Tag Archives: wikileaks

10Fold- Security Never Sleeps- 161

Guardian Soulmates dating website suffers data breach

“Users receive unsavory emails”

Many usernames and e-mail addresses have been exposed by a data breach. Guradian News and Media (GNM), which has run the dating service since the early 2000’s, claims the sensitive security information was exposed by a third party service provider.

Evidence suggests Russia behind hack of French president-elect

“Nine Gigabytes of data allegedly stolen”

As the presidential candidates in the french election entered a press blackout May 5, Emmanuel Macron’s campaign internet archives were breached. The hackers posted the data stolen on the web, and were widely distributed via 4Chan and Wikileaks. The ‘forensic metadata’ suggests that the attacks were consistent with Russian contractor breaches. Evidence also exists that the hacker may have falsified or edited many of the documents released.

FCC hit with DDoS attacks after John Oliver takes on net neutrality

“Website slows to a crawl”

The United States Federal Communication’s Commision website nearly came to a halt after famous comedian John Oliver suggested to his viewers that they should flood the website in attempts to support net neutrality. FCC CIO David Bray claims that the FCC site was subsequently hit with several DDoS attacks at about midnight Eastern Time, causing major disturbances and limited access.

 

10Fold- Security Never Sleeps- 153

WikiLeaks posts CIA documents on ways to install malware

“Details CIA procedures to install malicious programs”

WikiLeaks took to the internet again on Friday to publish a new array of classified documents from the CIA. The new leak has outlined the Grasshopper framework, a malware installation system that provides weaponized code onto a computer without the security systems blocking it.

Sathurbot Malware Spreads via Torrent Files, Attacks WordPress Sites

“Attempts at remote takeover of sites”

ESET security researchers have revelaed a new malware strain dubbed ‘Sathurbot,’ which uses malicious torrent files ro spread to new vitims. It proceeds to carry out coordinated WordPress attacks, with the intention of the eventual commandeering of the site. The common outcome is a host for malware download centers or SEO spam filters.

McAfee: Trend indicates 2017 will be bumper year for new malware

“Current trends bolster expectations”

McAfee labs has shown that new malware is being pumped out at incredible rates, and if the past two years are any indication this won’t end any time soon. Malware innovation to a net hit last year, with a nine-month lull in identified new strains, but this dip seems to have tapered off with new creators releasing several new strains over the last few months.

 

10Fold- Security Never Sleeps- 146

WikiLeaks releases ‘entire hacking capacity of the CIA’

“Over 8,000 pages disclosed”

WikiLeaks has released what is being called the entire hacking capacity of the CIA in a large data dump on Tuesday. Within the 8,761 documents included in ‘Vault 7’ were acquired from a ‘high-security’ CIA network from the Center of Cyber Intelligence in Virginia. The group of data had been “circulated among former U.S. government hackers and contractors,” and was released to WikiLeaks by one of these contractors.

StoneDrill wiper malware finds new targets

“European and Middle Eastern hard drives affected”

Wiper malware has made a huge come back from it’s 2012 debut, attacking several targets in multiple continents. Security experts worry over the maware’s past, citing the Shamoon attack against Saudi Aramco which resulted in the loss of 30,000 workstations and their data. “Dark Seoul Gang” have more recently used the software to attack South Korean bank hard drives and facilities maintaining broadcasting and financial services.

macOS RAT Uses 0-Day for Root Access

“Unpatched zero-day vulnerability used to gain remote access to devices”

Currently being advertised in one of the leading underground markets, the RAT Proton was found on a cloned Russian cybercrime message board. Sixgill researchers report that it is being offered for two bitcoins, or roughly $2,500 for single installations, a cause for concern among those that use MacOS products.

Why email is safer in Office 365 than on your Exchange server

“Running your own servers doesn’t do much for security it seems”

Bypassing the complicated management and monitoring of private servers isn’t the only plus to a cloud service application. The sheer scale of cloud-based mail providers, such as Office 365, have the capabilities to prevent advanced malware and phishing attempts making them easier to spot, along with other protections.

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 103

Hack Claims from Guccifer 2.0 Denounced by Clinton Foundation

“Widely believed to be political in motivation”

Guccifer 2.0, the hacker who claims responsibility for the Democratic National Committee leaks that aimed to expose corruption within its ranks, claims to have breached the servers of the Clinton Foundation and attained documents that could be damaging to Hillary Clinton’s presidential campaign, despite denial from the Clinton Foundation itself. The hacker posted screenshots of spreadsheets online, claiming that they were documents from the institution and that: ‘… her staff don’t even bother about the information security.”

The political motivations of the cyber-attack remain obvious, as the hacker made clear favorable reference to Julian Assange, founder of WikiLeaks and outspoken opponent of Hillary Clinton.

Report Claims that Email Provider Yahoo Assisted in Spying on U.S. Citizens

“Raises questions of why Yahoo did not fight the order”

A program developed by Yahoo Inc. last year reportedly allows the U.S. Federal government to search through email databases for certain phrases. Anonymous former employees narrowed government agencies involved to either or both the National Security Agency or the Federal Bureau of Intelligence.

The news is surprising, given the typical resistance to government mandates to enter customer accounts that tech firms generally uphold. However, Yahoo not only complied with the order, but dedicated its own resources and staff to assist with the operation.

TalkTalk fined £400K for mistakes that led to 2015 hack

“Actions first taken to clear its reputation of highly hacked service”

After the personal data theft of over 155,000 customers Telecom firm TalkTalk has been fined £400,000 for its security vulnerabilities in 2015. Well over 15,000 of those affected had bank information stolen and suffered serious ramifications for what Information Commissioner Elizabeth Dunham reported that even the most basic of security measures failed to be acted upon and “…(the company) could have done more to safeguard its customer information.”

Malware Infested-Ads Plaguing Spotify

“Free version of service seems to open malicious sites”

Malware seems to have worked its way into the Spotify servers and is continuously serving itself to the users who use the Spotify free product to stream music. The ads have been reported to open infected sites, causing potential harm to those that travel to them.