Voat is being kicked by a botnet right now.

Reddit-rival, Voat announced today that it is currently being hit in a DDoS (Distributed Denial of Service) attack by hackers unknown.  For those who are unfamiliar with the sites; both Reddit and Voat act, in essence, as online bulletin boards.  Users can post images, text and direct links, which are then voted up or down to determine their position on the board.  The main selling point of Voat is that, unlike its Reddit counterpart, in it maintains no censorship. 

The Swiss company posted on Twitter at midnight this morning that it is being hit by an ongoing “layer 7 DDoS attack”, adding on its website that this is the indirect reason for the halt in functionality of most of third party apps for Voat. 

They have “bumped up CloudFlare security settings...in order to keep Voat at least somewhat responsive”.  Unfortunately this “essentially breaks most Voat third party apps currently on the market.”  They ended with the question “What doesn't kill you - makes you stronger, right?". 

Currently the website is loading temperamentally; however some users still see the message "Voat is being kicked by a botnet right now.”  

Read the original articles here:  

http://uk.businessinsider.com/reddit-rival-voat-attacked-by-hackers-2015-7?

http://www.ibtimes.co.uk/reddit-alternative-voat-knocked-offline-by-ddos-cyberattack-1510581

The Hackers Become The Hacked

Milan-based “digital mercenar[ies]”, Hacking Team, have fallen victim to their own sword in a hack that has revealed documents that allege that the company did business with various repressive regimes.  The outfit use vulnerabilities and malware to access the networks of their clients’ target in a legal offensive, which they offer to law enforcement services and national security organisations. 

A Reporters Without Borders report released in 2013 named Hacking Team as a “corporate enem[y] of the internet”.  Hacking Team has frequently denied selling their software to repressive administrations and the firm responded to this with a statement claiming that they go  “to great lengths to assure that [their] software is not sold to governments that are blacklisted by the EU, the USA, NATO and similar international organisations or any ‘repressive’ regime.”  They repeat this on their website; yet the 400GB of documents purport that they have been providing services for several repressive authorities including those from Azerbaijan, Bahrain, Kazakhstan, Russia, Saudi Arabia, the UAE and Uzbekistan. 

The integrity of these documents, which were communicated using the official Twitter feed of the firm, have not yet been independently verified.  The hackers posted to the feed for hours after the initial deluge until the company regained control on Monday morning.  The posts, which highlighted particular documents (including emails, invoices and screenshots of employee computers), have since been removed.  The organisation’s Twitter name, which has also been changed back, was changed to Hacked Team. 

One of these tweets asserts that negotiations between Hacking Team and a third-party reseller took place in the context of exporting their software to Nigeria.  Such a sale may have circumvented the export controls put in place by Italy.  Another such tweet, shows an internal debate about a course of action after attacks by the University of Toronto averred that they had sold hacking software to Ethiopia with the purpose of attacking US journalists.  These allegations have never been confirmed or dismissed publically by the company; however, in March, they were dismissed by a spokesperson who suggested that they were “based on some nicely presented suppositions”. 

January 2015 saw the company denying any current business relations with the national intelligence service for Sudan to the Italian representative of the UN.  Despite this one of the documents supposedly leaked from the company, contains an invoice for 480,000€ received from the Sudanese.  The answer to the UN’s follow-up question, “whether there have [been] any previous business arrangements”, is not recorded. 

The organisation’s website specifically state that they “provide [their] software only to governments or government agencies” and not to “individuals or private businesses”.  However another invoice suggests that they had dealings with the private Brazilian company, YasNiTech, to whom three months access to their remote access tool was sold.  This allowed the organisation to hack into Android, Blackberry and Windows devices.  It is unknown as to whether this was part of a larger contract with the Brazilian state government, if not it is in clear breach of their policy. 

The hacker who has now claimed responsibility for the Hacking Team hack, also claimed responsibility for the hack of their “wannabe competitor”, Gamma Group International.  GGI were best known for their FinFisher surveillance software, 40GB of which was leaked in 2014, giving details of their clients, capabilities and pricing. 

One of the employees of Hacking Team, Christian Pozzi, tweeted saying that the documents are “false lies” and that “a lot of what the attackers are claiming regarding [their] company is not true”.  He stated that they “are currently working closely with the police” and that he “can’t comment about the recent breach”.  Later his feed was hacked and then the entire account was deleted. 

The rare chance to allegedly look inside the workings of a cyber-surveillance firm, like Hacking Team, is being welcomed by numerous privacy groups.  Privacy International released a statement, stating that the “tools [Hacking Team are selling] are [being] used to target human rights activists and pro-democracy supporters at home and abroad.  Surveillance companies like Hacking Team have shown they are incapable of responsibly regulating themselves, putting profit over ethics, time after time. Since surveillance companies continue to ignore their role in repression, democratic states must step in to halt their damaging business practices.”

The veracity of these documents has not yet been confirmed but many are calling for the initiation of a full investigation among them Marietje Schaake, a Dutch MEP who’s been dealing with issues in surveillance tech for years, who is calling for an “urgent, thorough investigation” into the legality of the alleged sales and whether or not they are in contravention of the European sanction against Russia and Sudan.  Whether or not the documents turn out to be genuine many people are asking who’ll be the hacker’s next target. 

In a previous post we discussed the exploitation of zero-day vulnerabilities in Adobe Flash Player, specifically in regards to the flaw, CVE-2015-3113.  The data dump from the Hacking Team hack revealed another zero-day vulnerability in the Flash Player and Windows software: a patch for which is expected to be released today.  Remember to update with this patch as soon as possible to avoid attacks on your system.  

Targeted Contact Data: Freshly Made, 100% Pure

Handcrafted data specialise in providing you with 100% accurate and reliable data to your target audience requirements.  We faced the age old marketers’ problem of contact data quality.  Our hungry sales team constantly needed feeding with new, targeted leads and to provide them with these we needed contacts. And lots of them. 

Going out to buy a bunch of contact data struck us as the best option and, after consulting lots of data brokers, we realised that no matter how much, or how little we spent, the data was mostly terrible.  We came across IT Directors who had left years ago or were never IT Directors at all. 

After a while of this we realised that the only way to get the good quality, fresh contacts we needed was to find them ourselves.  Contact-by-contact, we manually entered their details into our CRM and soon we found we were getting really good at this. So good, that we decided to start offering this manual data crafting as a service for you. 

Whatever your unique target audience requirements, we can find and assemble quality contact information quickly.  We can also provide fully-tailored, lead-generating email campaigns to these fresh contacts.  Either feeding these leads directly to your sales team or pre-qualifying them first by our own experienced sales crew.  And, if your target audience should change week-to-week we can shift the focus of our search to accommodate this. 

We can guarantee that your data is up-to-date, of good quality and accurate.  We can guarantee that your data won’t bounce, be stagnant or be just plain crazy as it can be from a typical data broker.  

Why not learn a little more by visiting our micro-site: www.handcrafteddata.com

Cybercriminals exploit Flash zero-day flaw

Last Tuesday Adobe Systems released a patch for the Flash Player vulnerability, CVE-2015-3113.  However just four days later a malware researcher, who goes by Kafeine, spotted the Magnitude exploit kit being used for a drive-by download attack, exploiting the vulnerability. 

The Common Vulnerabilities and Exposures database tracked the flaw known as CVE-2015-3113.  It turns out that CVE-2015-3113 had zero-day status and had been targeted for several weeks by a China-based cyberespionage group prior to the patch being released.  These attacks were targeted against organisations in a broad range of industries from aerospace, defence and technology to construction, transportation, engineering and telecommunications. 

The goal of the exploiters is to compromise sophisticated defence systems and to remain undetected for as long as possible.  For this reason it is not uncommon for Flash Player and other popular applications to be targeted in zero-day exploits. 

Despite this, incidents of non-selective, widespread attacks using zero-day exploits are uncommon; predominantly due to the value of zero-day vulnerabilities to the attackers.  Financially it is not sensible for such brash campaigns to be used as this draws attention to the vulnerability and makes it more likely for it to be discovered and patched quickly. 

Instead the exploiters usually prefer to integrate their exploits into already patched vulnerabilities, working on the principle that many users will not install patches speedily enough.  The creators of these exploit kits, however, are dramatically reducing the time they need to incorporate the attack.  As such, users are being left with a much shorter time frame to deploy the patch in before the exploits are integrated.  In the case of the CVE-2015-3113 vulnerability this was only 4 days.  This causes issues in organisations who typically install updates in schedules often separated by more than a week. 

Another Flash Player exploit occurred earlier this year by the Nuclear EK exploit kit.  This was integrated a mere week after the patch was released.  A decreasing trend in patch window size is emerging. 

Currently the Magnitude attacks on the CVE-2015-3113 vulnerability install the Cryptowall ransomware, if successful.  This could be changed at any time by the attackers.  

Hackers can use Blu-Ray discs to breach networks.

An innocent-looking Blu-ray disc can be used by malicious actors to get a foothold in a targeted network, a researcher has warned.

According to Stephen Tomkinson of the NCC Group, both hardware and software Blu-ray players are plagued by vulnerabilities that can be leveraged to execute arbitrary files stored on the disc.

The advanced features provided by Blu-ray discs, such as dynamic menus and Web access, are built using BD-J (Blu-ray Disc Java). The specification is used to create interfaces and embedded applications called Xlets. Xlets are similar to Java applets, but they are specially designed for digital TV environments.

Xlets run in a Java VM and they use the SecurityManager class to implement security policies. Tomkinson noted that, in general, these security policies prevent discs from accessing elements outside of the virtual file system and prevent interaction with the underlying operating system.

In his tests, Tomkinson targeted PowerDVD, a popular Blu-ray player application developed by CyberLink. The researcher has found a way to disable the SecurityManager developed by CyberLink and gain access to methods that can be used to launch arbitrary executable files stored on the disc.

On systems where PowerDVD is installed, Blu-ray discs are automatically played with the application, which enables attackers to bypass autorun attack mitigations in Windows, the expert said.

As for physical Blu-ray players, the researcher used an exploit previously developed by Malcolm Stagg to get a shell on the device. From there, Tomkinson managed to come up with a way to execute arbitrary files located on the disc.

Both software and physical players can be targeted with a single disc, the researcher said. An attacker can create a disc that detects the player type and executes a malicious file specific to that platform. In order to avoid raising suspicion, a legitimate video file can be played right after the malicious files are launched.

“[The malicious] executables could be used by an attacker to provide a tunnel into the target network or to exfiltrate sensitive files, for example,” Tomkinson explained in a blog post.

The researcher has pointed out that in the case of physical Blu-ray players, an attacker needs to ensure that the device doesn’t go to sleep after the victim has stopped viewing the video. This can be achieved by intercepting the power off request and by switching off the power LED in order to avoid raising suspicion.

In an attack targeted at a corporate network, if the player is configured for Wi-Fi access, malicious actors can easily obtain Wi-Fi settings because the information is stored on the device unencrypted.

The NCC Group says it’s working with affected vendors to get the vulnerabilities fixed, but “with varying degrees of success.” Until the vulnerabilities are addressed, Tomkinson advises users not to utilize discs from untrusted sources, and disable the autoplay feature. In the case of hardware players, they should not be connected to the network or the Internet unless necessary.

Using removable media to distribute malware is not unheard of. The Equation Group, an entity that is believed to have ties to the NSA, reportedly replaced CD-ROMs sent out by the organizers of a scientific conference with ones containing malware.

(Article Taken from SC Magazine)

Hackers Steal $1bn from Banks.

British banks are thought to have lost tens of millions of pounds after a gang of Russian based hackers spent the last two years orchestrating the largest cybercrime ever uncovered.

As much as £650 million is thought to have gone missing after the gang used computer viruses to infect networks in more than 100 financial institutions worldwide.

The hackers managed to infiltrate the bank’s internal computer systems using malware, which lurked in the networks for months, gathering information and feeding it back to the gang.

The illegal software was so sophisticated that it allowed the criminals to view video feeds from within supposedly secure offices as they gathered the data they needed to steal.

Once they were ready to strike, they were able to impersonate bank staff online in order to transfer millions of pounds into dummy accounts.

While the criminals behind the audacious electronic raid are thought to be based in Russia, the scale of their crime was truly global with banks in Japan, China, the United States and throughout Europe having been hit.

The scale of the losses by UK based financial institutions has not yet been disclosed, but is thought to run into tens of millions of pounds.

The scam was uncovered by the Russian cybersecurity firm, Kaspersky Lab, which was called in to investigate after a cash machine in Ukraine was found to have been spitting out money at random times.

As investigators began to look into the problem they were staggered by the scale of the crime they uncovered.

A spokesman for Kaspersky Lab said: “The plot marks the beginning of a new stage in the evolution of cybercriminal activity, where malicious users steal money directly from banks, and avoid targeting end users.”

Despite the fact the plot has been uncovered, it is feared that banks may still find themselves falling victim as once installed the malware can operate almost independently and is extremely difficult to identify.

The cybercriminals would gain entry to an employee’s system through a process called spear phishing, where they would send an email which appeared to come from a trusted source.

Once the email was opened, the malware would infect their system allowing the hacker to jump into the bank’s network.

They would then gain access to an administrator’s computer providing video surveillance of everything on in the office.

They were able to monitor the screens of staff that serviced the cash transfer systems and after watching how they operated were able to mimic the process needed to move money around.

It is thought the largest sums stolen were taken in bold electronic raids, where hackers would break into computer system and transfer tens of millions of pounds in one go.

On average, each bank robbery took between two and four months, from infecting the first computer at the bank’s corporate network to making off with the stolen money.

Another method used was where the criminals would gain access to someone’s account and inflate the balance many times over.

They would then withdraw the amount they had increased it by and the person would never suspect because their original balance remained the same.

Sergey Golovanov of Kaspersky Lab said: “These bank heists were surprising because it made no difference to the criminals what software the banks were using.

“So even if its software is unique, a bank cannot get complacent. The attackers didn’t even need to hack into the banks’ services. Once they got into the network, they learned how to hide their malicious plot behind legitimate actions. It was a very slick and professional cyber-robbery.”

(Article taken from www.telegraph.co.uk)

Bots account for more than half of all 2014 web traffic, report shows

The majority of traffic on the internet this year was from bots, according to Incapsula's Bot Traffic Report 2014.

This year saw 56 percent of all website traffic coming from bots, with 29 percent of those bots being considered ‘bad,' and 27 percent being ‘good,' the research shows. Last year, bot visits accounted for 61.5 percent of all website traffic, according to Incapsula's Bot Traffic Report 2013.

“The bulk of the decrease in bot traffic is contributed to a decline in the good bot activity, mostly in the activity of the bots employed by RSS services,” Igal Zeifman, product evangelist and security researcher with Incapsula, told SCMagazine.com in a Wednesday email correspondence.

Good bots perform functions that may be useful to users and website operators, such as measuring site speed and indexing content, Zeifman said. One example, he explained, is Googlebot, which crawls websites to be indexed in Google Search. 

Conversely, bad bots are malware tools used by hackers and spammers, Zeifman said, adding bad bots are becoming increasingly sophisticated by mimicking human user behavior better and, therefore, becoming much harder to spot.

In the report, bad bots are broken down into four types: Hacking Tools, Scrapers, Spammers, and Impersonators. Of note, Impersonator bots have shown consistent growth over the past few years, increasing to 22 percent of bad bots in 2014 from 20.5 percent in 2013.

“Impersonator bots are browser-like bots that can really belong to any of the above categories,” Zeifman said. “The only difference is that these are more advanced malicious tools that were modified to create a browser-like HTTP fingerprint, to circumvent security measures.”

He continued, “For example, this could be a hacker bot with extra features that allow it to bypass security challenges that would stop a lesser/generic version. These are also DDoS bots used in Application Layer DDoS attacks.”

The smaller the website, the greater percentage of bot traffic, the report shows.

Bots account for 80.5 percent of traffic on small websites bringing in 10 to 1,000 visits per day, 63.2 percent of traffic on medium sites bringing in 1,000 to 10,000 visits per day, 56.2 percent of traffic on larger sites bringing in 10,000 to 100,000 visits per day, and 52.3 percent of Alexa MVP sites bringing in between 100,000 and more than a million visits per day.

“Most bots don't care if your site is popular or not and will crawl, scan and hack it regardless of its popularity,” Zeifman said. “As a result, in relative terms, the percentage of bot visits is much higher on smaller and less popular sites [that] get much less human visits but are still frequented by hype-immune bots.”

(Article taken from SCMagazine.com)