Here nosotros are amongst our weekly roundup, briefing this week's top cyber safety threats, incidents as well as challenges.
This calendar week has been rattling curt amongst large intelligence from shutting downwards of 2 of the largest Dark Web marketplaces as well as theft of millions of dollars inwards the pop Ethereum cryptocurrency to the regain of novel Linux malware leveraging SambaCry exploit.
We are hither amongst the outline of this week's stories, only inwards illustration you lot missed whatever of them. We recommend you lot read the entire matter (just click 'Read More' because there's around valuable advice inwards at that spot equally well).
Here's the listing of this Week's Top Stories:
On Thursday, Europol announced that the government had close downwards 2 of the largest criminal Dark Web markets — AlphaBay as well as Hansa — inwards what's beingness called the largest-ever international performance against the night web's dark marketplace conducted past times the FBI, DEA as well as Dutch National Police.
Interestingly, the federal government shut downwards AlphaBay, but earlier taking downwards Hansa market, they took command of the Dark Web marketplace as well as kept it running for at to the lowest degree a calendar month inwards an endeavor to monitor the activities of its visitors, including a massive overflowing of Alphabay refugees.
After the shutdown of both AlphaBay as well as Hansa, Dream Market has emerged equally the leading player, which has been inwards draw of piece of job concern since 2013, but it has at nowadays been speculated past times many night spider web users that Dream Market is also nether constabulary control.
For detailed information — Read more.
After WannaCry as well as Petya ransomware outbreaks, a novel strain of ransomware has been making the rounds on the Google Play Store inwards bogus apps, which targets Android energy cell users.
Dubbed LeakerLocker, instead of encrypting files on your device, this Android ransomware secretly collects personal images, messages as well as browsing history as well as and thus threatens to portion them amongst your contacts if you lot don't pay $50 (£38).
For to a greater extent than detailed information on the LeakerLocker ransomware — Read more.
This week, the whistleblowing arrangement revealed almost a CIA contractor — Raytheon Blackbird Technologies — who was responsible for analysing advanced malware as well as hacking techniques beingness used inwards the wild past times cyber criminals.
For to a greater extent than detailed information on Highrise Project as well as its contractor Raytheon Blackbird Technologies — Read More.
This week, an unknown hacker stole nearly $32 Million worth of Ethereum – i of the most pop as well as increasingly valuable cryptocurrencies – from wallet accounts linked to at to the lowest degree 3 companies past times exploiting a critical vulnerability inwards Parity's Ethereum Wallet software.
This was the 3rd Ethereum cryptocurrency heist that came out 2 days afterwards an alleged hacker stole $7.4 Million worth of Ether from trading platform CoinDash as well as 2 weeks afterwards someone hacked into South Korean cryptocurrency telephone substitution as well as stole to a greater extent than than $1 Million inwards Ether as well as Bitcoins from user accounts.
For to a greater extent than detailed information almost the Ethereum Heist — Read More.
This calendar week has been bad for Linux users equally well. H5N1 safety researcher discovered a code injection vulnerability inwards the thumbnail handler constituent of GNOME Files file managing director that allowed hackers to execute malicious code on targeted Linux machines.
High German researcher Nils Dagsson Moskopp dubbed the vulnerability Bad Taste (CVE-2017-11421) as well as also released proof-of-concept (PoC) code on his weblog to demonstrate the vulnerability.
For to a greater extent than details almost the Bad Taste vulnerability as well as its PoC — Read More.
SambaCry is a 7-year-old critical remote code execution (RCE) vulnerability (CVE-2017-7494) inwards Samba networking software that could allow a hacker to remotely receive got amount control of a vulnerable Linux as well as Unix machines.
The flaw was discovered as well as patched 2 months ago, but researchers at Trend Micro warned that the flaw had been actively exploited past times the SHELLBIND malware that to a greater extent than ofttimes than non targets NAS devices used past times pocket-sized as well as medium-size businesses.
For to a greater extent than detailed information on the SHELLBIND malware — Read More.
This week, researchers at the IoT-focused safety draw of piece of job solid Senrio discovered a critical remotely exploitable vulnerability inwards an open-source software evolution library used past times major IoT manufacturers that eventually left millions of smart devices vulnerable to hacking.
Dubbed Devil's Ivy, the vulnerability (CVE-2017-9765) inwards the gSOAP toolkit (Simple Object Access Protocol) — an advanced C/C++ auto-coding tool for developing XML Web services as well as XML application.
The researchers also released proof-of-concept (PoC) video demonstrating the RCE on a safety photographic television camera manufactured past times Axis Communications.
For to a greater extent than detailed information on the Devil's Ivy as well as PoC video — Read More.
Downloading an entire operating scheme has only buy the farm equally tardily equally downloading an application for Windows 10 users, equally Microsoft in conclusion calendar week announced the availability of pop Linux distro 'Ubuntu' inwards the Windows App Store.
While the companionship announced its plans to launch Fedora as well as SUSE Linux equally good on Windows Store, the companionship did non divulge precisely when its users tin forcefulness out expression to run across these 2 flavours of Linux distro on the App Store.
For detailed information on how to install as well as run Ubuntu on Windows 10 — Read More.
Cisco's Talos intelligence as well as query grouping in conclusion twelvemonth discovered 3 critical RCE vulnerabilities inwards Memcached — a moderhttps://warthunderhacking.blogspot.com//search?q=alphabay-hansa-darkweb-markets-seizedn open-source as well as easily deployable distributed caching scheme that allows objects to hold upward stored inwards memory.
The vulnerability exposed major websites including Facebook, Twitter, YouTube, Reddit, to hackers, but the squad of researchers scanned the meshwork on 2 dissimilar occasions as well as flora that over 70,000 servers are yet vulnerable to the attacks, including ransomware attacks like to the i that hit MongoDB databases inwards belatedly December.
For to a greater extent than in-depth information on the Memcached vulnerabilities — Read More.
After its intention to launch a world põrnikas bounty computer program inwards belatedly Dec 2015, the Tor Project has finally launched a "Bug Bounty Program," encouraging hackers as well as safety researchers to honor as well as privately written report bugs that could compromise the anonymity network.
The põrnikas bounty reports volition hold upward sent through HackerOne — a startup that operates põrnikas bounty programs for companies including Yahoo, Twitter, Slack, Dropbox, Uber, General Motors – as well as fifty-fifty the U.S. Department of Defense for Hack the Pentagon initiative.
For detailed information on põrnikas bounty prices as well as types of valid vulnerabilities — Read More.
Besides these, at that spot were lots of incidents happened this week, including:
This calendar week has been rattling curt amongst large intelligence from shutting downwards of 2 of the largest Dark Web marketplaces as well as theft of millions of dollars inwards the pop Ethereum cryptocurrency to the regain of novel Linux malware leveraging SambaCry exploit.
We are hither amongst the outline of this week's stories, only inwards illustration you lot missed whatever of them. We recommend you lot read the entire matter (just click 'Read More' because there's around valuable advice inwards at that spot equally well).
Here's the listing of this Week's Top Stories:
1. Feds Shuts Down AlphaBay as well as Hansa Dark Web Markets — Dream Market Under Suspicion
On Thursday, Europol announced that the government had close downwards 2 of the largest criminal Dark Web markets — AlphaBay as well as Hansa — inwards what's beingness called the largest-ever international performance against the night web's dark marketplace conducted past times the FBI, DEA as well as Dutch National Police.
Interestingly, the federal government shut downwards AlphaBay, but earlier taking downwards Hansa market, they took command of the Dark Web marketplace as well as kept it running for at to the lowest degree a calendar month inwards an endeavor to monitor the activities of its visitors, including a massive overflowing of Alphabay refugees.
After the shutdown of both AlphaBay as well as Hansa, Dream Market has emerged equally the leading player, which has been inwards draw of piece of job concern since 2013, but it has at nowadays been speculated past times many night spider web users that Dream Market is also nether constabulary control.
For detailed information — Read more.
2. New Ransomware Threatens to Send Your Internet History to All Your Friends
After WannaCry as well as Petya ransomware outbreaks, a novel strain of ransomware has been making the rounds on the Google Play Store inwards bogus apps, which targets Android energy cell users.
Dubbed LeakerLocker, instead of encrypting files on your device, this Android ransomware secretly collects personal images, messages as well as browsing history as well as and thus threatens to portion them amongst your contacts if you lot don't pay $50 (£38).
For to a greater extent than detailed information on the LeakerLocker ransomware — Read more.
3. New CIA Leaks — Smartphone Hacking as well as Malware Development
WikiLeaks in conclusion calendar week published the 16th batch of its ongoing Vault seven leak, revealing the CIA's Highrise Project that allowed the spying means to stealthy collect as well as forwards stolen information from compromised smartphones to its server through SMS messages.This week, the whistleblowing arrangement revealed almost a CIA contractor — Raytheon Blackbird Technologies — who was responsible for analysing advanced malware as well as hacking techniques beingness used inwards the wild past times cyber criminals.
For to a greater extent than detailed information on Highrise Project as well as its contractor Raytheon Blackbird Technologies — Read More.
4. Three Back-to-Back Multi-Million Dollar Ethereum Heist inwards xx Days
This week, an unknown hacker stole nearly $32 Million worth of Ethereum – i of the most pop as well as increasingly valuable cryptocurrencies – from wallet accounts linked to at to the lowest degree 3 companies past times exploiting a critical vulnerability inwards Parity's Ethereum Wallet software.
This was the 3rd Ethereum cryptocurrency heist that came out 2 days afterwards an alleged hacker stole $7.4 Million worth of Ether from trading platform CoinDash as well as 2 weeks afterwards someone hacked into South Korean cryptocurrency telephone substitution as well as stole to a greater extent than than $1 Million inwards Ether as well as Bitcoins from user accounts.
For to a greater extent than detailed information almost the Ethereum Heist — Read More.
5. Critical Gnome Flaw Leaves Linux PCs Vulnerable
This calendar week has been bad for Linux users equally well. H5N1 safety researcher discovered a code injection vulnerability inwards the thumbnail handler constituent of GNOME Files file managing director that allowed hackers to execute malicious code on targeted Linux machines.
High German researcher Nils Dagsson Moskopp dubbed the vulnerability Bad Taste (CVE-2017-11421) as well as also released proof-of-concept (PoC) code on his weblog to demonstrate the vulnerability.
For to a greater extent than details almost the Bad Taste vulnerability as well as its PoC — Read More.
6. New Malware Exploits SambaCry to Hijack NAS Devices
Despite beingness patched inwards belatedly May, the SambaCry vulnerability is currently beingness leveraged past times a novel slice of malware to target the Internet of Things (IoT) devices, peculiarly Network Attached Storage (NAS) appliances.SambaCry is a 7-year-old critical remote code execution (RCE) vulnerability (CVE-2017-7494) inwards Samba networking software that could allow a hacker to remotely receive got amount control of a vulnerable Linux as well as Unix machines.
The flaw was discovered as well as patched 2 months ago, but researchers at Trend Micro warned that the flaw had been actively exploited past times the SHELLBIND malware that to a greater extent than ofttimes than non targets NAS devices used past times pocket-sized as well as medium-size businesses.
For to a greater extent than detailed information on the SHELLBIND malware — Read More.
7. Devil's Ivy — Millions of Internet-Connected Devices At Risk
This week, researchers at the IoT-focused safety draw of piece of job solid Senrio discovered a critical remotely exploitable vulnerability inwards an open-source software evolution library used past times major IoT manufacturers that eventually left millions of smart devices vulnerable to hacking.
Dubbed Devil's Ivy, the vulnerability (CVE-2017-9765) inwards the gSOAP toolkit (Simple Object Access Protocol) — an advanced C/C++ auto-coding tool for developing XML Web services as well as XML application.
The researchers also released proof-of-concept (PoC) video demonstrating the RCE on a safety photographic television camera manufactured past times Axis Communications.
For to a greater extent than detailed information on the Devil's Ivy as well as PoC video — Read More.
8. “Ubuntu Linux for Windows 10 Released” — Sounds So Weird?
Downloading an entire operating scheme has only buy the farm equally tardily equally downloading an application for Windows 10 users, equally Microsoft in conclusion calendar week announced the availability of pop Linux distro 'Ubuntu' inwards the Windows App Store.
While the companionship announced its plans to launch Fedora as well as SUSE Linux equally good on Windows Store, the companionship did non divulge precisely when its users tin forcefulness out expression to run across these 2 flavours of Linux distro on the App Store.
For detailed information on how to install as well as run Ubuntu on Windows 10 — Read More.
9. Over 70,000 Memcached Servers Vulnerable to Hacking
It's been almost 8 months since the Memcached developers receive got patched several critical remote code execution (RCE) vulnerabilities inwards the software, but tens of thousands of servers running Memcached application are yet vulnerable.Cisco's Talos intelligence as well as query grouping in conclusion twelvemonth discovered 3 critical RCE vulnerabilities inwards Memcached — a moderhttps://warthunderhacking.blogspot.com//search?q=alphabay-hansa-darkweb-markets-seizedn open-source as well as easily deployable distributed caching scheme that allows objects to hold upward stored inwards memory.
The vulnerability exposed major websites including Facebook, Twitter, YouTube, Reddit, to hackers, but the squad of researchers scanned the meshwork on 2 dissimilar occasions as well as flora that over 70,000 servers are yet vulnerable to the attacks, including ransomware attacks like to the i that hit MongoDB databases inwards belatedly December.
For to a greater extent than in-depth information on the Memcached vulnerabilities — Read More.
10. Tor Launches Bug Bounty Program for Public
After its intention to launch a world põrnikas bounty computer program inwards belatedly Dec 2015, the Tor Project has finally launched a "Bug Bounty Program," encouraging hackers as well as safety researchers to honor as well as privately written report bugs that could compromise the anonymity network.
The põrnikas bounty reports volition hold upward sent through HackerOne — a startup that operates põrnikas bounty programs for companies including Yahoo, Twitter, Slack, Dropbox, Uber, General Motors – as well as fifty-fifty the U.S. Department of Defense for Hack the Pentagon initiative.
For detailed information on põrnikas bounty prices as well as types of valid vulnerabilities — Read More.
Other Important News This Week
Besides these, at that spot were lots of incidents happened this week, including:
- Microsoft's smart move to attention receive got downwards cyber espionage campaigns conducted past times "Fancy Bear" hacking group.
- A novel credential stealing malware flora beingness sold for equally inexpensive equally $7 on subway scheme forums.
- Cisco patched a highly critical RCE vulnerability inwards its WebEx browser extension for Chrome as well as Firefox, which could allow attackers to execute malicious code on a victim's figurer remotely.
- Windows 10 at nowadays allow you lot Reset forgotten password directly from your computer's Lock Screen.
- Several critical vulnerabilities inwards Segway Ninebot miniPRO could allow hackers to remotely receive got "full control" over the hoverboard inside attain as well as move out riders out-of-control.
- Ashley Madison's raise companionship Ruby Corp has agreed to pay a amount of $11.2 Million to roughly 37 i one m thousand users whose personal details were exposed inwards a massive information breach 2 years ago.