Here are we with our weekly roundup, briefing this week’s top cyber security threats, incidents and challenges.
This week has been very short with big news from shutting down of two of the largest Dark Web marketplaces and theft of millions of dollars in the popular Ethereum cryptocurrency to the discovery of new Linux malware leveraging SambaCry exploit.
We are here with the outline of this week’s stories, just in case you missed any of them. We recommend you read the entire thing (just click ‘Read More’ because there’s some valuable advice in there as well).
Here’s the list of this Week’s Top Stories:
1. Feds Shuts Down AlphaBay and Hansa Dark Web Markets — Dream Market Under Suspicion
On Thursday, Europol announced that the authorities had shut down two of the largest criminal Dark Web markets — AlphaBay and Hansa — in what’s being called the largest-ever international operation against the dark web’s black market conducted by the FBI, DEA and Dutch National Police.
Interestingly, the federal authorities shut down AlphaBay, but before taking down Hansa market, they took control of the Dark Web market and kept it running for at least a month in an effort to monitor the activities of its visitors, including a massive flood of Alphabay refugees.
After the shutdown of both AlphaBay and Hansa, Dream Market has emerged as the leading player, which has been in business since 2013, but it has now been speculated by many dark web users that Dream Market is also under police control.
For detailed information — Read more.
2. New Ransomware Threatens to Send Your Internet History to All Your Friends
After WannaCry and Petya ransomware outbreaks, a new strain of ransomware has been making the rounds on the Google Play Store in bogus apps, which targets Android mobile phone users.
Dubbed LeakerLocker, instead of encrypting files on your device, this Android ransomware secretly collects personal images, messages and browsing history and then threatens to share them with your contacts if you don’t pay $50 (£38).
For more detailed information on the LeakerLocker ransomware — Read more.
3. New CIA Leaks — Smartphone Hacking and Malware Development
WikiLeaks last week published the 16th batch of its ongoing Vault 7 leak, revealing the CIA’s Highrise Project that allowed the spying agency to stealthy collect and forwards stolen data from compromised smartphones to its server through SMS messages.
This week, the whistleblowing organisation revealed about a CIA contractor — Raytheon Blackbird Technologies — who was responsible for analysing advanced malware and hacking techniques being used in the wild by cyber criminals.
For more detailed information on Highrise Project and its contractor Raytheon Blackbird Technologies — Read More.
4. Three Back-to-Back Multi-Million Dollar Ethereum Heist in 20 Days
This week, an unknown hacker stole nearly $32 Million worth of Ethereum – one of the most popular and increasingly valuable cryptocurrencies – from wallet accounts linked to at least three companies by exploiting a critical vulnerability in Parity’s Ethereum Wallet software.
This was the third Ethereum cryptocurrency heist that came out two days after an alleged hacker stole $7.4 Million worth of Ether from trading platform CoinDash and two weeks after someone hacked into South Korean cryptocurrency exchange and stole more than $1 Million in Ether and Bitcoins from user accounts.
For more detailed information about the Ethereum Heist — Read More.
5. Critical Gnome Flaw Leaves Linux PCs Vulnerable
This week has been bad for Linux users as well. A security researcher discovered a code injection vulnerability in the thumbnail handler component of GNOME Files file manager that allowed hackers to execute malicious code on targeted Linux machines.
German researcher Nils Dagsson Moskopp dubbed the vulnerability Bad Taste (CVE-2017-11421) and also released proof-of-concept (PoC) code on his blog to demonstrate the vulnerability.
For more details about the Bad Taste vulnerability and its PoC — Read More.
6. New Malware Exploits SambaCry to Hijack NAS Devices
Despite being patched in late May, the SambaCry vulnerability is currently being leveraged by a new piece of malware to target the Internet of Things (IoT) devices, particularly Network Attached Storage (NAS) appliances.
SambaCry is a 7-year-old critical remote code execution (RCE) vulnerability (CVE-2017-7494) in Samba networking software that could allow a hacker to remotely take full control of a vulnerable Linux and Unix machines.
The flaw was discovered and patched two months ago, but researchers at Trend Micro warned that the flaw had been actively exploited by the SHELLBIND malware that mostly targets NAS devices used by small and medium-size businesses.
For more detailed information on the SHELLBIND malware — Read More.
7. Devil’s Ivy — Millions of Internet-Connected Devices At Risk
This week, researchers at the IoT-focused security firm Senrio discovered a critical remotely exploitable vulnerability in an open-source software development library used by major IoT manufacturers that eventually left millions of smart devices vulnerable to hacking.
Dubbed Devil’s Ivy, the vulnerability (CVE-2017-9765) in the gSOAP toolkit (Simple Object Access Protocol) — an advanced C/C++ auto-coding tool for developing XML Web services and XML application.
The researchers also released proof-of-concept (PoC) video demonstrating the RCE on a security camera manufactured by Axis Communications.
For more detailed information on the Devil’s Ivy and PoC video — Read More.
8. “Ubuntu Linux for Windows 10 Released” — Sounds So Weird?
Downloading an entire operating system has just become as easy as downloading an application for Windows 10 users, as Microsoft last week announced the availability of popular Linux distro ‘Ubuntu’ in the Windows App Store.
While the company announced its plans to launch Fedora and SUSE Linux as well on Windows Store, the company did not reveal exactly when its users can expect to see these two flavours of Linux distro on the App Store.
For detailed information on how to install and run Ubuntu on Windows 10 — Read More.
9. Over 70,000 Memcached Servers Vulnerable to Hacking
It’s been almost eight months since the Memcached developers have patched several critical remote code execution (RCE) vulnerabilities in the software, but tens of thousands of servers running Memcached application are still vulnerable.
Cisco’s Talos intelligence and research group last year discovered three critical RCE vulnerabilities in Memcached — a moderhttp://thehackernews.com/2017/07/segway-hoverboard-hacking.htmln open-source and easily deployable distributed caching system that allows objects to be stored in memory.
The vulnerability exposed major websites including Facebook, Twitter, YouTube, Reddit, to hackers, but the team of researchers scanned the internet on two different occasions and found that over 70,000 servers are still vulnerable to the attacks, including ransomware attacks similar to the one that hit MongoDB databases in late December.
For more in-depth information on the Memcached vulnerabilities — Read More.
10. Tor Launches Bug Bounty Program for Public
After its intention to launch a public bug bounty program in late December 2015, the Tor Project has finally launched a “Bug Bounty Program,” encouraging hackers and security researchers to find and privately report bugs that could compromise the anonymity network.
The bug bounty reports will be sent through HackerOne — a startup that operates bug bounty programs for companies including Yahoo, Twitter, Slack, Dropbox, Uber, General Motors – and even the U.S. Department of Defense for Hack the Pentagon initiative.
For detailed information on bug bounty prices and types of valid vulnerabilities — Read More.
Other Important News This Week
Besides these, there were lots of incidents happened this week, including:
- Microsoft’s smart move to help take down cyber espionage campaigns conducted by “Fancy Bear” hacking group.
- A new credential stealing malware found being sold for as cheap as $7 on underground forums.
- Cisco patched a highly critical RCE vulnerability in its WebEx browser extension for Chrome and Firefox, which could allow attackers to execute malicious code on a victim’s computer remotely.
- Windows 10 now let you Reset forgotten password directly from your computer’s Lock Screen.
- Several critical vulnerabilities in Segway Ninebot miniPRO could allow hackers to remotely take “full control” over the hoverboard within range and leave riders out-of-control.
- Ashley Madison‘s parent company Ruby Corp has agreed to pay a total of $11.2 Million to roughly 37 million users whose personal details were exposed in a massive data breach two years ago.