Issue 4

Issue 4

We're up to the fourth issue of this newsletter, and I must say I'm immensely enjoying the process of curating these links. Thanks to all you newly-subscribed for joining us! If you have anything in mind that I can improve, be sure to let me know.

Happy holidays everyone!

Dieter Van der Stock

 

Methbot: a record-breaking online ad-fraud operation

"Methbot" is a private botnet used to generate between $3 million and $5 million in fraudulent ad revenue -per day-. They used more than 500.000 IP adreses and had over 6.000 domains to route traffic through. They created their own automated browser, and made it so that their 'visitors' seemed logged in to social networks, to make it look legit. In the end, their buggy self-developed HTTP library gave them away.

darkreading.com

 

Yahoo’s billion account database for sale on the black market

Yahoo's billion-account data dump has reportedly been sold to three separate parties, for $300.000 each. Two of the parties were spammers, a third seemed to lean more towards espionage.

bitdefender.com

 

Google unveils cryptographic library test suite Wycheproof

Just a few weeks after releasing OSS-Fuzz, Google now released a project which tests cryptographic software libraries against known attacks. The project comes in the form of low-level unit tests, and has uncovered 40 security bugs so far.

threatpost.com

 

Ransomware payouts ‘heading for $1bn a year’

If you weren't sure if you should take ransomware seriously yet: apparently ransomware revenue will top $1 billion in 2016. 46% of surveyed executives have had ransomware infections, and 70% have paid to get their data back. Companies are even starting to stockpile bitcoins in case they get compromised.

sophos.com

 

The No More Ransom Project

If you are ever infected by ransomware, check out this site. It's a collaboration between Kasperksy, Europol, the Dutch police, and Intel. They provide information on ransomware and when possible provide the tools to decrypt your files.

nomoreransom.org

 

How to hack Apple Mac encryption password in just 30 seconds

A hacker called Ulf Frisk demonstrated a device to steal the password from any Mac laptop and decrypt its files while it's locked or sleeping. Turning it off completely helps, or you can install the relevant update for it which was released December 13th.

thehackernews.com

 

Alice: a lightweight, compact, no-nonsense ATM malware

Fascinating breakdown of the inner workings of Alice, a lean ATM malware instance meant to empty the money out of an ATM.

trendmicro.com

 

OurMine hackers hack Marvel and Netflix Twitter accounts

Both Netflix and Marvel had their Twitter accounts hacked. The attackers used their access to advertise their services.

hackread.com

 

Freedom of Press Foundation asks Canon, Nikon, and other camera manufacturers to sell encrypted cameras

I never thought about it before, but it makes perfect sense. When seized, unencrypted cameras have the potential to put journalists and their sources at great risk.

wired.com

 

Obama confronts complexity of using a mighty cyberarsenal against Russia

Interesting article explaining the subtleties Obama faces with responding to Russia's interference with the US elections, trying to find a balance between 'teaching them a lesson' and causing an all-out cyberwar. Or revealing too many of the capabilities they have in place inside Russian systems.

nytimes.com

 

This is how hackers hack you using simple social engineering

A great little video where a journalist's cellphone account is hacked in two minutes, thanks to great social engineering and the sound of a crying baby in the background.

youtube.com