We're up to the fourth issue of this newsletter, and I must say I'm immensely enjoying the process of curating these links. Thanks to all you newly-subscribed for joining us! If you have anything in mind that I can improve, be sure to let me know.
Happy holidays everyone!
Dieter Van der Stock
"Methbot" is a private botnet used to generate between $3 million and $5 million in fraudulent ad revenue -per day-. They used more than 500.000 IP adreses and had over 6.000 domains to route traffic through. They created their own automated browser, and made it so that their 'visitors' seemed logged in to social networks, to make it look legit. In the end, their buggy self-developed HTTP library gave them away.
Yahoo's billion-account data dump has reportedly been sold to three separate parties, for $300.000 each. Two of the parties were spammers, a third seemed to lean more towards espionage.
Just a few weeks after releasing OSS-Fuzz, Google now released a project which tests cryptographic software libraries against known attacks. The project comes in the form of low-level unit tests, and has uncovered 40 security bugs so far.
If you weren't sure if you should take ransomware seriously yet: apparently ransomware revenue will top $1 billion in 2016. 46% of surveyed executives have had ransomware infections, and 70% have paid to get their data back. Companies are even starting to stockpile bitcoins in case they get compromised.
If you are ever infected by ransomware, check out this site. It's a collaboration between Kasperksy, Europol, the Dutch police, and Intel. They provide information on ransomware and when possible provide the tools to decrypt your files.
A hacker called Ulf Frisk demonstrated a device to steal the password from any Mac laptop and decrypt its files while it's locked or sleeping. Turning it off completely helps, or you can install the relevant update for it which was released December 13th.
Fascinating breakdown of the inner workings of Alice, a lean ATM malware instance meant to empty the money out of an ATM.
Both Netflix and Marvel had their Twitter accounts hacked. The attackers used their access to advertise their services.
Freedom of Press Foundation asks Canon, Nikon, and other camera manufacturers to sell encrypted cameras
I never thought about it before, but it makes perfect sense. When seized, unencrypted cameras have the potential to put journalists and their sources at great risk.
Interesting article explaining the subtleties Obama faces with responding to Russia's interference with the US elections, trying to find a balance between 'teaching them a lesson' and causing an all-out cyberwar. Or revealing too many of the capabilities they have in place inside Russian systems.
A great little video where a journalist's cellphone account is hacked in two minutes, thanks to great social engineering and the sound of a crying baby in the background.