- McAfee Labs reports that a new ransomware called CryptoWall uses Tor for communication and demands Bitcoin from the user in exchange for the private key to decrypt the files. “The use of Tor and Bitcoin in this operation make tracing the attackers more difficult” writes McAfee.
- Firefox version 31 is improving malware detection. Firefox has long been using Google’s Safe Browsing service to check for malicious web sites, now it also checks downloaded files.
- Isreal’s Homeland Security writes that anonymous hackers have launched DDoS attacks against network infrastructure from Israel. The attacks also affected DNS name resolution on domain names ending in .co.il.
- The Register writes that Security outlet VUPEN has revealed it held onto a critical Internet Explorer vulnerability for three years before disclosing it at the March Pwn2Own hacker competition. VUPEN makes money by selling exploits to its customers.
- The Moscow Times writes that Russia’s Interior Ministry has put out a tender on its official government procurement website for anyone who can identify Tor users. On a related note, the Tor team issued a security advisory this week, warning operators of hidden services about attacks to deanonymizing users. And if that’s not enough Tor news for this week, according to the Tor project’s latest annual financial statements (PDF), the US government increased its funding to 1.8 million US dollars in 2013!
German:
- Heise.de meldet, dass am IETF 90 Meeting in Toronto von vergangener Woche, die Nutzung von DANE zur Authentifizierung von OpenPGP-Schlüssel diskutiert wurde und liefert dazu eine gute Zusammenfassung der anderen diskutierten Themen der DANE working group.
SWITCH Security-Blog 