Monthly Archives: October 2016

NVD

CVE-2016-2848 (bind)

ISC BIND 9.1.0 through 9.8.4-P2 and 9.9.0 through 9.9.2-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via malformed options data in an OPT resource record.

Hackers News

Dirty COW — Critical Linux Kernel Flaw Being Exploited in the Wild

A nine-year-old critical vulnerability has been discovered in virtually all versions of the Linux operating system and is actively being exploited in the wild.

Dubbed “Dirty COW,” the Linux kernel security flaw (CVE-2016-5195) is a mere privilege-escalation vulnerability, but researchers are taking it extremely seriously due to many reasons.

First, it’s very easy to develop exploits that

Apache

www.httpd.apache.org

Hi,

The version of your website and SEO-Algorithm is outdated and affecting  
your outcome on prominent search-engines.

We can make the necessary changes to improve your rankings in the organic  
search result and drive more quality visitors to your website.

Would you be open to seeing briefer info/quote for what I would like to  
accomplish, with no-obligation?

Best regards,

LEAH CAMPBELL | BRANCH MANAGER



Webex
E-NETWORKS LLC


GOOGLE PARTNER

Headquarters: 137 Devonshire St, Surry Hills NSW 2010
Other Offices: Hong Kong & China | USA | New Zealand | UAE | Singapore
Hackers News

Ex-NSA Contractor Stole 50 TB of Classified Data; Includes Top-Secret Hacking Tools

Almost two months ago, the FBI quietly arrested NSA contractor Harold Thomas Martin III for stealing an enormous number of top secret documents from the intelligence agency.

Now, according to a court document filed Thursday, the FBI seized at least 50 terabytes of data from 51-year-old Martin that he siphoned from government computers over two decades.

The stolen data that are at least 500

Panda Security

Point of Sale attacks through Terminal Server

img-tpvs

Some months ago we published a technical analysis of Multigrain, a Point of Sale Trojan that uses DNS petitions in order to exfiltrate stolen information. We also wrote about one case where this PoS malware was used to infect hundreds of restaurants in the United States.

At the end of September we have seen again activity, with new attacks infecting PoS with new Multigrain variants. However, unlike this previous attack that was targeting the same kind of victims in a region (restaurants in the US) now it looks like cybercriminals are trying to find new fields where they can maximize their profit. We have seen 2 waves of attacks which victims were companies from a number of countries:

  • Argentina
  • Belgium
  • Brazil
  • Chile
  • France
  • Germany
  • India
  • Ireland
  • Norway
  • Spain
  • Sweden
  • Thailand
  • UK
  • USA

They were from different industries, including the typical restaurants and hotels, but also others not that common in these attacks: Telecommunications, Business IT Services, Engineering, Cargo Insurance, Medical Services, Logistics, Accountants, Medical Services, Unions, Engineering and Industrial Machinery Suppliers.

Why the disparity in victim profiles? It looks like the attackers were not looking for these specific industries. All attacks have been perpetrated through Terminal Server, similar to what we have seen in other cases, using brute-force attacks until they can break into the computers and infect them with Multigrain. These are automated attacks, where cybercriminals start scanning the Internet looking for potential victims, and once located they launch the attack until they gain access.

Tips to prevent attacks in companies

In order to minimize the risk, companies must remember that these services, when possible, are better out of the Internet. In case there is a need for them to be in the open, be sure to use strong credentials (with a strong enough password you can basically avoid brute-force attacks), to use 2FA when possible, use non-standard ports and of course monitor all incoming connections from the outside.

 

The post Point of Sale attacks through Terminal Server appeared first on Panda Security Mediacenter.