Namecheap warns its users that accounts are being accessed with the Credentials stolen by Russian Hackers

Hold Security had reported in the mid August that around 1.2 billion credentials had been amassed by Russian hackers called “CyberVor”.  At that point and time, it was not known what these Russian hackers intended to do with such a huge collection of credentials and it was surmised by the experts that the login ids and passwords may be sold on underground forums for a premium. Now the first casualty of the leak seems to be the popular Domain registrar and Web hosting company Namecheap.
Namecheap warns its users that accounts are being accessed with the Credentials stolen by Russian Hackers
Namecheap has put up a blogpost warning its customers that the Russian hackers or buyers of the credentials have been trying to access their accounts by using credentials obtained from third party websites.  CyberVor had managed to  obtain 1.2 billion credentials from approximately 420,000 websites as per a research by Hold Security. The massive leak is being investigated by American Federal Bureau of Investigation and its reports are awaited.

Namecheap has issued a warning as it believes some of these 1.2 billion credentials are being utilized by cybercriminals to gain access to their customers' accounts. In the blogpost, Namecheap says that its intrusion detection systems picked up a higher than usual volume of login attempts shortly after the Hold Security report.  This normally indicates that hackers are using data to pre-empt any attempt by the investigating agencies to stop the breach being used for malafide intent.

Namecheap is not sure that this typical surge in login attempts incident is linked to the stealing of 1.2 billion credentials by CyberVor but the exact timing of the logins post the report has led the company to reach this conclusion. Matthew Russell, VP of Namecheap hosting division stated on the blog that, 
"The group behind this is using the stored usernames and passwords to simulate a web browser login through fake browser software. This software simulates the actual login process a user would use if they are using Firefox/Safari/Chrome to access their Namecheap account. The hackers are going through their username/password list and trying each and every one to try and get into Namecheap user accounts." 
As per the blog, most of the login attempts made during the surge proved unsuccessful but it warned that some of the accounts may have been breached , while most of the login attempts have been unsuccessful, the attackers have managed to gain unauthorized access to some accounts. The company has temporarily secured affected accounts and is working on notifying customers. Those who have been impacted by the cyberattack are instructed to verify their identities, after which they will be provided with new login credentials.

"As a precaution, we are aggressively blocking the IP addresses that appear to be logging in with the stolen password data. We are also logging these IP addresses and will be exporting blocking rules across our network to completely eliminate access to any Namecheap system or service, as well as making this data available to law enforcement," the company official said.

Russell has clarified that the unauthorized logins are not the result of a security breach at Namecheap. He claims all passwords stored on the company's systems are encrypted "using the highest security encryption methods."

The hosting firm is advising customers to enable two-factor authentication on their accounts. In addition, those who have used the same credentials on multiple websites are advised to take action immediately and update their passwords.

Shortly after the world learned about the 1.2 billion compromised credentials, experts warned that such attacks are inevitable.

"The more accounts you have, the more vulnerable you are. The more you share email addresses and passwords across those accounts, the more vulnerable you are," Jon Heimerl, senior security strategist at Solutionary, told SecurityWeek. "If you are regularly changing passwords the fact that someone has stolen your credentials may not have a huge impact on you. But how many people regularly change all of their passwords?" 

Apple patches iCloud security gap after celebrity photos hacked and leaked

18:53 Anuran Barman 0 Comments
The day after private and nude photos of actress Jennifer Lawrence and other Hollywood celebrities were leaked online, Apple has reportedly patched a security gap that could have allowed hackers to access iCloud accounts.
Apple patches iCloud security gap after celebrity photos hacked
It was reported that the vulnerability was exposed on the code hosting site Github. It says developers discovered that Apple's "Find My iPhone" feature could be compromised by so-called brute force attacks which try password after password until the right one is found to unlock an account. From there, the hackers might have been able to figure out a user's Apple ID and access their iCloud storage. Github says Apple has fixed the problem.

However, it is not clear whether this is the same, or the only security flaw that allowed hackers to scoop up the photos of Lawrence and 20 other Hollywood celebs. 

As stated in our earlier post, some of the photos appear to have come from different devices and may have been accumulated over a long period of time.

CNET senior editor Dan Ackerman said "It may not be one person, it may be a group of people, and these may be photos that were put together over the course of months or years,"

Online posts on the websites 4chan and Reddit said photos of more than 100 celebrities were exposed when a hacker broke into their cloud-based storage though independent news agencies indicated that images of only 20 celebs in close and personal positions may have been leaked.

Photos of the "Hunger Games" star Jennifer Lawrence in various stages of undress appeared online, along with private photos of actress Mary Elizabeth Winstead, model Kate Upton, and others. A spokesperson for Lawrence told that the posts are "a flagrant violation of privacy" and said "the authorities have been contacted and will prosecute anyone who posts the stolen photos of Jennifer Lawrence."

Winstead and Upton acknowledged that the stolen photos of them were real, while two other victims, singer Ariana Grande and Nickelodeon star Victoria Justice, said the photos posted of them were fakes.

In the other side Apple said Monday it is "actively investigating" whether a security breach at its iCloud service was responsible for the leak.
"We take user privacy very seriously and are actively investigating this report," Apple spokeswoman Natalie Kerris told Recode
The as-yet unknown attacker had one other thing going for him => Apple allows an unlimited number of password guesses. Normally, systems limit the number of times someone can try to log in to a system with an incorrect password before the account is locked down entirely. Apple has since fixed that aspect of the vulnerability.

The attackers never should have been allowed to make an unlimited number of guesses,” Kindlund said.
And while there’s no direct evidence tying the  Apple's iCloud to the attack, the timing of the incident appears to coincide with a talk given by security researchers on the subject of security on iCloud. 

The iBrute program was created by security researchers in Russia as a proof of concept and demonstrated as part of a talk at a security conference in St. Petersburg earlier this month.

Ebola Outbreak Infects Unwitting Users with Zeus Trojan

18:08 Anuran Barman 0 Comments
Security researchers have discovered a new email attack campaign using public interest generated due to the recent outbreak Ebola virus to infect users with a banking trojan.

The attackers in question have created an email template designed to spoof a World Health Organization (WHO) missive on Ebola, which contains links to three 'factsheets' on how to prevent the deadly virus, according to Proofpoint.
Clicking on one of those links will take the user to a landing page mimicking a genuine WHO Ebola factsheet, which is “almost indistinguishable from the original,” the vendor said in a blog post.

When the page loads, it requests permission to run a Java applet that will attempt to load a variant of the popular Zeus banking Trojan on the user’s machine,” Proofpoint continued.

Even with a security warning and suspicious hosting location (wsh3ll.bplaced[.]net), it’s not surprising that some users will click.

Once the potential victim has downloaded Zeus,  it will install itself and work as a typical banking trojan, although it also displays some RAT-like characteristics.

The Remote Access Trojan (RAT) results in ongoing access for attackers, giving them a pathway to install additional malware on the infected PC,” said Proofpoint.

The attack campaign is by no means the first to use Ebola as a lure to entice concerned netizens to click on something they shouldn’t and certainly not the last one.

A fortnight ago, Symantec reported three malware operations and a phishing campaign using Ebola as a social engineering theme.

One includes the Zbot Trojan, while the second one impersonates Middle East telecoms firm Etisalat and features an attachment hiding the Blueso Trojan and information-stealing Spyrat malware.

The third apparently hides the backdoor Breut malware in an attachment claiming to offer news of a cure for the deadly virus.

The phishing campaign in question spoofs a CNN ‘breaking news' email promising information on which regions are affected by Ebola and how to avoid infection with the virus.

Clicking on any links in the email will take the user to a web page where they are asked to select an email provider and input their user log-ins. These are then sent to the phisher, while the unwitting user is redirected to a real CNN page, Symantec said.

DDoS group Lizard Squad apparently caught and exposed

23:03 Anuran Barman 0 Comments
Gamers can get back to their seats as members of Lizard Squad appear to be have been tracked down.

Despite challenges to the “Feds” it looks like the group known as Lizard Squad who have been carrying out DDoS attacks on game services have been tracked down. A Tweet was posted on the Lizard Squad Twitter page indicating that that the net had closed in,
 The squad which came into news spotlight some day ago for DDosing Sony PS Network, seems to be in trouble.
DDoS group Lizard Squad apparently caught and exposed
whether you call it Team Rivalry it seems that other Teams, going with the online handle Activist Revolution has posted their personal details in a Pastebin Post and tweets were coming out regarding this. 
DDoS group Lizard Squad apparently caught and exposed
An earlier Tweet from the same account shows a picture of an apparent chat session with members of the Lizard Squad which also exposed their identities.

There has been no further updates since the top Tweet so they could be trying to keep their heads down as there’s been no confirmation of arrests.
DDoS group Lizard Squad apparently caught and exposed

The DDoS attacks started back on 23 August and the situation got more serious when SOE’s John Smedley’s flight was diverted after a bomb threat by the Lizard Squad. Attacks continued for a few more days with both Twitch and League of Legends being hit. There was also a threat of an attack of some kind during PAX during an AMA session.

It’s taken a while to track the group down but gamers should with any luck stop experiencing DDoS attacks from this group.

Update: Some fresh postings on twitter and at the Lizard Squad site suggest that, whatever else may be going on behind the scenes, the lizards are calling it a day.

We proved that even though we are little in this very big world, that a small group of friends who work together can cause a lot of havoc without legal repercussions. Today we will be disbanding, behind the green reptiles and other bullshit, we have lives believe it or not, things to do, people to meet.