POS Trojans, Android Spear Phishing, and Record DDoS
Extra, Extra, the Internet almost broke (no it didn’t). Read… View all about it!
Too much security news, and too little time? Let me summarize the highlights for you in my weekly InfoSec recap video. This week I cover two trojans targeting point-of-sale (POS) computers, a few software updates, a targeted spear phishing campaign spreading Android malware, and the record-breaking SpamHaus DDoS attack, which didn’t really break the Internet despite some reports. Click play for the details
There were also a ton of other interesting Infosec tidbits this week, beyond what’s in the video. If you’re interested, check out the Reference section below. Stay frosty out there, and have a Happy Easter weekend.
(Episode Runtime: 9:47)
Direct YouTube Link: http://www.youtube.com/watch?v=sC1zLvbjzI4
Episode References:
- vSkimmer point-of-sale (POS) trojan – SC Magazine
- BlackPOS point-of-sale (POS) trojan – PCWorld
- Authorities bust a big credit card and POS cyber fraud ring – Computer World
- Cisco IOS DoS Vulnerabilities Alerts – WGSC
- Chrome 26 fixes 11 security flaws – Threat Post
- Tibetian activist spear phishing campaign spreads Android malware – Forbes
- SpamHaus DDoS attacks break record (300Gbps) – NYT
- CloudFlare post details SpamHaus DDoS – Cloudflare blog
- TIP: Check your network for open DNS resolvers – openresolverproject.org
- Extras:
- “Skript Kiddie” journalist shows how easy password cracking is – Ars Technica
- Teenager charges with smart phone hacking – IB Times
- Adware malware plagues OS X machines – Digital Trends
- Vulnerability found in Battlefield video game – Tech News Daily
- Pirated software often carries malware (no duh!) – Tech World
- Employees ignore security rules – Computer Weekly
- Cool, yet scary, DSLR camera hacks – Network World
- Did Stuxnet break international laws? – Help Net Security
- New cyber legislation proposes harsher penalties – SC Magazine
- Wisconsin man charges with Anonymous-related LOIC DoS – The Register
- Microsoft Metro App security updates will not follow Patch Day – Microsoft
- Linkedin fixes some web application flaws on their site – Tech News Daily
— Corey Nachreiner, CISSP (@SecAdept)
Alexander Kushnarev (Rainbow Security) says
Wow, a pile of news in this episode. I’ve read the most interesting (from my point of view), and want to share some thoughts as always.
1. About POS hacking and “virtual skimmers”. In most cases – there is a simple but splendid idea lies behind “innovative hacking technology”. Why cracking 2 000 user’s PCs for PII (inc. cards info)? It’s better to hack 2 POS machines with 2 000 cards info (inc. related PII). I have no doubt, that besides making/sending/analyzing memory dumps from POS software to have Track 1/Track 2 info – cyber criminals will find a way to get EMV data (chip and PIN info), though it is not trivial programming task. That is why “physical” skimmers are still wide used.
2. DDOS of SpamHaus with answers from recursive DNS servers. Once again – simple but splendid idea lies behind “innovative hacking technology”. Create 300 Gbps DDOS… I can say that this method “ingenious terrible” and “terribly ingenious”. Both statements are true at the same time. I can enumerate (without time to remember) about 5-7 publicity available provider’s DNS servers here in Russia, which unrestricted for DNS-recursive queries. Hope providers will follow recommendations to configure rate limiting and restrict recursion to customer IP-ranges (last, sometimes, can be overcome with IP-spoofing).
mulligans dew says
Thanks a lot for the link to the “password cracking skript kiddie” article. THIS is stuff we need to know in order to create secure passwords!!
mulligans dew says
Thanks a lot for the link to the “password cracking skript kiddie” article. THIS is stuff we need to know in order to create secure passwords!!