NEWS - October 08, 2015

Cisco disrupts $30 million browser plug-in hacking operation

The company said unnamed hackers used the notorious Angler Exploit Kit to take advantage of vulnerabilities in common browser plugins, such as Flash and Java. As many as 90,000 users were affected each day by the attack.

The networking company, through its security wing Talos Group, patched the vulnerabilities being used by the exploit kit, cutting off affected machines from the command-and-control infrastructure.

"This is a significant blow to the emerging hacker economy where ransomware and the black market sale of stolen [intellectual property, credit card info and personally identifiable information are generating hundreds of millions of dollars annually," said the researchers in a blog post.

Continued :

Related: Researchers Disrupt Angler Exploit Kit Ecosystem, Derail $30M Ransomware Campaign
Discussion is locked
Reply to: NEWS - October 08, 2015
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: NEWS - October 08, 2015
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
- Collapse -
Verizon Curbs ‘Zombie Cookies,’ But They’ll Still Stalk You

Last year privacy advocates discovered that Verizon has been inserting tracking codes into most of its mobile web traffic—so-called “zombie cookies.” Now the company plans to use those codes to target personalized ads served by AOL, which Verizon acquired earlier this year. But the company says it’s curbing the ability to use the codes beyond its corporate reach.

The company revealed its plans yesterday in a privacy notice spotted by non-profit news outfit ProPublica.

Typically, in order for a website to track its visitors it must leave a small file called a “cookie” on the user’s device. But cookies are tied to the user’s web browser. If they’re using a smartphone app instead of their web browser, it’s difficult to track that user. Plus users can block or delete these cookies.


- Collapse -
At Experian, Security Attrition Amid Acquisitions
T-Mobile disclosed last week that some 15 million customers had their Social Security numbers and other personal data stolen thanks to a breach at Experian, the largest of the big American consumer credit bureaus. But this actually wasn’t the first time that a hacking incident at Experian exposed sensitive T-Mobile customer data, and that previous breach may hold important clues about what went wrong more recently.

Over the past week, KrebsOnSecurity has interviewed a half-dozen security experts who said they recently left Experian to find more rewarding and less frustrating work at other corporations. Nearly all described Experian as a company fixated on acquiring companies in the data broker and analytics technology space, even as it has stymied efforts to improve security and accountability at the Costa Mesa, Calif. based firm.

Continued :
- Collapse -
Former journalist faces 25 years in prison for ..
.. article defacement

Matthew Keys, a former Reuters social media editor, has been found guilty of computer hacking, and could be sentenced to spend as many as 25 years in prison.

Keys was indicted in March 2013 for conspiring with members of the hacker group Anonymous to hack into and alter the website of the Tribune Company-owned KTXL FOX 40 television station in Sacramento, California, for which he worked as a web producer until late October 2010, when he was terminated.

A California jury decided that he did, as accused, share on an IRC channel frequented by hackers the login credentials to the server hosting the site, and urged Anonymous members to tamper with Tribune Company-owned websites.

Continued :

Related :
Jury finds journalist guilty of aiding Anonymous in media hacking case
Journalist convicted of helping Anonymous hack the LA Times
- Collapse -
Android malware hammers phones with unwanted ads

Android users in more than 20 countries have been infected with a particularly aggressive malware program that bombards devices with unwanted advertisements.

Researchers from FireEye found that the malicious component, nicknamed Kemoge, has been seeded inside what appear to be legitimate apps offered on third-party application stores.

"This is another malicious adware family, possibly written by Chinese developers or controlled by Chinese hackers, spreading on a global scale that represents a significant threat," wrote Yulong Zhang, a staff research scientist with FireEye.

Continued :

Related: Android adware wields potent root exploits to gain permanent foothold

Post was last edited on October 8, 2015 5:18 PM PDT

- Collapse -
What’s in a Boarding Pass Barcode? A Lot

Brain Krebs @ his "Krebs On Security" blog:

The next time you’re thinking of throwing away a used boarding pass with a barcode on it, consider tossing the boarding pass into a document shredder instead. Two-dimensional barcodes and QR codes can hold a great deal of information, and the codes printed on airline boarding passes may allow someone to discover more about you, your future travel plans, and your frequent flyer account.

Earlier this year, I heard from a longtime KrebsOnSecurity reader named Cory who said he began to get curious about the data stored inside a boarding pass barcode after a friend put a picture of his boarding pass up on Facebook. Cory took a screen shot of the boarding pass, enlarged it, and quickly found a site online that could read the data. [Screenshot]

“I found a website that could decode the data and instantly had lots of info about his trip,” Cory said, showing this author step-by-step exactly how he was able to find this information. ‘

Continued :

- Collapse -
Disclosed Netgear Router Vulnerability Under Attack

A vulnerability in Netgear routers, already disclosed by two sets of researchers at different security companies, has been publicly exploited.

Netgear, meanwhile, has yet to release patched firmware, despite apparently having built one and confirmed with one of the companies that privately disclosed that it addressed the problem adequately.

Alexandre Herzog, CTO of Compass Security Schweiz Ltd., of Switzerland, told Threatpost that the unnamed victim became aware of the attack upon investigating the reasons behind some router instability. They discovered that all of their DNS queries had been redirected to the attacker’s server.

Continued :

- Collapse -
Wealth of personal data found on used electronics ..
..purchased online

Varying amounts and types of residual data have been found on used mobile devices, hard disk drives and solid state drives purchased online from Amazon, eBay and

Based on an examination of 122 pieces of second-hand equipment, 48 percent of the hard disk drives and solid state drives contained residual data, while thousands of leftover emails, call logs, texts/SMS/IMs, photos and videos were retrieved from 35 percent of the mobile devices.

Upon closer examination, Blancco Technology Group and Kroll Ontrack discovered that a deletion attempt had been made on 57 percent of the mobile devices and 75 percent of the drives that contained residual data. Even more compelling was the discovery that those deletion attempts had been unsuccessful due to common, but unreliable methods used, leaving sensitive information exposed and potentially accessible to cyber criminals.

Continued :
- Collapse -
Amazon iPhone order email has malware attached

Watch out folks - malware has been spammed out in an email claiming to come from Amazon.

The email, which has a subject line of "Your order confirmation for <email address>", tries to trick you into thinking that your credit card has been used without authorisation to purchase goods on the Amazon website. [Screenshot]

Part of the email reads: [...]

If you're paying close attention you might notice that they call it an Iphone rather than an iPhone, and that a genuine email regarding an Amazon order would contain the postal address that you wanted your goods delivered to.

Continued :

CNET Forums