Hacks

Pawn Storm having a group also known as  APT28 , Strontium, and  Fancy Bear  active since at least 2004, the group has targeted many organizations globally. The threat actors behind the hacking group use sophisticated social engineering lures, data-stealing malware, several zero-days, and even a private exploit kit. Attack on Webmail servers According to a new report from Trend Micro, the hacker group searches for vulnerable mail servers, for the past 2 years to launch sophisticated phishing campaigns. Starting from 2019 the group probes on several email servers and Microsoft Exchange services around the world. Threat actors aimed at TCP port 443 (used by webmail and Microsoft Exchange Autodiscover services), IMAP port (143, 993), PoP3 port (110, 995) and SMTP port(465, 587) are checked. Pawn Storm Phishing Campaign The attack was conducted aiming to exfiltrate data such as vulnerable systems, brute force credentials, exfiltrate email data, and send out...

Microsoft has taken down the infamous Necurs botnet that impacted more than nine million computers worldwide. The Necurs botnet is the largest spam and malware botnet. The botnet is known for distributing several malware particularly the Locky ransomware malware, the botnet believed to be operated from Russia. The Necurs botnet was first detected in 2012, it primarily acts as a dropper for other malware, between the years 2016 to 2019 the botnet emerges as largets one and responsible for 90% of the malware spread by email worldwide. Necurs Botnet TakeDown The world’s largest botnet was taken down as a coordinated operation between Microsoft and partners across 35 countries. Microsoft  said  that within a “58-day period in our investigation, for example, we observed that one Necurs-infected computer sent a total of 3.8 million spam emails to over 40.6 million potential victims.” The botnet is known for conducting various spam attacks such as stock scams, fake ...

The most popular free certificate signing authority  Let's Encrypt  is going to revoke more than 3 million TLS certificates within the next 24/48 hours that may have been issued wrongfully due to a bug in its Certificate Authority software. The bug, which Let's Encrypt  confirmed  on February 29 and was fixed two hours after discovery, impacted the way it checked the domain name ownership before issuing new TLS certificates. As a result, the bug opened up a scenario where a certificate could be issued even without adequately validating the holder's control of a domain name. The  Certification Authority Authorization  (CAA), an internet security policy, allows domain name holders to indicate to certificate authorities (CAs) whether or not they are authorized to issue digital certificates for a specific domain name. Let's Encrypt considers domain validation results good only for 30 days from the time of validation, after which it rechecks the CAA record a...

Linux Foundation and Harvard’s Lab identifies the most commonly used free and open-source software and the potential vulnerabilities associated. The Census II report determines the “important steps towards understanding and addressing structural and security complexities in the modern-day supply chain where open source is pervasive, but not always understood.” The report also identifies the commonly used application in production environments and examine them for potential vulnerabilities. “The Census II report addresses some of the most important questions facing us as we try to understand the complexity and interdependence among open-source software packages and components in the global supply chain,” said Jim Zemlin, executive director at the Linux Foundation. Starting from  Heartbleed  security bug, the importance of FOSS is understood than ever before and they are a critical part of a production environment, throughout the supply chain. Most-Used Packages ...

Earlier today, various media reported that internet service providers in the country have started blocking 472 websites, including Google Docs and Google’s URL shortener in response to a Delhi high court order. The court was acting on a petition by Multi Screen Media (MSM), the company that owns the broadcast rights to the ongoing FIFA World Cup. The story caused outrage on social media, with many wondering how exactly Google Docs, the word processing and sharing service, might have violated MSM’s copyright. Not to mention the court’s apparent lack of tech savvy in accepting a plea to block a url shortener. All of those concerns are valid. But users of Google Docs don’t have to worry. Before the department of telecom could direct ISPs to block the listed websites, some new developments diverted the court’s order. Namely, Airtel, a prominent ISP which was made party to the case, approached the court saying the order should specify individual urls hosting such content and should ...

Silk Road 2 Hacked By SEA. Black Marketing site " Silk Road 2 " have once again faced the attack from the hackers, on which about 4,000 Bitcoin have been stolen. Silk Road 2 Moderator Defcon reported in a forum post that hacker have used transaction malleability exploit to hack the site and stolen 4474.26 Bitcoins worth of $2,747,000.  As Silk Road site use escrow service for Bitcoin  transaction between buyers and seller, and hackers have took the advantage of same thing and exploited the transaction malleability bug. Transaction Malleability is the function that that mask transaction and ask for same amount of Bitcoin multiples  times. According to the Silk Road 2, hackers have used the Silk Road automatic transaction verification system to order from each other and also request for refunds for unshipped  goods. Defcon have asked a hackers to return the Bitcoin and wrote: - “Given the right flavor of influence from our comm...