10Fold – Security Never Sleeps – 98

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider: Researchers have encountered a denial-of-service botnet that’s made up of more than 25,000 Internet-connected closed circuit TV devices. Scammers are spreading JavaScript malware disguised as a Facebook comment tag notification. The Threat Group 4127 that hit the Democratic National Committee also went after 1,800 other targets with info interesting to Russian government, says SecureWorks. The whitehats from Kaspersky Lab provided a free tool that allowed victims to decrypt their precious data without paying the ransom, which typically reaches $500 or more.

Large botnet of CCTV devices knock the snot out of jewelry website – Publication: Ars Techinca – Reporter name: Dan Goodin

The unnamed site was choking on an assault that delivered almost 35,000 HTTP requests per second, making it unreachable to legitimate users. When Sucuri used a network addressing and routing system known as Anycast to neutralize the attack, the assailants increased the number of HTTP requests to 50,000 per second. The DDoS attack continued for days, causing the Sucuri researchers to become curious about the origins of the attack. They soon discovered the individual devices carrying out the attack were CCTV boxes that were connected to more than 25,500 different IP addresses. The IP addresses were located in no fewer than 105 countries around the world.


Facebook comment tag malware scam targets Chrome users – Publication: SC Magazine – Reporter name: Robert Able

A user will receive a notification in their app and/or in their email about a friend tagging them in a comment and, upon clicking the link, malware is downloaded to their device, according to Hackread. Currently the malware is only targeting Chrome and one analyst on the network question and answer site Stack Exchange said the file is a typical obfuscated JavaScript malware, which targets the Windows Script Host to download the rest of the payload.


Google Accounts Of US Military, Journalists Targeted By Russian Attack Group – Publication: Dark Reading- Reporter name: Sara Peters

A Russian attack group used the Bitly URL-shortener to disguise malicious links in order to carry out spearphishing campaigns not only against the Democratic National Committee, but also against some 1,800 Google accounts of US military and government personnel and others.


New and improved CryptXXX ransomware rakes in $45,000 in 3 weeks – Publication: Ars Technica- Reporter name: Dan Goodin

Earlier this month, the developers released a new CryptXXX variant that to date still has no decryptor available. Between June 4 and June 21, according to a blog post published Monday by security firm SentinelOne, the Bitcoin address associated with the new version had received 70 bitcoins, which at current prices is valued at around $45,228. The figure doesn’t include revenue generated from previous campaigns.