Bkav’s router vulnerabilityVietnamese security company Bkav has reported that up to 5.6 million routers around the world are easily exploitable via long disclosed but still unpatched vulnerabilities. Bkav have named the issue ‘Pet Hole’, invoking the idea of an easily accessible animal flap on an otherwise locked door.The specifics of these vulnerabilities were not disclosed, but the majority of routers tested for flaws were produced in China, while the 5 countries with the highest number of vulnerable routers were India, Indonesia, Mexico, Vietnam and Egypt. Most G8 countries have only a low number of such routers.More information here [1].BadBlock decrypter releasedA decrypter has been released for BadBlock – an especially badly coded ransomware that doesn’t differentiate between essential and non-essential file paths. Users who turn off their machines after infection will be unable to restart them because BadBlock encrypts Windows executables in addition to \Documents, \Pictures etc. The ransomware also takes a leaf out of Jigsaw’s book in terms of inciting users to pay up by displaying a tally of files as they are encrypted (though no deletion takes place). The ransom payment is a rather high 2 BTC.Decrypter here [2].GhostShell leaks 39 million accountsHacker Ghostshell has stolen and leaked the details of nearly 39 million accounts by accessing databases on 110 servers he found using port-scanning tools. According to his pastebin post, GhostShell undertook Project Vori Dazel in order to expose the lax security of MongoDB databases with open ports and poor authentication processes.More information here [3].CryptXXX evolvesProofpoint have reported that CryptXXX has been upgraded once again, rendering decryption tools ineffective.Version 3.1 of the ransomware will scan port 445 for shared drives, enumerate files and encrypt them, potentially resulting in significant downtime regardless of whether a decrypter is available. CryptXXX also now includes a credential stealing module (referred to as StillerX by Proofpoint) with a target list that includes browsers, email, VPN, FTP/IM and poker software.More information here [4]. Data breach at CiCi’sKrebs has reported on a credit card data breach at CiCi’s Pizza – Texas-based fast food chain with over 500 stores across the United states.While an investigation is still ongoing, it appears that the gang who stole the data posed as technical support specialists for the company’s POS vendor, and may have pulled off the same trick with several other businesses. CiCi’s actual POS provider, Datapoint POS, have claimed that their systems are secure and the breach was a result of social engineering and/or the use of remote support tools like TeamViewer with compromised credentials.More information here [5].FastPOS malwareTrendMicro has discovered a new point-of-sale malware family known as FastPOS.The malware includes a keylogger and RAM scraper. The former sends information typed in any window to a C2 server as soon as users hit the enter key, while the latter will harvest card details and send them - unencrypted and as soon as they are collected - to the command and control server. The fast but detectable extraction method of FastPOS suggests that the malware is not intended to exploit large corporate infrastructure where it may be spotted and removed.Countries affected by FastPOS within the last 5 months are: Taiwan, Japan, Hong Kong, Brazil, France and the United States. Researchers discovered that the malware is available for sale on a forum selling stolen card details. Given that the C2 server for FastPOS is registered to the same IP as the forum in question, it seems likely that the owners are using the malware to provide a constant stream of product to purchasers.More information here [6].Cryptolocker hits 10,000Over 10,000 Australians have been hit with Cryptolocker after receiving an email purporting to come from energy company AGL. Emails told recipients that they have exceeded their energy consumption and should download their bill from a (fake) website. The ransomware was contained in .zip which executed upon extraction.SA mining company leakMembers of Anonymous have dumped part of a database owned by South African mining company Wesizwe as part of the #OpAfrica campaign. The leak contains names, email addresses and hashed passwords of 122 individuals.Braintree theft on MagentoResearchers from Sucuri have spotted malicious actors exploiting the Braintree extension on Magento sites to steal card details. Braintree Payments allows Magento store owners to accept credit card transactions via a Braintree account. Thieves who manage to gain access to Magento sites have used malicious code to send card data entered into the checkout form to their own site.More information here [7].Zuckerberg’s twitter hackedMark Zuckerberg’s Twitter and Pinterest accounts were briefly hacked by OurMine Team on the 5th. According to the messages the group left on his accounts, Zuckerberg’s password, “dadada” was found in the LinkedIn database dump, which was made available in May.Cyber DictionaryT is for TrojanT is for Trojan – and just like the horse,It enters your tower, deceptive in force,And opens the door (the one at the back),So malicious actors can make an attack. A trojan horse is malicious software that (usually) disguises itself in order to gain access to systems. Often spread by social engineering, trojans can be used to backdoor systems, giving actors the ability to access systems as they please, or use deposit other, more harmful malware at a later date.Trojans have historically been used by governments (Bundestrojaner), private companies (FinFisher) and various hacker groups (Tiny Banker).The Silobreaker TeamDisclaimer: Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.
[1] http://pethole.net/default.aspx
[2] http://www.bleepingcomputer.com/news/security/badblock-encrypts-system-files-decryptor-released-by-emsisoft/
[3] http://pastebin.com/aNmdgGg4
[4] https://www.proofpoint.com/us/threat-insight/post/cryptxxx-ransomware-learns-samba-other-new-tricks-with-version3100
[5] http://krebsonsecurity.com/2016/06/banks-credit-card-breach-at-cicis-pizza/#more-35047
[6] http://documents.trendmicro.com/assets/fastPOS-quick-and-easy-credit-card-theft.pdf
[7] https://blog.sucuri.net/2016/06/magento-credit-card-stealer-braintree-extension.html