Security Briefing 2.7.2017
Efforts increasing on the dark web to secure itself as marketplace owner’s start bug bounty program. Rewards of up to 10 bitcoin ($10,224) for discovering and reporting a bug that could threaten the marketplace’s integrity, such as revealing the IP addresses or personal information of vendors or users. Non-critical bugs or vulnerabilities could earn a reward of 1BTC, while simple bugs are worth 0.5BTC.
British multinational hotel company InterContinental Hotels Group (IHG) confirmed on Friday that systems processing payments for some of its properties in the Americas region have been breached by cybercriminals, particularly ones operating under the Holiday Inn and Holiday Inn Express brands. A list of impacted hotels can be found here.
The critical vulnerability disclosed last week by WordPress developers has already been exploited to hack thousands of websites, security firm Sucuri warned on Monday. The security hole allows an attacker to modify the content of any post or page on a targeted site. It is a patched flaw as of 1/26, but most people don’t update their wordpress sites to the latest versions (4.7.2). UPDATE THINGS.
<technical> 76 iOS applications allow man-in-the-middle exploits to hijack data via silent interception of (normally) TLS-protected data while in use. A list of applications can be found here.
Kelihos, the malware behind one of the longest standing botnets out there, was recently observed spreading via infected thumb drives, researchers have discovered. Basic tricking the user into thinking a password has been compromised, infection happens, and then the malware is written to removable devices with an auto-run script. Kelihos is one of the largest spam-as-a-service botnets in the world.
The European Union Agency for Network and Information Security (ENISA) publishes “Communication Network Dependencies for ICS-SCADA Systems” report for critical infrastructure protection. (PDF, 80 pages) The report concentrates on two of the primary causes of security concern: network segmentation and communication between the segments; and the wider issue of communications with the outside world that often uses the Internet.
Did you know you can buy tax data and W-2’s on the dark web? Of course you did! You can get anything there! With Tax season in full swing, scammers and hackers (mostly scammers) are out in full force trying to steal data to sell in outlets like this. Remember, everything is worth something to someone.