Security Newsletter

10 March 2017

What WikiLeaks' massive CIA Leak tells us about cybersecurity

This week, WikiLeaks returned with a further installment dubbed “Vault 7/Year Zero” that exposes the first cache of 7,818 partly redacted web pages and 943 attachments that make up some of the CIA’s most precious software riddles.

Year Zero introduces the scope and direction of the CIA’s global covert hacking program, its malware arsenal and dozens of zero day weaponized exploits against a wide range of US and European company products, include Apple’s iPhone, Google’s Android and Microsoft’s Windows and even Samsung TVs, which are turned into covert microphones.

While a lot of its content won't surprise most people working in cybersecurity, these kind of leak confirm some important facts:

 

Hackers exploit Apache Struts vulnerability to compromise corporate web servers,
patch now!

Apache Struts is an open-source web development framework for Java web applications. Security experts today urged enterprises using Apache Struts2 for Web applications to upgrade to either versions 2.3.32 or 2.5.10.1 as soon as possible after researchers from Cisco Talos disclosed an easily exploitable bug in all other versions of the open-source framework.

It's widely used to build corporate websites. Exploits for the flaw are already available in the wild and attackers are using them to actively look for and target vulnerable Web servers. Most of the attacks appear to be taking advantage of a proof-of-concept exploit that was released publicly.

The remotely executable flaw exists in something called the Jakarta Multipart parser in Struts. It allows attackers to inject malicious commands into certain HTTP requests, which are then executed by the Web server. What makes the vulnerability especially dangerous is that it allows attackers unauthenticated remote access to insert malicious commands and payloads of their choice into HTTP requests.

 

Spammers expose their entire operation through backups mistakenly disclosed to the public

On Monday, Salted Hash covered the story of how faulty Rsync backups exposed River City Media (RCM), an organization known to Spamhaus. The data breach exposed 1.34 billion email addresses used by RCM to send offers, or emails that most of the public would consider spam. Some of those email records included personal information, compounding the issue.

This leak allows us to discover how spammers operate:

 

How to spot phishing and scams on social media

We spend a lot of time on social media, and for good reason. It has collapsed the communication distance between us and other people, bringing us closer. However, this category of “other people” includes persons you would never want to meet: scammers, blackhat hackers, and other such online criminals.

In this article, you will learn how you can identify a fake online profile, and avoid any of their scamming attempts. You will also learn about social media specific phishing techniques, such as Catphishing and Like-farming.

 

How hackers find your reused passwords: LeakedSource Clone Pops Up on Russian Domain

The original LeakedSource launched in late 2015, and it became known worldwide after it disclosed mega data breaches affecting services such as LinkedIn, MySpace, Dropbox, and many others. The original LeakedSource went down on January 25, this new website, currently hosted at LeakedSource.ru, claims to be a continuation of the official LeakedSource service.

At the same time, the site also became extremely popular with amateur hackers because, for a small fee, it allowed anyone to view cracked passwords from user accounts included in these breaches.

 

Google finally releases it's new, invisible reCAPTCHA

Google's reCAPTCHA is the leading CAPTCHA service (that's "Completely Automated Public Turing test to tell Computers and Humans Apart") on the Web. You've probably seen CAPTCHAs a million times on sign-up pages across the Web; to separate humans from spam bots, a challenge will pop up asking you to decipher a picture of words or numbers, pick out objects in a grid of pictures, or just click a checkbox.

Now, though, you're going to be seeing CAPTCHAs less and less, not because Google is getting rid of them but because Google is making them invisible. It works invisibly in the background, somehow, to identify bots from humans. Google doesn't go into much detail on how it works, only saying that the system uses "a combination of machine learning and advanced risk analysis that adapts to new and emerging threats." More detailed information on how the system works would probably also help bot-makers crack it, so don't expect details to pop up any time soon.

To use it, just click on Get reCaptcha and select "Invisible reCAPTCHA".

 

Malware Retrieves PowerShell Scripts from DNS Records

Malware researchers have come across a new Remote Access Trojan (RAT) that uses a novel technique to evade detection on corporate networks by fetching malicious PowerShell commands stored inside a domain's DNS TXT records.

Most of today's enterprise and home security products monitor HTTP/S traffic primarily. Cisco says that because the malware used DNS queries to hide its activity, unless the target company was monitoring DNS traffic, the infection would have never been picked up.

This content was created by Kindred Group Security. Please share if you enjoyed!

Kindred Group in brief

Kindred is one of the largest online gambling companies in the world with over 24 million customers across 100 markets. We offer pre-game and live Sports betting, Poker, Casino and Games through 11 brands across our markets. We are committed to offer our customers the best deal and user experience possible, while ensuring a safe and fair gambling environment. Kindred is a pioneer in the online gambling industry and as an innovation driven company that builds on trust.