It's like Hell’s Version of Amazon

16 April 2018 in Digital Download

It's like Hell’s Version of Amazon

Two major law enforcement operations, led by the Federal Bureau of Investigation (FBI), the US Drug Enforcement Agency (DEA), and the Dutch National Police, with the support of Europol, have taken down of two of the largest criminal Dark Web markets, AlphaBay and Hansa. The capture was enabled by a takedown of Hansa by Dutch law enforcement a month ago, and over the past month users and administrators of Hansa migrated to AlphaBay while Dutch police watched. AlphaBay had over 200,000 users and 40,000 vendors, and included 250,000 listings, containing over 100,000 listings for drugs, firearms, stolen, and fraudulent identification documents, counterfeit goods, malware, and fraudulent services. This doesn’t really affect me, though. I have teenagers and live in Texas, so drugs and firearms are not problem. Read more >

Americans Have Poor Security Hygiene

A study released this week found that although online anxiety is rampant, password practices remain sloppy. For instance, 81% of people surveyed use the same password for more than one account. Ironically, the more “digitally savvy” millennials are the worst offenders, where 92% say they use the same password across multiple accounts. Fortunately, I do a reasonably good job on this by necessity. I think there are 137 different people that use my Netflix account, including grandparents, kids, my kids’ friends, the guy that helped setup my daughter’s smart TV at college, and all her roommates…           Read more >

24x7 Brute Force Attack on Office 365

Since early 2017, Skyhigh has been tracking a brute force login attack on multiple enterprise customers. Using a set of corporate user names and passwords, the attackers launched brute force attacks on high level employees’ Office 365 accounts to gain access to potentially sensitive corporate data. In its analysis, Skyhigh was able to detect over 100,000 attempts (failed logins) from 67 IPs and 12 networks, targeting 48 customers’ Office 365 accounts. Interestingly, it was the user account names that the threat actor was trying to identify, meaning they had used another method to collect the names and passwords. For example, to hack my account, it’s not enough to know my name (Roger Shepard) and my password (NunyaBidness), you would also have to know my account name (DR.Awesome @ domain.com).  Don’t worry - I use $ for the “s” in my password, so I am still safe. Read more >

Millions of Devices Vulnerable to Devils Ivy

Researchers have identified a vulnerability called “Devil’s Ivy” that may allow attackers to gain remote control over tens of millions of products ranging from airport surveillance cameras, sensors, networking equipment, and other IoT devices. The vulnerability allows a remote adversary to flood the targeted device over port 80 with data and create a simple buffer overflow attack. Next, researchers say, the adversary can send a specially crafted payload of data that allows a remote unauthenticated user to execute code on vulnerable devices. Remember all those movies and tv shows where the hacker uses a laptop to magically turn the security cameras off for a heist? It’s exactly like that. Finally, reality is catching up with Hollywood! Now where is my dinosaur park dammit?? Read more >

Cryptocurrency is a Goldmine for Hackers

Ethereum (which sounds like a dance club) announced this week that $30m worth of the crypto-currency had been stolen, thanks to a critical bug in wallet software from their provider Parity Technologies. This is after another compromise allowed hackers to steal $10m from an “initial coin offering (ICO)” held by CoinDash. Ethereum is a distributed public blockchain network similar to Bitcoin. However, Bitcoin only offers one application of blockchain technology, which is a peer-to-peer electronic cash system that enables online Bitcoin payments. The Ethereum blockchain focuses on running the programming code of any decentralized application. Honestly, I have no idea what is actually happening here beyond someone is using fake money to steal real money. The bigger story is that in just 6 months, these “ICO’s” have raised over $1.27 BILLION. Given the amount of money changing hands, and how relatively easy it was for hackers to make off with $40m just this week, we will definitely be hearing more about cryptocoins. Read more >