Security Alerts & News
by Tymoteusz A. Góral

History
#2075 LeakedSource clone pops up on Russian domain
A website surfaced online today, posing to be the infamous LeakedSource data hoarding service, which went down shrouded in mystery at the end of January 2017.

The original LeakedSource launched in late 2015, and it became known worldwide after it disclosed mega data breaches affecting services such as LinkedIn, MySpace, Dropbox, and many others.
#2074 This hard drive will self destruct. Data-wiping malware targets Europe
Shamoon—the mysterious disk wiper that popped up out nowhere in 2012 and took out more than 35,000 computers in a Saudi Arabian-owned gas company before disappearing—is back. Its new, meaner design has been unleashed three time since November. What's more, a new wiper developed in the same style as Shamoon has been discovered targeting a petroleum company in Europe, where wipers used in the Middle East have not previously been seen.

Researchers from Moscow-based antivirus provider Kaspersky Lab have dubbed the new wiper "StoneDrill." They found it while they were researching the trio of Shamoon attacks, which occurred on two dates in November and one date in late January. The refurbished Shamoon 2.0 added new tools and techniques, including less reliance on outside command-and-control servers, a fully functional ransomware module, and new 32-bit and 64-bit components.
#2073 Spammers expose their entire operation through bad backups
This is the story of how River City Media (RCM), Alvin Slocombe, and Matt Ferris, accidentally exposed their entire operation to the public after failing to properly configure their Rsync backups.

The data from this well-known, but slippery spamming operation, was discovered by Chris Vickery, a security researcher for MacKeeper and shared with Salted Hash, Spamhaus, as well as relevant law enforcement agencies.

While security practitioners are familiar with spammers and their methods, this story afforded Salted Hash with a rare opportunity to look behind the curtain and view their day-to-day operations.
#2072 SHA1 collision attack can serve backdoored torrents to track down pirates
A theoretical scenario that leverages the SHA1 collision attack disclosed recently by Google can serve backdoored BitTorrent files that execute code on the victim's machine, deliver malware, or alert copyright owners when their software has been pirated.

The theoretical attack, nicknamed BitErrant, is the work of Tamas Jos, a Hungarian security expert working for SWIFT, the company behind the SWIFT protocol used for international inter-banking transactions.

To understand the attack, users first need to understand how BitTorrent works. When someone creates a torrent file, they actually break up the original file into smaller chunks and save information about these chunks inside the torrent file.
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12