration date and the three-letter code in the back of the credit card," he told the BBC.


He added that no passport data had been obtained in what he called a "very sophisticated, malicious criminal attack."


It advises people to contact their bank or credit card company if they used the airline's website and mobile app to make or change a booking between 10.58pm London time on August 21 and 9.45pm London time on September 5.


The recommendation does not apply to customers who bought tickets or changed reservations outside those times.


The airline promised to reimburse any financial losses suffered by customers directly because of the theft of this data.


Consumer advice website MoneySavingExpert says affected customers should first seek advice from their bank, then monitor bank and credit card statements closely for signs of possible fraudulent activity.


It also warns of possible "phishing scams" in which hackers would try to trick affected consumers into revealing personal information like pincodes or banking passwords.


Some angry travelers complained to Britain's Press Association that they had already noted bogus activity on credit cards that had been used to make British Airways bookings during the time when the breach was undetected.


The hack once again puts the spotlight on the strength of the IT systems at major companies as they expand their digital services.


British Airways experienced an IT-related crisis in May last year when roughly 75,000 passengers were stranded after the airline cancelled more than 700 flights over three days because of system problems.


In the US, Delta Airlines said in April that payment-card information for several hundred thousand customers could have been exposed by a malware breach months earlier. The same breach also hit Sears Holdings Corp., which operates Kmart stores.

British Airways revealed the new hack on Thursday evening local time and began notifying customers.


Britain's National Crime Agency says it is investigating.


Shares in BA's parent company, IAG, were down 3 per cent on Friday.

https://www.tvnz.co.nz/one-news/worl...000-travellers

[harrybarracuda]

The recent British Airways data breach affecting 380,000 individuals appears to be the work of a known adversary that infects websites with a script designed to collect payment card data.


The name of the group is MageCart, and the scripts it uses have the same effect as the physical card skimming devices used by cybercriiminals at ATMs. In a typical attack, the group casts a wide net by compromising commonly used third-party functionality that allows access to hundreds of websites.


Digital threat management company RiskIQ tracks the activity of MageCart group and reported their use of web-based card skimmers since 2016. They are familiar with the threat actor and their skimmer-code and detect it almost on an hourly basis.

With British Airways, though, MageCart took a targeted approach and customized the script so that did not ring any alarm bells.

"This particular skimmer is very much attuned to how British Airway’s payment page is set up, which tells us that the attackers carefully considered how to target this site instead of blindly injecting the regular Magecart skimmer," RiskIQ says in a report shared with BleepingComputer in advance.

For this investigation, the researchers identified all the scripts loaded by the air carrier's website and searched for recent changes.

The researchers noticed that the Modernizr JavaScript library had been modified with 22 new lines of code at the bottom, a tactic often used by attackers to make sure they don't break the functionality of the script.


British Airways website loaded the library from the baggage claim information page, and the change made by MageCart threat actor allowed Modernizr to send payment information from the customer to the attacker's server.

The compromised code reacted in the same whether the website launched on a computer screen or from the mobile app, since in both cases the resources for for searching, booking or managing flights were the same.

The change in the JavaScript library was confirmed by the headers sent by the British Airways server, which indicated August 21, 20:49 GMT as the time and date of the last modification in Modernizr.

In the statement on the data breach, the airline said the theft occurred between August 21, 22:58 BST, one hour after MageCart made the change in Modernizr.


More evidence that MageCart prepared for this attack and aimed to keep it active for as long a period as possible is found in the infrastructure used for exfiltrating the payment card details.

The compromised Modernizr script delivered all the data to baways[.]com, which resembles the legitimate domain used by British Airways, and would likely not raise suspicions during a cursory look at the modified library.

RiskIQ also discovered that MageCart purchased an SSL certificate from Comodo, instead of going with the free choice from Let's Encrypt. The reason for this is that a paid certificate is less likely to attract attention.


With this attack, MageCart threat actor has stepped up the ladder and showed they are capable of refining its operations, blending in with the targeted website to maintain their presence.

It is unclear how MageCart managed to compromise the British Airways website, but RiskIQ says that being able "to modify a resource for the site tells us the access was substantial."

https://www.bleepingcomputer.com/new...raping-attack/

[harrybarracuda]

You might want to take your WD MyCloud off the interwebs until they fix this....

https://www.securify.nl/advisory/SFY...rivileges.html

[harrybarracuda]

If you trust Tor, there is now an official Android version:

https://www.hackread.com/download-to...r-for-android/

OrFox will be disappearing.

[harrybarracuda]

Apparently this link will crash your iPhone.

https://s3.eu-central-1.amazonaws.co...ri-reaper.html