Github Website Is Hit by the Biggest DDoS Attack (1.35 Tbs)
The largest DDoS attack seen to date, occurred on Wednesday, the 28th of Feb, 2018 which was about double the magnitude of the September 2016 attack according to. Akamai, a cloud computing company who helped Github survive the attack.
The distributed denial of service (DDoS) attack peaked at record 1.35 Tbps targeting GitHub’s code hosting website. Surprisingly there was no botnet network used in the attack, the attackers magnified the DDoS attack.by employing misconfigured Memcached servers instead.
The attack sends a forged request to the Memcrashed server to be attacked, on its port 11211 with a spoofed IP address that is just like the victim’s IP. When a few bytes of these request are sent to the defenseless server, it triggers a response against the target IP address and will be is ten thousand times bigger that the request sent by the attackers. The attack was initiated from thousand different ANSs across several endpoints. It had peaked at 1.35Tbps via 126.9 million packets per second.
It is advised that admins review their firewall, block or rate-limit UDP on source port 11211 or just disable it if possible to avoid the Memcached servers from being used as reflectors in the DDoS attack.
Credits: The Hacker News
RedDrop: The Malware that has Ears
An Android malware called RedDrop is able to record nearby audio and send it to a remote cloud storage account on Google Drive or Drop box along with many other malicious actions on the victim’s device.
The main intention of the Reddrop malware’s developer is to silently subscribe the users to premium SMS numbers through which they gained profit. The malware was first discovered in UK on many phones of corporate employees. In spite of having a remarkable collection of features that indicated it to be a spyware, it was not included in the cyber-espionage operation.
RedDrop’s primary means of distributions is the search engines. It has been prevalent in China the most as they do not have an official Google play store in the country; users find apps from the search engines. RedDrop’s subscribes the users to a premium SMS services and deletes any incoming confirmation texts that may alert the user. Further, it robs the user data on the phone like his contacts, photos and files. It even records nearby audio and sends these files to remote Dropbox and Google Drive accounts.
This data can be user to blackmail the victim for money later on .Therefore, if you want to keep away from such apps ensure your device settings does not allow any third-party app installations, avoid rooting your device and read the app permissions well before installing any new app.
Credits: BLEEPINGCOMPUTER
FS-ISAC Reports Phishing Attack
The global financial industry’s’, primary resource for cyber and physical threat intelligence analysis and sharing FS-ISAC (Financial Services Information Sharing and Analysis Center) reported a phishing attack on its members on Feb 28 2018.
The miscreants executed a successful phishing attack on one of the FS-ISAC employee. This in turn gave the attacker, the employee’s login credentials. These credentials were used to send out phishing emails to several employee ID’s from that account. The email included a PDF attachment which contained a link to some credential harvesting website. Fortunately the FS-ISAC IT security members discovered the suspicious activity and did the needful to limit and containing the attack.
FS-ISAC was in the process of implementing a multi-factor authentication (MFA) solution across all its assets but unfortunately the targeted asset was not yet set up for MFA. The company has now quickened the process after the incident. However, this could be a treated as a cautionary incident that shows that anyone is vulnerable to a phishing attack. Most of these attacks misuse the trust created between a sender and recipient.
Credits: KrebsOnSecurity
Bitcoin Cash Accepted as Ransom: Thanatos Ransomware
A Ransomware that gives you an option to pay in Bitcoin Cash to decrypt you files. The Thanatos ransomware uses a new key to encrypt each of the victims file. According to researchers the real issue is that the key used to encrypt is not saved anywhere. The ransomeware software is released with a whole lot of bugs that its creators have no method to recover the infected files. Therefore the victims have no guarantee they would get their files back if they paid the ransom. It is advised that the victim rather does not pay the ransom for any reason as it’s just a trap.
Fortunately, according to the researcher Muroni it could be possible to brute force the encryption key for each file. This might be a time consuming process and could be applied only to common files with a known magic header.
Bitcoin Cash is the new cryptocurrency derived off Bitcoin when Bitcoin hit block 478,558. When Bitcoin Cash was first introduced, all the Bitcoin holders were then given Bitcoin cash equal to the amount of Bitcoins they had. Nevertheless, Thanatos has become the first ransomeware to accept Bitcoin Cash as ransom other than Etherum.
Credits: BLEEPINGCOMPUTER
Facebook Bug: Do You Know How to Find the Admin of a Facebook Page?
Generally you will be able to see who the admin of a page on Facebook is only if the admin has chosen to reveal their identity. Now here is something that you dint know, recently an Egyptian security researcher Mohamed A Baset came across vulnerability on Facebook. It was something that could help you find the name and few other details of the Facebook admin just a click away.
Baset discovered this bug without any kind of testing, or any other f time-consuming processes. It was a logical error as he calls it that he stumbled upon when he received an invite from a Facebook page on which he had like a post before. The feature in Facebook where an email is sent as a reminder to non-friends of the page to like the page contained the admin name, admin ID and other details in its source.
Baset reported the bug through Facebook’s Bugcrowd bug bounty program and was awarded $2,500.Although the bug is now patched the members who have already received such an email would still be able to see the admin details .They have to simply click the “show original” drop-down menu option in email and check its source code.
Credits: The Hacker News