Attackers are using Joomla servers with a vulnerable Google Maps plugin installed as a platform for launching DDoS attacks. A known vulnerability in a Google Maps plugin for Joomla allows the plugi…
More:
New DDoS attack and tools use Google Maps plugin as proxy
The National Crime Agency’s National Cyber Crime Unit (NCCU) worked with law enforcement colleagues in the Netherlands, Italy and Germany, co-ordinated through Europol’s European Cybercrime Centre (EC…
Taken from:
3 million strong RAMNIT botnet taken down
Evgeniy Bogachev accused of GameOver ZeuS botnet crimes The US State Department and the FBI, have stumped up $3m in reward money for the arrest of Evgeniy Mikhailovich Bogachev, the 30-year-old Russian man accused of stealing over $100m with his malware.…
View post:
Read() or alive, you’re coming with me: Feds offer $3m reward for ‘CryptoLocker baron’
Evgeniy Bogachev accused of GameOver ZeuS botnet crimes The US State Department and the FBI, have stumped up $3m in reward money for the arrest of Evgeniy Mikhailovich Bogachev, the 30-year-old Russian man accused of stealing over $100m with his malware.…
Link:
Red or alive, you’re coming with me: Feds offer $3m reward for ‘CryptoLocker baron’
There are only the sites and services Internet which are subject to known denial of service attacks – common phones, whether mobile or not, are also subject to suffering such blows. That’s what the site revealed The Register that, on Monday (23), brought the story of TNT Instant Up, a device created by hackers Eastern Europe just facing this purpose. Sold on the Internet by values ??ranging between $ 500 and $ 1,200, the equipment uses an interconnected system of SIM cards and modems to bomb one or more numbers linked. Calls are empty and only serve to clog the lines, preventing legitimate users are able to access them The idea here is basically the same as any attack DDoS :. Prevent the use services. But, here, they are not removed from the air, but only end up congested and unusable for the duration of the attacks. The practice is being called TDOs, short for Telephone Denial of Service , or denial of telephone service. The problem is that in the new modality, the results would be much more dangerous . While most of the scams of this type cause financial losses to affected companies and inconvenience to its users, it TDOs would be able to, for example, block emergency services. Furthermore, the TNT Instant up would be simple enough to literally anyone could use it. In a demonstration video freely available on YouTube, one of tool vendors shows up with various cell at the same time, with numbers that are entered from a running software on a computer. Trading in the “merchant” happens ICQ or email and the product is sent by mail as any conventional electronic. The FBI would have identified at least two circumstances in which a device such as TNT Instant Up was used to prevent user access to health service plan or emergency lines. Nevertheless, did not identify crimes that were being made in relation to the attack and that would justify blocking the line and trying to prevent citizens to contact the police, for example. According to the information of IntelCrawler , a provider of systems and security solutions, as well as in denial of service attacks on the web, there are ways to protect against this new type of coup, unless, of course, disconnect the line to phone stops ringing nonstop. An alternative that simply does not exist for emergency services, especially now become more of a tool target that can be used by anyone, whatever her intent. Source: http://www.unlockpwd.com/hackers-create-tool-that-ddos-attacks-on-telephone-lines/
Originally posted here:
Hackers create tool that DDoS attacks on telephone lines
Komodia.com, home to the SSL interception module at the heart of the Superfish adware dustup, is currently under a distributed denial-of-service attack. As of 2 p.m. Eastern time, its home page had been replaced with a notice that the site was offline because it was under attack. “Some people say it’s not DDoS but a high volume of visitors, at the logs it showed [thousands] of connections from repeating IPs,” the notice said. The attack may be an outcome of last week’s disclosure that Superfish, pre-installed on new Lenovo laptops between September 2014 and this January, put users’ sensitive transactions at risk to man-in-the-middle attacks. Komodia’s SSL Digester, a self-proclaimed “SSL hijacker SDK,” is used by Superfish, which analyzes images on a website and serves up ads for products similar to the respective images. Komodia decrypts SSL traffic and does so without triggering a browser-based certificate warning. This enables Superfish, which uses the library, to sit in a man-in-the-middle position and see all traffic leaving the machine beyond online advertisements, putting banking, email and other private transactions at risk. Late last week, researchers uncovered that the Komodia library installs a self-signed root certificate. That same cert, protected by the same password, was shipped on all Lenovo machines. Researcher Rob Graham of Errata Security cracked that password late last week and published details. Attackers can use that information to read traffic that’s supposed to be protected, carrying out a man-in-the-middle attack. Shortly thereafter, researchers with Facebook’s Security Team reported that it had discovered more than a dozen other software applications using the Komodia library in question, along with a list of certificate issuers. That list includes: CartCrunch Israel LTD WiredTools LTD Say Media Group LTD Over the Rainbow Tech System Alerts ArcadeGiant Objectify Media Inc Catalytix Web Services OptimizerMonitor “Initial open source research of these applications reveals a lot of adware forum posts and complaints from people. All of these applications can be found in VirusTotal and other online virus databases with their associated Komodia DLL’s,” said Matt Richard, threats researcher at Facebook. “We can’t say for certain what the intentions of these applications are, but none appear to explain why they intercept SSL traffic or what they do with data.” Richard said the list represents certs on more than 1,000 systems on applications including games, popup generators, or behavior such as Superfish’s. “What all of these applications have in common is that they make people less secure through their use of an easily obtained root CA, they provide little information about the risks of the technology, and in some cases they are difficult to remove,” said Richard, adding that the SSL proxies aren’t likely to adopt advanced protections such as certificate pinning or forward secrecy. “Some of these deficiencies can be detected by anti-virus products as malware or adware, though from our research, detection successes are sporadic,” Richard said. Facebook said that the installer for the root CA includes a number of attributes that make it easy to detect, adding that most are designed to work with newer versions of Windows and won’t install on older versions. Source: https://threatpost.com/komodia-website-under-ddos-attack/111195
Read the original:
Komodia Website Under DDoS Attack
DDoS-for-hire is a growing business for cybercriminals, and continues to prove effective Read more at http://www.tweaktown.com/news/43708/ddos-hire-cyberattacks-effective-cost/index.html Distributed denial of service (DDoS) cyberattacks have plagued consumers and businesses for quite some time, but the rising number of DDoS attacks available as a paid service is troubling. Clients can pay from $2 up to $5 per hour to launch DDoS attacks, or pay a subscription for prices as low as $800 per month. The Lizard Squad hacker group helped draw increased scrutiny to the underground cybercriminal activity – demonstrating its LizardStresser DDoS service in successful attacks against the Sony PlayStation Network and Microsoft Xbox Live. Meanwhile, the Gwapo DDoS service has been publicly advertised via social media and YouTube posted videos, with attacks starting at $2 per hour. “Since their inception in 2010, DDoS-for-hire capabilities have advanced in success, services and popularity, but what’s most unnerving is booters have been remarkably skilled at working under the radar,” according to the “Distributed Denial of Service Trends” report from Verisign. “Given the ready availability o DDoS-as-a-service offerings and the increasing affordability of such services, organizations of all sizes and industries are at a greater risk than ever of falling victim to a DDoS attack that can cripple network availability and productivity.” Source: http://www.tweaktown.com/news/43708/ddos-hire-cyberattacks-effective-cost/index.html
View original post here:
DDoS-for-hire cyberattacks are effective and cost-effective
Kit used as part of online banking fraud Cybercrooks are marketing a hardware-based tool for running denial of service attacks on telephone systems.…
Link:
Calling all cybercrooks: Ready-made phone attack rig for sale
Security scanner spawns hordes of attackers to probe you in all sorts of ways … Google has unleashed its own application security scanner, potentially rescuing admins from ‘fiddly’ existing offerings.…
See more here:
Google unleashes tame botnet to hunt XSS in cloudy code
On February 15, about ten websites of the cities that are in the same network CitySites, were under a DDoS-attack. The ones to suffer most from the attack were the websites of Kharkiv (057.ua), Zaporizhzhya (061.ua), and Mykolaiv (0512.com.ua). Also, the websites of Artemivsk, Luhansk, and Sumy were affected. According to the network’s tech support, the attacks are random as if the hackers were feeling out the websites’ defense. The websites of Donetsk, 62.ua, and Mariupol, 0629.com.ua, are beyond the hackers’ reach. Source: http://imi.org.ua/en/news/47756-network-of-city-websites-citysites-under-ddos-attack.html
View article:
Network of city websites CitySites under DDoS Attack