Tag Archives: facebook

FCC blames DDoS for weekend commentary lockout

Not down to people trying to file comments on issues rhyming with wetsuit balloty, it insists Problems faced by consumers hoping to submit comments to the Federal Communications Commission over the weekend were caused by a denial of service attack, the US government agency admits.…

Continue Reading:
FCC blames DDoS for weekend commentary lockout

Mysterious Hajime botnet has pwned 300,000 IoT devices

The Dark Knight of malware’s purpose remains unknown Hajime – the “vigilante” IoT worm that blocks rival botnets – has built up a compromised network of 300,000 malware-compromised devices, according to new figures from Kaspersky Lab.…

Read More:
Mysterious Hajime botnet has pwned 300,000 IoT devices

34 People Arrested in Global Crackdown on DDOS Attack Service Users

Today’s topics include the arrest of 34 individuals in 13 countries charged with using online services that provide denial-of-service attacks to order, Apple’s security patch for its macOS and iOS, the release of Facebook’s Certificate Transparency Monitoring tool and Google’s improvements to its machine learning technology through its Embedding Projector technology. International law enforcement agencies in more than dozen countries arrested 34 individuals in a cyber-crime sweep that focused on customers of online services that provide denial-of-service attacks to order. In the United States, the FBI arrested a 26-year-old University of Southern California graduate student allegedly linked to distributed denial-of-service (DDoS) attack that knocked a San Francisco chat-service company offline. The suspect, Sean Sharma, was charged on Dec. 9 with purchasing a DDoS tool used to mount the attack, the FBI stated in a release. Since last week, the FBI’s International Cyber Crime Coordination Cell, or IC4, and other law enforcement agencies—including Europol and the U.K.’s National Crime Agency—have arrested 34 suspects and conducted interviews with 101 individuals. Apple is updating both its desktop macOS Sierra and iOS mobile operating systems for multiple security vulnerabilities. The iOS 10.2 update was officially released on Dec. 12, while the macOS 10.12.2 update followed a day later on Dec. 13. Among the items fixed in iOS 10.2 is a vulnerability that was first publicly disclosed in a YouTube video on Nov. 16 that can enable a potential attacker to access a user’s photos and contacts from the iPhone’s lock screen. The vulnerability is identified as CVE-2016-7664 and was reported by Miguel Alvarado of iDeviceHelp. On Dec. 13, Facebook announced the launch of its freely-available Certificate Transparency Monitoring tool, providing users with a simple way to search for recently issued certificates and to be alerted when a new certificate is issued for a specific domain. SSL/TLS is the encryption standard used across the internet to secure websites. A best practice for SSL/TLS is for the security certificates to be issued by a known Certificate Authority (CA) to help guarantee authenticity and integrity. Defective Certificates can be accidentally or maliciously issued, which is a risk that the Certificate Transparency effort aims to help mitigate. Google initiated the Certificate Transparency initiative, which involves Certificate Authorities publishing newly issued certificates to a Certificate Transparency (CT) log. Facebook’s tool enables users to search CT logs for certificates as well as provides a mechanism to subscribe to alerts on domains. Google has open sourced its Embedding Projector, a web application that gives developers a way to visualize data that’s being used to train their machine learning systems. Embedding Projector is part of TensorFlow, the machine learning technology behind some popular Google services like image search, Smart Reply in Inbox and Google Translate. In a technical paper, Google researchers described the Embedding Projector as an interactive visualization tool that developers can use to interpret machine-learning models that rely on what are known as “embeddings.” “With the widespread adoption of ML systems, it is increasingly important for research scientists to be able to explore how the data is being interpreted by the models,” Google engineer Daniel Smilkov said in Google’s open source blog. Source: http://www.eweek.com/video/34-people-arrested-in-global-crackdown-on-ddos-attack-service-users.html?=large-video-widget

Read the original post:
34 People Arrested in Global Crackdown on DDOS Attack Service Users

HSBC Website Suffers DDoS Attack

OurMine Hacking group conducted a massive DDoS attack on HSBC websites forcing the sites to go offline in UK and the USA! The official domain of HSBC (Hongkong and Shanghai Banking Corporation) came under massive distributed denial-of-service (DDoS) attack on 12July affecting domain in UK and the USA. The DDoS attack was conducted by OurMine hacking group which previously made headlines for hacking social media accounts of high-profile tech celebrities including Facebook’s Mark Zuckerberg and Google’s Sundar Pichai but this is the second DDoS attack  after WikiLeaks last week. Currently, the reason for targeting HSBC bank is unknown though according to SoftPedia the cyber attack was stopped within few hours after one of HSBC’s staffs contacted the attackers. “Hello, We stopped the attack of HSBC Bank! a staff of HSBC Talked with us,” stated the hackers on their official blog. Screenshot shared by attackers shows HSBC’s UK and US domains are down! It is unclear if the bank was targeted for ransom or just for fun, however, this is not the first time when HSBC faced such attacks. In January 2016 hacktivists from New World Hacktivists (NWH) claimed responsibility for a DDoS attack on HSBC’s mobile servers on payday. As far as OurMine is concerned, it is the same group who hacked  Google’s CEO Sundar Pichai Quora account which was also linked to his Twitter account, the group also hacked Facebook’s CEO Mark Zuckerberg Twitter and Pinterest accounts and last but not the least the official Twitter account of Twitter’s CEO Jack Dorsey was also taken over by the same group. DDoS attacks have been increasing with every passing day . In the past, DDoS attacks were conducted just for fun or to shut down servers but now hackers attack sites for ransom and keep them down until a ransom is paid. The ProtonMail DDoS attack is a fine example of how these attacks are becoming another online mafia to steal money. At the time of publishing this article, both targeted sites were reachable. Source: https://www.hackread.com/hsbc-website-suffers-ddos-attack/  

Read the original post:
HSBC Website Suffers DDoS Attack

WikiLeaks’ website was taken offline with a DDoS attack amid an ongoing hacker feud.

As a long-time feud between rival hacking groups boiled over, the WikiLeaks website was caught in the crossfire and brought offline by a distributed-denial-of-service (DDoS) attack on 5 June. However, rather than react with anger, leaked chat logs show how WikiLeaks’ Twitter account engaged the group responsible, called OurMine, and even offered hacking tips for the future. Direct messages leaked to Buzzfeed show how WikiLeaks’ account, rumoured to be helmed by the website’s founder Julian Assange, told the group – which has become known for hacking the online profiles of high-profile figures – their talents could be put to better use. OurMine has recently hacked a slew of celebrities and technology executives including Facebook’s Mark Zuckerberg, Google’s Sundar Pichai and Spotify founder Daniel Ek. Every time, they leave a message telling the victim how weak their security is and leave a link to their website. Indeed the group claims to be a security firm rather than a hacking outfit. In any case, as far as ‘hacks’ go, OurMine’s activity is fairly tame. Until WikiLeaks’ website was taken down – thanks to an ongoing head-to-head with the Anonymous collective – there was little real damage caused to victims other than embarrassment. The DDoS attack took down the famous whistleblowing website by sending waves of traffic towards its servers, a common tactic used in hacktivist circles as a means of protest. After the incident, WikiLeaks got in touch and said the group was wasting its time by not making the most of the chances received by infiltrating profiles of the rich and famous. “If you support us and want to show you’re skills, then don’t waste your time with DDoS etc,” the account wrote. “Find us interesting mail spools or docs and send them to [WikiLeaks]. That’ll have a much greater impact.” After OurMine replied with “We never change their passwords we are just testing their accounts’ security” WikiLeaks said it was a “huge waste.” The message continued: “There’s a lot more than (sic) could have been done with those accounts. Sending DM’s as Zuckerberg to further access elsewhere. Same with Google CEO. You could have used these accounts to gain access to much more significant information, revealing corrupt behaviour elsewhere.” Based on the chats, OurMine appeared to agree with the new direction. “Great idea,” it said. One the hackers, speaking with Wired, previously said: “We don’t need money, but we are selling security services because there is a lot [of] people [who] want to check their security. We are not blackhat hackers, we are just a security group…we are just trying to tell people that nobody is safe.” Source: http://www.ibtimes.co.uk/wikileaks-tells-ourmine-hackers-impersonate-high-profile-victims-reveal-corrupt-behaviour-1569499

Read More:
WikiLeaks’ website was taken offline with a DDoS attack amid an ongoing hacker feud.

Swedish sysadmins reach for the hex key, reassemble services after weekend DDoS

News sites bork-bork-borked for spreading ‘false propaganda’ News outlets in Sweden went dark over the weekend in the face of a large-scale distributed denial-of-service (DDoS) attack.…

Follow this link:
Swedish sysadmins reach for the hex key, reassemble services after weekend DDoS

Remote code exec hijack hole found in Huawei 4G USB modems

Ruskies sling malicious packet to trigger denial of service. Positive Technologies researchers Timur Yunusov and Kirill Nesterov have found since-patched remote execution and denial of service vulnerabilities in a popular Huawei 4G USB modem that can allow attackers to hijack connected computers.…

View original post here:
Remote code exec hijack hole found in Huawei 4G USB modems