Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

Alert

NEWS - December 16, 2014

Dec 16, 2014 3:31AM PST
Ars Technica is the latest site to fall victim to hack

There has been a lot of hacking news in the past few weeks, and now noted technology news site Ars Technica has fallen victim to a hack. The site's front page has gone black, with white text reading "Ars Security" alongside a couple of Twitter handles, presumably of those who have taken control of the site. There's also some music playing to keep you occupied while waiting for the site to come back online.

The issue doesn't appear to be completely widespread, as some Verge staffers located in different points around the globe aren't currently having issues connecting to the site. Ars itself is also aware of the hack; the site's Twitter account indicates they should be back online soon.

As for the hack itself, it appears similar to the Syrian Electronic Army hacks that went around earlier this year and back into 2013. These attacks typically involve rerouting a site's address to another location through a DNS attack; former high-profile victims of these attacks include Microsoft, Twitter, and The New York Times.

http://www.theverge.com/2014/12/15/7397269/ars-technica-is-the-latest-site-to-fall-victim-to-hack

FYI: The above was posted late yesterday afternoon. The site is up and running again.

Discussion is locked

- Collapse -
FBI warns firms of sophisticated Iranian hacker threat
Dec 16, 2014 3:52AM PST

The FBI has reportedly privately warned US energy and defence firms to be on the lookout for a sophisticated attack against their computer systems by sophisticated Iranian hackers.

That's the claim made by Reuters which says it has seen a confidential "Flash" report issued by the US authorities on Friday, detailing methods used by the attackers and methods to thwart being hit by the malware.

Although the finger is most definitely being pointed at Iran - with the FBI's advisory document identifying two IP addresses based in Iran that are used to launch attacks - the report does not go as far as to apportion blame to the Iranian authorities.

Continued : http://www.hotforsecurity.com/blog/fbi-warns-firms-of-sophisticated-iranian-hacker-threat-11012.html

Related : Iranian CLEAVER hackers may DRAIN energy and defence firms, warn Feds

- Collapse -
Researchers Go Inside Illegal Underground Hacking Markets
Dec 16, 2014 3:52AM PST

Underground hacker markets are peddling complete kits to create new identities, elevating in-person fraud scams a tier closer to credit card theft and fraud.

Researchers at Dell SecureWorks released an update to 2013 research on black hat markets, noticing a number of noteworthy trends beyond the theft of personal credentials such as passports, driver's licenses, working Social Security numbers and even utility bills as a second form of authentication.

Hacking and crimeware services, for example, continue to mimic legitimate business practices by not only selling services, but also tutorials, notably how-tos on cashing out credit cards, bank transfers, basic carding, basic phishing and many more, Dell SecureWorks researchers Joe Stewart and David Shear wrote in their report (pdf).

Continued : http://threatpost.com/researchers-go-inside-illegal-underground-hacking-markets/109906

- Collapse -
Malicious links: Spammers change malware delivery tactics
Dec 16, 2014 3:52AM PST

Symantec Security Response blog:

Attackers behind malicious spam campaigns have shifted their tactics in recent months and are increasingly attempting to infect victims by luring them into clicking on links rather than sending them malicious attachments.

Since late November, Symantec Security Response has seen a spike in the number of malicious emails using this tactic. Over the last six months, there were relatively few spam emails containing malicious links. For example, in October, only seven percent of malicious spam emails contained links. That number jumped to 41 percent in November and has continued to climb in early December.

.. Over the last few weeks, spammers have been pummeling mail servers with social engineering-themed messages, including malicious fax and voicemail notification emails. These emails contain information that is typically included in legitimate fax and voicemail messages, such as a caller ID or confirmation number, but the information itself is fake.

Continued : http://www.symantec.com/connect/blogs/malicious-links-spammers-change-malware-delivery-tactics

- Collapse -
Banks: Park-n-Fly Online Card Breach
Dec 16, 2014 3:52AM PST

Multiple financial institutions say they are seeing a pattern of fraud that indicates an online credit card breach has hit Park-n-Fly, an Atlanta-based offsite airport parking service that allows customers to reserve spots in advance of travel via an Internet-based reservation system. The security incident, if confirmed, would be the latest in a string of card breaches involving compromised payment systems at parking services nationwide.

In response to questions from KrebsOnSecurity, Park-n-Fly said it recently engaged multiple outside security firms to investigate breach claims made by financial institutions, but so far has been unable to find a breach of its systems.

"We have been unable to find any specific issues related to the cards or transactions reported to us and by the financial institutions," wrote Michael Robinson, the company's senior director of information technology, said in an emailed statement. "While this kind of incident is rare for us based on our thousands of daily transactions, we do take every instance very seriously. Like any reputable company involved in e-commerce today we recognize that we must be constantly vigilant and research every claim to root out any vulnerabilities or potential gaps."

Continued: http://krebsonsecurity.com/2014/12/banks-park-n-fly-online-card-breach/

- Collapse -
FBI Used the Web's Favorite Hacking Tool to Unmask Tor Users
Dec 16, 2014 3:54AM PST

For more than a decade, a powerful app called Metasploit has been the most important tool in the hacking world: An open-source Swiss Army knife of hacks that puts the latest exploits in the hands of anyone who's interested, from random criminals to the thousands of security professionals who rely on the app to scour client networks for holes.

Now Metasploit has a new and surprising fan: the FBI. WIRED has learned that FBI agents relied on Flash code from an abandoned Metasploit side project called the "Decloaking Engine" to stage its first known effort to successfully identify a multitude of suspects hiding behind the Tor anonymity network.

Continued : http://www.wired.com/2014/12/fbi-metasploit-tor/

Related : FBI op, leading to child porn convictions, used Metasploit

- Collapse -
Fraudsters take advanced fee scams to the next level
Dec 16, 2014 3:59AM PST

The PhishLabs blog:

We've all seen them before. The late prince Abdul has left us millions in inheritance and we need only provide a minor convenience fee to receive the funds. Advanced fee scams are nothing new and have been circulating the Internet since its inception. Until now, scammers have relied on email correspondence and convincing legal jargon to con victims out of their hard-earned dollars.

Recently, PhishLabs discovered an advanced fee scam with a twist - an elaborate but faux bank website. The scam begins with a classic lure purporting to be a lawyer from the African nation of Togo. The reader is informed that the inheritance money is in a foreign bank account and a link to the fake bank holding the funds is provided along with login credentials. The fraudsters registered a fake domain name to further deceive users.

The fake bank website was built from the ground up, even utilizing a database structure to handle user accounts.

Continued : http://blog.phishlabs.com/fraudsters-take-advanced-fee-scams-to-the-next-level

- Collapse -
Fake Cell Towers Found in Norway
Dec 16, 2014 3:59AM PST
Bruce Schneier @ his "Schneier on Security" blog:

In yet another example of what happens when you build an insecure communications infrastructure, fake cell phone towers have been found in Oslo. No one knows who has been using them to eavesdrop.

This is happening in the US, too. Remember the rule: we're all using the same infrastructure, so we can either keep it insecure so we -- and everyone else -- can use it to spy, or we can secure it so that no one can use it to spy.

https://www.schneier.com/blog/archives/2014/12/fake_cell_tower.html
- Collapse -
TorrentLocker exposed: Investigation and analysis
Dec 16, 2014 3:59AM PST

ESET researchers analyzed a widespread case of ransomware generally known as TorrentLocker, which started spreading in early 2014. The latest variant of the malware has infected at least 40,000 systems in the last few months targeting primary European countries.

Family of this ransomware encrypts documents, pictures and other files on user's device and requests ransom to get back access to their files. Its typical signature is paying ransom solely in crypto-currency - up to 4.081 Bitcoins (1180€ or $1500).

In the last campaigns, TorrentLocker has infected 40-thousand systems and encrypted more than 280 million documents in targeted countries mainly from Europe, but addressing also users in Canada, Australia and New Zealand.

Continued : http://www.net-security.org/malware_news.php?id=2931