Article: Hijack of Amazon’s internet domain service used to reroute web traffic for two hours unnoticed

Between 11am until 1pm UTC today, DNS traffic — the phone book of the internet, routing you to your favourite websites — was hijacked by an unknown actor.

The attackers used BGP — a key protocol used for routing internet traffic around the world — to reroute traffic to Amazon’s Route 53 service, the largest commercial cloud provider who count major websites such as Twitter.com as customers.

They re-routed DNS traffic using a man in the middle attack using a server at Equinix in Chicago.

From there, they served traffic for over two hours.

Full Article: https://doublepulsar.com/hijack-of-amazons-internet-domain-service-used-to-reroute-web-traffic-for-two-hours-unnoticed-3a6f0dda6a6f

Article: Europol shuts down largest cyberattack-for-hire website

A website that police say was behind millions of cyberattacks has been closed following a series of international arrests.

Europol said Wednesday morning that it’s shut down Webstresser.org, a page that carried out distributed denial-of-service attacks for a price, sometimes as cheap as $18.26 a month. The page had more than 136,000 users and carried out 4 million attacks by April, according to Europol, the European Union Agency for Law Enforcement Cooperation.

DDoS attacks are capable of taking out websites and servers by flooding an address with so many requests that it’s forced offline. In 2016, the Dyn attack managed to temporarily shut down major websites like Twitter, Spotify and Reddit. Hackers need access to a massive amount of devices to carry out these attacks — usually with hijacked internet of things (IoT) gadgets — but websites like Webstresser.org could offer that service to anyone willing to pay.

Full Article: https://www.cnet.com/news/europol-shuts-down-largest-cyberattack-for-hire-website/

Article: First Case of X-Ray Malware Revealed?

Security nightmare as new attack campaign targets healthcare providers – and even high-end medical scanning machines…

 

Researchers have uncovered an unusual campaign seemingly targeted at healthcare providers in the West, but with some intriguing elements.

The attack group have been dubbed Orangeworm, and are clearly targeting the healthcare sector – more than 40 per cent of their confirmed victims are in the healthcare industry. The modus operandi of the group isn’t that unusual in itself, with an initial infiltration of the target, followed by deployment of a Trojan backdoor, Trojan.Kwampirs, which evades hash-based detection by inserting a randomly generated string into the middle of the decrypted payload before writing it to disk.

The Trojan has been found deeply embedded in compromised healthcare networks, including on high-tech imaging devices such as X-ray and MRI machines. According to the researchers though, the aim is not to attack these machines or steal their data, but to gather corporate espionage on the devices themselves. Worryingly, the malware is also interested in machines used to assist patients in completing consent forms for required procedures.

A full list of Orangeworm IOCs can be found here.

Full Article: https://www.htbridge.com/blog/first-case-of-x-ray-malware-revealed.html

Article: Hackers built a ‘master key’ for millions of hotel rooms

Security researchers have built a master key that exploits a design flaw in a popular and widely used hotel electronic lock system, allowing unfettered access to every room in the building.

The electronic lock system, known as Vision by VingCard and built by Swedish lock manufacturer Assa Abloy, is used in more than 42,000 properties in 166 countries, amounting to millions of hotel rooms — as well as garages and storage units.

These electronic lock systems are commonplace in hotels, used by staff to provide granular controls over where a person can go in a hotel — such as their room — and even restricting the floor that the elevator stops at. And these keys can be wiped and reused when guests check-out.

It turns out these key cards aren’t as secure as first thought.

F-Secure’s Tomi Tuominen and Timo Hirvonen, who carried out the work, said they could create a master key “basically out of thin air.”

Any key card will do. Even old and expired, or discarded keys retain enough residual data to be used in the attack. Using a handheld device running custom software, the researchers can steal data off of a key card — either using wireless radio-frequency identification (RFID) or the magnetic stripe. That device then manipulates the stolen key data, which identifies the hotel, to produce an access token with the highest level of privileges, effectively serving as a master key to every room in the building.

 

Full Article: https://www.zdnet.com/article/millions-of-hotel-door-locks-bypass-with-master-key/

Article: #deletefacebook

Facebook is using us. It is actively giving away our information. It is creating an echo chamber in the name of connection. It surfaces the divisive and destroys the real reason we began using social media in the first place – human connection.

It is a cancer.

I’ve begun the slow process of weaning myself off of the platform by methodically running a script that will delete my old content. And there’s a lot. There are likes and shares. There are long posts I wrote to impress my friends. There are thousands of WordPress notifications that tell the world what I’m doing. In fact, I would wager I use Facebook more to broadcast my ego than interact with real humans. And I suspect that most of us are in a similar situation.

Full Article: https://techcrunch.com/2018/03/19/deletefacebook/

Delete Facebook Website: https://deletefacebook.com/

Save NetNeutrality

We have just days. The FCC is about to vote to end net neutrality—breaking the fundamental principle of the open Internet—and only an avalanche of calls to Congress can stop it.

#savenetneutrality and #StopTheFCC

,

R.I.T. President Desler Retiring 2017

635908021687398466-rit1

Image Property of Democrat and Chronicle

Rochester Institute of Technology president Bill Destler announced on Monday that he is retiring at the end of the next school year.

In a statement, Destler said, “It has been a privilege to lead RIT alongside such great students, faculty and alumni.” He credited “RIT’s transformation into one of the world’s great universities to them.”

Destler, 69, also released a video with his wife, Rebecca Johnson, saying that he has mixed emotions about retiring and that his years at RIT have been the most fulfilling of his professional career.

“As we enter our final year,  RIT cannot rest on its laurels,” said Destler in his video message.

When he retires at the end of June 2017, he will have served 10 years as president of RIT.

Full Story at: http://www.democratandchronicle.com/story/news/2016/05/09/rit-president-destler-retiring/84132336/

 

This is a pretty sad announcement. Our entire R.I.T. career was under Dr. Desler. Between his constantly upbeat attitude and how many major changes he made for the school, he will be missed as the President. There were a couple of things he did that the students weren’t on board with (the switch to semesters and the focus on traditional sports when RIT is a tech school) but ya know, he’s done a great job overall. He renovated so many parts of the school, so many new buildings and beautiful additions to the campus. Such as Global Village, the bookstore area, the new apartment complexes, the Alumni House, the several new schools. It’s just been amazing watching RIT go from being on the edge of the city, barely needing stop signs because of how low the traffic was, to such a major spot.

I know we left in 2014, but it’s still a sad moment. But life goes on and I’m sure he will have an amazing retirement. I will leave with one of his student favorite songs from his album he put out.

 

Why are Hospitals Easy Targets for Ransomware?

Ransomware, a vicious form of malware which locks up files, programs or even entire computer systems and prevents users from accessing them until a ransom is paid, has been a growing problem for all manner of consumers and businesses in recent years. One type of business that has been hit hard by ransomware attacks recently is hospitals. It’s no secret that the healthcare industry as a whole is vulnerable to all manner of security intrusions, as large-scale data breaches of health care companies like Anthem and Excellus BlueCross BlueShield have shown. However, you might be wondering what exactly it is that makes hospitals such easy targets for ransomware attacks — and what is being done to help improve security and lessen the chances of entire hospitals being taken virtual hostage by hackers.

Full Story: http://www.nextadvisor.com/blog/2016/04/11/hospitals-easy-targets-ransomware/

‹ Previous Posts