sale

now browsing by tag

 
 

COVID-19 canceled Eagle Valley Rummage sale, but there’s a free option for kids clothes | #covid19 | #kids | #childern | #parenting | #parenting | #kids

Rebecca Kanaly, left, and volunteer Hannah Conoly from the United Way Eagle River Valley show off the Youth Closet and Toy Chest sales floor. The operation is now open, by […] View full post on National Cyber Security

#deepweb | Weibo Confirms 538 Million User Records Leaked, Listed For Sale on Dark Web

Source: National Cyber Security – Produced By Gregory Evans

Rumors have spread after Wei Xingguo (Yun Shu), CTO of Chinese Internet security company Moresec and former chief of Alibaba’s Security Research Lab posted on Weibo that millions of Weibo users’ data had been leaked on March 19. Wei claimed that his own phone number was leaked through Weibo and had received WeChat friend requests based on “phone number search.”

In the comment section, netizens claimed that they found 538 million user records including user IDs, number of Weibo posts, number of followers, gender and geographic location available for purchase on the dark web. Among all the user records, 172 million had basic account information, all of which was available for sale for 0.177 Bitcoin.

Luo Shiyao, Weibo’s Security Director responded on Weibo that the Internet security community was merely “overreacting.” “Phone numbers were leaked due to brute-force matching in 2019 and other personal information was crawled on the Internet,” adding that “When we found the security vulnerability we took measures to fix it.” Luo stated that this is likely another “dictionary attack” instead of a direct drag from Weibo’s database.

Both Wei’s thread and Luo’s Weibo post have been deleted.

Flow chart of the information purchase process (Source: Phala Network)

Weibo responded to media admitting that the data leak is true, while no users’ passwords or ID numbers were under threat. Weibo also claimed that its security policy has since been strengthened and is under continuous optimization. The company also stated that the leak traced back to an attack on Weibo in late 2018, when hackers used brute force data through the Weibo interface, that is, using the address book matching interface to find user nicknames through the enumeration segment. Weibo concluded that no other information besides users’ IDs was leaked and its normal services would not be affected.

However, according to Phala Network‘s research, users’ ID numbers, emails, real names, phone numbers and related QQ numbers can all be obtained through the Weibo information leak on the dark net. One search costs approximately 10 RMB. According to TMT Post, a source had purchased their own personal information including name, email, home address, mobile phone number, Weibo account number and password on the dark web and confirmed it to be accurate. Another source revealed to TMT Post that even some user’s license plate numbers and previous passwords could be found. Chat app Telegram is a major platform where transactions for the leaked data are conducted.

Source link
——————————————————————————————————

The post #deepweb | <p> Weibo Confirms 538 Million User Records Leaked, Listed For Sale on Dark Web <p> appeared first on National Cyber Security.

View full post on National Cyber Security

Dangerous Domain Corp.com Goes Up for Sale — Krebs on Security

Source: National Cyber Security – Produced By Gregory Evans

As an early domain name investor, Mike O’Connor had by 1994 snatched up several choice online destinations, including bar.com, cafes.com, grill.com, place.com, pub.com and television.com. Some he sold over the years, but for the past 26 years O’Connor refused to auction perhaps the most sensitive domain in his stable — corp.com. It is sensitive because years of testing shows whoever wields it would have access to an unending stream of passwords, email and other proprietary data belonging to hundreds of thousands of systems at major companies around the globe.

Now, facing 70 and seeking to simplify his estate, O’Connor is finally selling corp.com. The asking price — $1.7 million — is hardly outlandish for a 4-letter domain with such strong commercial appeal. O’Connor said he hopes Microsoft Corp. will buy it, but fears they won’t and instead it will get snatched up by someone working with organized cybercriminals or state-funded hacking groups bent on undermining the interests of Western corporations.

One reason O’Connor hopes Microsoft will buy it is that by virtue of the unique way Windows handles resolving domain names on a local network, virtually all of the computers trying to share sensitive data with corp.com are somewhat confused Windows PCs. More importantly, early versions of Windows actually encouraged the adoption of insecure settings that made it more likely Windows computers might try to share sensitive data with corp.com.

At issue is a problem known as “namespace collision,” a situation where domain names intended to be used exclusively on an internal company network end up overlapping with domains that can resolve normally on the open Internet.

Windows computers on an internal corporate network validate other things on that network using a Microsoft innovation called Active Directory, which is the umbrella term for a broad range of identity-related services in Windows environments. A core part of the way these things find each other involves a Windows feature called “DNS name devolution,” which is a kind of network shorthand that makes it easier to find other computers or servers without having to specify a full, legitimate domain name for those resources.

For instance, if a company runs an internal network with the name internalnetwork.example.com, and an employee on that network wishes to access a shared drive called “drive1,” there’s no need to type “drive1.internalnetwork.example.com” into Windows Explorer; typing “\drive1” alone will suffice, and Windows takes care of the rest.

But things can get far trickier with an internal Windows domain that does not map back to a second-level domain the organization actually owns and controls. And unfortunately, in early versions of Windows that supported Active Directory — Windows 2000 Server, for example — the default or example Active Directory path was given as “corp,” and many companies apparently adopted this setting without modifying it to include a domain they controlled.

Compounding things further, some companies then went on to build (and/or assimilate) vast networks of networks on top of this erroneous setting.

Now, none of this was much of a security concern back in the day when it was impractical for employees to lug their bulky desktop computers and monitors outside of the corporate network. But what happens when an employee working at a company with an Active Directory network path called “corp” takes a company laptop to the local Starbucks?

Chances are good that at least some resources on the employee’s laptop will still try to access that internal “corp” domain. And because of the way DNS name devolution works on Windows, that company laptop online via the Starbucks wireless connection is likely to then seek those same resources at “corp.com.”

In practical terms, this means that whoever controls corp.com can passively intercept private communications from hundreds of thousands of computers that end up being taken outside of a corporate environment which uses this “corp” designation for its Active Directory domain.

INSTANT CORPORATE BOTNET, ANYONE?

That’s according to Jeff Schmidt, a security expert who conducted a lengthy study on DNS namespace collisions funded in part by grants from the U.S. Department of Homeland Security. As part of that analysis, Schmidt convinced O’Connor to hold off selling corp.com so he and others could better understand and document the volume and types of traffic flowing to it each day.

During an eight month analysis of wayward internal corporate traffic destined for corp.com in 2019, Schmidt found more than 375,000 Windows PCs were trying to send this domain information it had no business receiving — including attempts to log in to internal corporate networks and access specific file shares on those networks.

For a brief period during that testing, Schmidt’s company JAS Global Advisors accepted connections at corp.com that mimicked the way local Windows networks handle logins and file-sharing attempts.

“It was terrifying,” Schmidt said. “We discontinued the experiment after 15 minutes and destroyed the data. A well-known offensive tester that consulted with JAS on this remarked that during the experiment it was ‘raining credentials’ and that he’d never seen anything like it.”

Likewise, JAS temporarily configured corp.com to accept incoming email.

“After about an hour we received in excess of 12 million emails and discontinued the experiment,” Schmidt said. “While the vast majority of the emails were of an automated nature, we found some of the emails to be sensitive and thus destroyed the entire corpus without further analysis.”

Schmidt said he and others concluded that whoever ends up controlling corp.com could have an instant botnet of well-connected enterprise machines.

“Hundreds of thousands of machines directly exploitable and countless more exploitable via lateral movement once in the enterprise,” he said. “Want an instant foothold into about 30 of the world’s largest companies according to the Forbes Global 2000? Control corp.com.”

THE EARLY ADVENTURES OF CORP.COM

Schmidt’s findings closely mirror what O’Connor discovered in the few years corp.com was live on the Internet after he initially registered it back in 1994. O’Connor said early versions of a now-defunct Web site building tool called Microsoft FrontPage suggested corporation.com (another domain registered early on by O’Connor) as an example domain in its setup wizard.

That experience, portions of which are still indexed by the indispensable Internet Archive, saw O’Connor briefly redirecting queries for the domain to the Web site of a local adult sex toy shop as a joke. He soon got angry emails from confused people who’d also CC’d Microsoft co-founder Bill Gates.

https://krebsonsecurity.com/

Archive.org’s index of corp.com from 1997, when its owner Mike O’Connor briefly enabled a Web site mainly to shame Microsoft for the default settings of its software.

O’Connor said he also briefly enabled an email server on corp.com, mainly out of morbid curiosity to see what would happen next.

“Right away I started getting sensitive emails, including pre-releases of corporate financial filings with The U.S. Securities and Exchange Commission, human resources reports and all kinds of scary things,” O’Connor recalled in an interview with KrebsOnSecurity. “For a while, I would try to correspond back to corporations that were making these mistakes, but most of them didn’t know what to do with that. So I finally just turned it off.”

TOXIC WASTE CLEANUP IS HARD

Microsoft declined to answer specific questions in response to Schmidt’s findings on the wayward corp.com traffic. But a spokesperson for the company shared a written statement acknowledging that “we sometimes reference ‘corp’ as a label in our naming documentation.”

“We recommend customers own second level domains to prevent being routed to the internet,” the statement reads, linking to this Microsoft Technet article on best practices for setting up domains in Active Directory.

Over the years, Microsoft has shipped several software updates to help decrease the likelihood of namespace collisions that could create a security problem for companies that still rely on Active Directory domains that do not map to a domain they control.

But both O’Connor and Schmidt say hardly any vulnerable organizations have deployed these fixes for two reasons. First, doing so requires the organization to take down its entire Active Directory network simultaneously for some period of time. Second, according to Microsoft applying the patch(es) will likely break or at least slow down a number of applications that the affected organization relies upon for day-to-day operations.

Faced with either or both of these scenarios, most affected companies probably decided the actual risk of not applying these updates was comparatively low, O’Connor said.

“The problem is that when you read the instructions for doing the repair, you realize that what they’re saying is, ‘Okay Megacorp, in order to apply this patch and for everything to work right, you have to take down all of your Active Directory services network-wide, and when you bring them back up after you applied the patch, a lot of your servers may not work properly’,” O’Connor said.

Curiously, Schmidt shared slides from a report submitted to a working group on namespace collisions suggesting that at least some of the queries corp.com received while he was monitoring it may have come from Microsoft’s own internal networks.

https://krebsonsecurity.com/

Image: JAS Global Advisors

“The reason I believe this is Microsoft’s issue to solve is that someone that followed Microsoft’s recommendations when establishing an active directory several years back now has a problem,” Schmidt said.

“Even if all patches are applied and updated to Windows 10,” he continued. “And the problem will persist while there are active directories named ‘corp’ – which is forever. More practically, if corp.com falls into bad hands, the impact will be on Microsoft enterprise clients – and at large scale – paying, Microsoft clients they should protect.”

Asked why he didn’t just give corp.com to Microsoft as an altruistic gesture, O’Connor said the software giant ought to be accountable for its products and mistakes.

“It seems to me that Microsoft should stand up and shoulder the burden of the mistake they made,” he said. “But they’ve shown no real interest in doing that, and so I’ve shown no interest in giving it to them. I don’t really need the money. I’m basically auctioning off a chemical waste dump because I don’t want to pass it on to my kids and burden them with it. My frustration here is the good guys don’t care and the bad guys probably don’t know about it. But I expect the bad guys would like it.”

Further reading:

Mitigating the Risk of DNS Namespace Collisions (PDF)

DEFCON 21 – DNS May Be Hazardous to your Health (Robert Stucke)

Mitigating the Risk of Name Collision-Based Man-in-the-Middle Attacks (PDF)



Tags: Active Directory, corp.com, DNS name devolution, JAS Global Advisors, Jeff Schmidt, Microsoft Corp., Microsoft Windows, Mike O’Connor, namespace collision, U.S. Department of Homeland Security

The source of this story comes from click here!

The post Dangerous Domain Corp.com Goes Up for Sale — Krebs on Security appeared first on National Cyber Security.

View full post on National Cyber Security

#deepweb | Joker’s laughing: Fresh database of half a million Indian payment card records on sale in the Dark Web

Source: National Cyber Security – Produced By Gregory Evans

“INDIA-BIG-MIX” (full name: [CC] INDIA-BIG-MIX (FRESH SNIFFED CVV) INDIA/EU/WORLD MIX, HIGH VALID 80-85%, uploaded 2020-02-05 (NON-REFUNDABLE BASE)”

If you’re wondering what this seemingly random set of words mean, that is how a fresh database of 461,976 payment card records currently on sale on Joker’s Stash, a popular underground cardshop in the dark web has been listed.

Group-IB, a Singapore based cybersecurity company specialising in preventing cyber attacks which detected the database, says that over 98% of this database on sale were cards issued by Indian banks.

At the moment, the source of this new breach is unknown. The card records were uploaded on the 5th of February and that the total estimated value of the database according to Group-IB, is USD4.2 million, at around USD 9 apiece. Till yesterday morning 16 cards details were found to have been sold. Those who buy these cards do so with the intention of committing payment card fraud.

The company says that they have already alerted India’s Computer Emergency Response Team (CERT-In). The Economic Times will update this story as and when we hear from CERT-In on the steps they have taken.

With the sharp rise in digital payments in India and a lack of corresponding rise in awareness of the best practices to use payment cards safely online and offline, the country has become an attractive destination for nefarious elements online.

This newest breach has, according to Group-IB, “exposed card numbers, expiration dates, CVV/CVC codes and, in this case, some additional information such as cardholders’ full name, as well as their emails, phone numbers and addresses.”

This is the second major database of Indian payment card details that Group-IB has detected since October when 1.3 million credit and debit card records of mostly Indian banks’ customers uploaded to Joker’s Stash with and estimated underground market value of USD130 million was detected in what became “the biggest card database encapsulated in a single file ever uploaded on underground markets at once.”

According to Dmitry Shestakov, the head of Group-IB cybercrime research unit, “In the current case, we are dealing with so-called fullz — they have info on card number, expiration date, CVV/CVC, cardholder name as well as some extra personal info.”

They also say that unlike earlier breaches what “distinguishes the new database from its predecessor is the fact that the cards were likely compromised online, this assumption is supported by the set of data offered for sale.”

Shestakov adds “such type of data is likely to have been compromised online — with the use of phishing, malware, or JS-sniffers — while in the previous case, we dealt with card dumps (the information contained in the card magnetic stripe), which can be stolen through the compromise of offline POS terminals, for example.”

Source link
——————————————————————————————————

The post #deepweb | <p> Joker’s laughing: Fresh database of half a million Indian payment card records on sale in the Dark Web <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#infosec | Redditt: US-UK NHS ‘Sale’ Docs Leaked by Russia

Source: National Cyber Security – Produced By Gregory Evans

Documents allegedly revealing a secret post-Brexit US-UK trade deal were leaked online as part of a Russian influence campaign, Reddit has claimed.

The social site said it has banned 61 accounts and one subreddit following an investigation into the origin of the documents, which had been seized on by the opposition Labour Party as proof of a deal to ‘sell’ the NHS to US companies.

Those it found guilty of posting and sharing the documents are probably part of a Russian campaign dubbed “Secondary Infektion” that has already been attempting influence operations on Facebook, it claimed.

“In late October, an account u/gregoratior posted the leaked documents and later reposted by an additional account u/ostermaxnn. Additionally, we were able to find a pocket of accounts participating in vote manipulation on the original post. All of these accounts have the same shared pattern as the original Secondary Infektion group detected, causing us to believe that this was indeed tied to the original group,” explained Redditt in a post over the weekend.

“Outside of the post by u/gregoratior, none of these accounts or posts received much attention on the platform, and many of the posts were removed either by moderators or as part of normal content manipulation operations. The accounts posted in different regional subreddits, and in several different languages.”

The Secondary Infektion group is known for attempts to sow discord between NATO allies and in its mature OpSec capabilities, which help to keep its tracks covered.

If true, the incident would seem to echo attempts to influence the 2016 US Presidential election, when Russian hackers stole and leaked sensitive Democratic Party documents, to the detriment of Hillary Clinton’s campaign.

However, these don’t seem to have had the same impact. Reports claim UK officials are currently investigating whether the documents were originally leaked or hacked.

____________________________________________________________________________________________________________________

#infosec #itsecurity #hacking #hacker #computerhacker #blackhat #ceh #ransomeware #maleware #ncs #nationalcybersecurityuniversity #defcon #ceh #cissp #computers #cybercrime #cybercrimes #technology #jobs #itjobs #gregorydevans #ncs #ncsv #certifiedcybercrimeconsultant #privateinvestigators #hackerspace #nationalcybersecurityawarenessmonth #hak5 #nsa #computersecurity #deepweb #nsa #cia #internationalcybersecurity #internationalcybersecurityconference #iossecurity #androidsecurity #macsecurity #windowssecurity
____________________________________________________________________________________________________________________

Source link

The post #infosec | Redditt: US-UK NHS ‘Sale’ Docs Leaked by Russia appeared first on National Cyber Security.

View full post on National Cyber Security

#infosec | Hacked Disney+ Accounts on Sale for $1

Source: National Cyber Security – Produced By Gregory Evans Disney’s new video-on-demand streaming service has been compromised within a week of its being launched, with hacked Disney+ accounts offered for sale online for just $1.  According to The Daily Dot, the hugely popular Disney+ service, which amassed over 10 million subscribers on its first day alone, was […] View full post on AmIHackerProof.com

#deepweb | Massive cache of Indian card data goes up for sale on dark web

Source: National Cyber Security – Produced By Gregory Evans The details of more than 1.3 million credit and debit cards – most of them from India – have been put up for sale on an underground forum. The database, which has been on the Joker’s Stash carding forum since 28 October, was spotted by […] View full post on AmIHackerProof.com

#cyberfraud | #cybercriminals | Visakhapatnam resident duped of Rs 3.6 lakh in online car sale fraud

Source: National Cyber Security – Produced By Gregory Evans

On Wednesday, Visakhapatnam Cyber Crime Police arrested a man from Noida, on the charges of duping Rs 3.6 lakh in online car sale fraud.

According to sources, DVAN Raju, a resident of MVP Colony, came across a second-hand car on an online selling platform. Contacting the number given in the advertisement, Mr Raju was asked to meet somebody named Altaf from Gajuwaka, in order to take a look at the car.

After personally viewing the vehicle, Mr Raju transferred an amount of Rs 3.6 lakh to the accused. He was further informed that the car had gone for servicing and will soon be delivered. Thereafter, the accused switched off his mobile phone. Realizing that he was cheated, Mr Raju lodged a complaint with the Visakhapatnam Cyber Crime Police.

The cops had swung into action and interrogated Altaf. He revealed that a person named Sunny Kumar is the mastermind behind the online car sale fraud. Later on, Visakhapatnam CI, V Gopinath, tracked down the culprit’s location, based on the previous bank transaction. Arresting the con artist at Noida, on 9 October 2019, his mobile number and bank account were immediately seized. Furthermore, the police are carrying out investigations to unearth other probable scams conducted by Sunny Kumar.

Source link

The post #cyberfraud | #cybercriminals | Visakhapatnam resident duped of Rs 3.6 lakh in online car sale fraud appeared first on National Cyber Security.

View full post on National Cyber Security

Ukrainian #hackers blamed for #computer problems that crashed #multimillion #dollar art #sale

Source: National Cyber Security – Produced By Gregory Evans

An auction house is blaming a paid, deliberate attack that originated from Ukraine for a computer meltdown that shelved a multimillion dollar sale of artwork on Tuesday night.

Scores of people had gathered at Chifley Tower in Sydney’s CBD for an art auction hosted by online start-up Fine Art Bourse, created by Tim Goodman, a former chairman of Sotheby’s, and Adrian Newstead, the founder of Cooee Art.

Buyers were competing for more than 80 artworks, including Emily Kame Kngwarreye’s Earth’s Creation I, which was expected to fetch at least $2 million.

But the auction was postponed after what was described as “an unusually high surge of traffic” overloaded the auction site’s server, which is based in Hong Kong.

William Ehmcke, a director of the online auction house, said in a statement on Thursday that the timing and size of the attack suggested it was paid and deliberate.

“There is also evidence that the auction platform database was hacked, just prior to the auction launch, to further disrupt the sale process,” he said. “All client data has now been removed from the FAB (Fine Art Bourse) database.”

Mr Goodman said: “Someone out there does not want us to succeed.”

The post Ukrainian #hackers blamed for #computer problems that crashed #multimillion #dollar art #sale appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

PayThink The Oracle MICROS attack is a call to fix point of sale security

231

Source: National Cyber Security – Produced By Gregory Evans

PayThink The Oracle MICROS attack is a call to fix point of sale security

Attacks on point-of-sale (POS) systems usually target immediate gain through fraud with payment card data, which is why any organization that uses point of sale devices or processes payment details needs to be on constant alert.
The numerous point-of-sale security

The post PayThink The Oracle MICROS attack is a call to fix point of sale security appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures