NEWS - March 17, 2014

"Malwarebytes Unpacked" Blog:

At one time, the Japan-based Bitcoin exchange Mt. Gox handled 70 percent of all Bitcoin transactions.

However, you've now likely heard the company has fallen into bankruptcy since losing over $400 million dollars in Bitcoins — with the company saying "there is a high possibility that the Bitcoins were stolen."

The events surrounding the missing Bitcoins have created a lot of attention in the media; there was even a fake video we blogged about claiming that traders could recover their lost coins.

Nonetheless, while all the legal matters are still underway, Mt. Gox CEO Mark Karpeles had his personal blog and Reddit account hacked last week. The hackers used the compromised sites to upload a 700mb archive, which they claim has "relevant database dumps, csv exports, specialized tools, and some highlighted summaries compiled from data".

Continued : http://blog.malwarebytes.org/cyber-crime/2014/03/bitcoin-malware-found-in-leaked-mt-gox-files/

Related:
Bitcoin-stealing malware hidden in Mt. Gox data dump, researcher says
MtGox remedy worse than the disease says Kaspersky researcher
Mt. Gox CEO doxing was a ploy to spread Bitcoin-stealing malware

Now that the dust has settled after the Pwn2Own contest, the browser manufacturers are beginning to roll out patches for the vulnerabilities exploited by contestants. Google on Monday released fixes for a number of bugs in Chrome discovered and exploited during Pwn2Own, releasing new versions of the browser for Windows, Mac and Linux.

This year's Pwn2Own, which runs in conjunction with the CanSecWest conference in Vancouver, showcased vulnerabilities and exploits in most of the major browsers, including Internet Explorer and Firefox, along with Chrome. The team from VUPEN, the French security and exploit-sales firm, took home several hundred thousand dollars in prize money from the contest, a good portion of it for demonstrating new bugs in Google Chrome. In addition to the prize money from the contest, Google also is paying its own rewards to the researchers who used new flaws in Chrome.

VUPEN earned a $100,000 reward from Google for its two Chrome vulnerabilities, and an anonymous researcher also earned $60,000 for two separate vulnerabilities. The flaws used in Pwn2Own that Google fixed in Chrome 33 are:

Continued : http://threatpost.com/google-patches-four-pwn2own-bugs-in-chrome-33/104828

"Bad admin or some more malicious act sent requests down the wrong pipe" - [Screenshot]

For about a half hour on Saturday, some requests to one of Google's DNS servers in the US were re-routed through a network in Venezuela. A false Border Gateway Protocol (BGP) announcement from the Venezuelan network caused the diversion, which affected networks primarily in Venezuela and Brazil, as well as a university network in Florida. It all started at 5:23pm Greenwich Time (UTC).

Andree Toonk of the network monitoring service BGPmon.net told Ars that the false routing request was dropped 23 minutes later, "most likely because the network that announced this route realized what happened and rolled back the change (to their router) that caused this." During the intervening period, he said, traffic may have been re-routed back to Google, or it just may have been dropped. The result was failed DNS requests for those on the affected networks.

Continued : http://arstechnica.com/information-technology/2014/03/google-dns-briefly-hijacked-to-venezuela/

Related:
Google free public DNS services were briefly corrupted
Google's Public DNS Hijacked for 22 Minutes