- “SOHO-Farming”: Hackers have compromised 300.000 SOHO routers and changed DNS settings to redirect to the attacker site. Team Cymru has published a report about recent Pharming attacks (PDF) targeting Small office and Home office (SOHO) routers.
- WordPress DDoS: securi.net reported that more than 162.000 WordPress sites have been used for a DDoS Attack using the pingback feature. Here you can check, if your WordPress domain participated in the DDoS. Meanwhile Brian Krebs described different ways how to disable the pingback functionality.
- We don’t know who Justin Bieber is. But his official twitter account which has more than 50 million followers has been hijacked by attackers to spread spam links from the account. Subsequently more than 13.000 users have favorited the tweets and over 7.000 users have re-tweeted them…
- NSA Today: Recently published NSA slides explain some more projects. For example the Tailored Access Operations (TAO) hacking unit run a system called TURBINE, which can spam out millions of pieces of sophisticated malware at a time. HAMMERCHANT and HAMMERSTEIN is malware designed to sit on routers and grab encryption keys to decrypt supposedly secure VPN connections in real time. QUANTUMCOPPER automatically corrupts any data downloaded by a user. In the meantime, Facebook founder and CEO Mark Zuckerberg said he had called President Obama to voice his concerns about government surveillance.
- CrowdResponse is a new, free incident response toolkit designed to help enterprises collect the data they need to analyze sophisticated attacks.
- Dendroid: Symantec researchers have come to know another android malware toolkit called “Dendroid” which is being sold in the underground forums. And an example already made its way into Google’s official app store.
IT-Security-Links #51
SWITCH Security-Blog 