6 C
London
Wednesday, November 22, 2017
Home Tags Web Hosting

Tag: Web Hosting

Millions relied on Space City Weathermdash;herersquo;s the configuration that weathered the storm.
Bork bork bork! Hackers infiltrate major hosting provider Loopia A major Swedish web hosting has been compromised and its entire customer database leaked.…
Is it the alt-right or anti-fascists? Most likely the latter Web hosting biz DreamHost has been largely crippled today by a distributed denial of service attack, bringing down most of its services.…
Despite warrant's language, feds say they didn't want disruptj20.org visitor logs.
Dreamhost, meanwhile, "will host any website as long as its content is legal."
Web hosting company Internet Nayana is paying a hacker 1.3 billion won in bitcoin after its servers were hijacked by a ransomware attack.
Talked scum down from $4.4m after they waltzed through unpatched legacy mess A South Korean web hosting company is forking out just over US$1 million to ransomware scum after suffering more than eight days of nightmare.…
Cybercriminals like to subvert legitimate online services like Google Docs and Dropbox to carry out their malicious activities.

The free website hosting company Wix is the latest addition to the list of services they’ve abused.Researchers from security company Cyren found that scammers were creating phishing sites designed to harvest Office 365 login credentials via Wix, which offers a simple click-and-drag editor for building web pages.

As typically happens with free services, the criminals are taking advantage of these tools to carry out their operations.[ 4 top disaster recovery packages compared. | Backup and recovery tools: Users identify the good, bad, and ugly. ]The phishing site looks like a new browser window open to an Office 365 login page.
In fact, it’s a screenshot of an Office 365 login page with editable fields overlaid on the image. Users would think the site is legitimate and enter the login credentials, except the information is entered into the fields on the overlay and not the actual Office 365 page.To read this article in full or to leave a comment, please click here
"Six ways Buzzfeed has misled the court... and a picture of a kitten."
A hacker is proving that sites on the dark web, shrouded in anonymity, can easily be compromised.   On Friday, the unnamed hacker began dumping a sizable database stolen from Freedom Hosting II onto the internet, potentially exposing its users.[ Expand your security career horizons with these essential certifications for smart security pros. | Discover how to secure your systems with InfoWorld's Security Report newsletter. ]The hosting service, Freedom Hosting II, was known for operating thousands of sites that were accessible through the Tor browser; the "dark web" is essentially the encrypted network comprising Tor servers and browsers.

But on Friday, the service appeared to be down.
Its main landing page was replaced with a message saying that it had been hacked.To read this article in full or to leave a comment, please click here
The ShadowBrokers didn't break into the United States National Security Agency after all.

The latest research into the group of cybercriminals selling alleged NSA spy tools reinforced the idea that they'd received the classified materials from an insider within the intelligence agency, security company Flashpoint said. Analysis of the latest ShadowBrokers dump, which was announced earlier in the month on the blogging platform Medium by "Boceffus Cleetus," suggests the spy tools were initially taken directly from an NSA code repository by a rogue insider, Flashpoint said.

The company's researchers analyzed the sample file containing implants and exploits and various screenshots provided in the post and have "medium confidence" that an NSA employee or contractor initially leaked the tools, said Ronnie Tokazowski, senior malware analyst with Flashpoint. However, they were still "uncertain of how these documents were exfiltrated," he said. ShadowBrokers first began offering more than a dozen sophisticated tools for sale -- such as software for extracting decryption keys from Cisco PIX firewalls -- in underground marketplaces over the summer.

The post-exploitation tools, intended to give attackers a way to gain a foothold in the network or move around laterally after the initial breach, targeted flaws in commercial appliances and software.

The Cisco vulnerability (now patched) would have allowed attackers to spy on encrypted communications, for example. Flashpoint's investigators believe the files were taken from a code repository because the sample file was written in the Markdown, a lightweight markup language commonly used in code repositories to simplify how files are parsed. "Looking at the dump and how the data is structured, we're fairly certain it's from internal code repository and likely an employee or contractor who had access to it," said Tokazowski. When the first set of ShadowBrokers were put up for sale, there was speculation that attackers had either successfully breached NSA infrastructure or NSA operatives had mistakenly left sensitive files on a publicly accessible staging server.
Shortly afterwards, the FBI arrested NSA contractor Harold Martin for stealing government materials.
Some of the tools included in the ShadowBrokers dump were among the classified materials in Martin's possession, suggesting some kind of involvement with the theft and sale. While Flashpoint's Tokazowski rejected the idea that the cybercriminals had stolen the files directly through external remote access or discovered them on an external staging server, he did not draw any conclusions whether Martin was involved. While the contractor denies he gave anyone the files, it seems quite possible that someone else may have broken into his non-classified computer to steal the tools. The theft of the ShadowBrokers files overlap somewhat with former Booz Hamilton consultant Edward Snowden who stole thousands of NSA-related documents, but Flashpoint said there was nothing linking the theft of these tools with the former NSA contractor. "The close proximity of events raises the question if there were multiple insiders acting independently during 2013," Tokazowski said. Nation-state attacks and flashy attacks tend to consume most of the security attention, but malicious insiders pose a significant threat to enterprise networks because they already have access to sensitive data and systems. Most IT teams will never have to worry about dealing with a nation-state attack, but every single one of them has to face the prospect of an employee or an administrator going rogue and stealing corporate secrets or damaging the network. Mistakes as a result of careless insiders, such as when employees copy files for non-malicious reasons but the copies get stolen by adversaries, are also common. In the case of The ShadowBrokers, the contractor or employee may have had limited access to the tools since the implants and exploits released thus far appear to be all Linux- and Unix-based.

An insider with wider access would theoretically have been able to grab different types of tools. There's not enough evidence to understand the rogue insider's motivations for stealing the spy tools, but Flashpoint doesn't think it was money. The implants and exploits in this set appear to have been developed between 2005 to 2013, such as the ElatedMonkey exploit, which targeted a local privilege escalation flaw in a 2008 version of the web hosting control panel interface cPanel.

The attack tools are several years old, making it likely the NSA has already moved on to more modern exploitation tools.
If the insider wanted to sell them, the time to do so was shortly after the theft. "If The Shadow Brokers were trying to make a profit, the exploits would have been offered shortly after July 2013, when the information would have been most valuable," Flashpoint said.
The partnership between certificate authority Comodo and hosting panel vendor cPanel, enables a new AutoSSL feature that has already provided 5.8 million free SSL/TLS certificates. It's about to get a whole lot easier to deploy encryption across the we...