The link to the malware code that powered an unprecedented DDoS attack against the website of cybersecurity reporter Brian Krebs has been posted online. A user named “Anna-senpai” dubbed the malware “Mirai”, which is designed to infect IoT devices that haven’t changed their default usernames and passwords. Once assembled, these massive armies of devices can be controlled from a central server, where they are typically leased out to hackers to launch DDoS attacks against target websites. Read more.
Researchers at Trend Micro have warned over 400 instances of Dresscode malware are available for download from the Google Play store. This malware first appeared in April and once downloaded by a user it can be used by those controlling it to conduct cyber espionage, download sensitive data or recruit other devices into a botnet. Dresscode apps disguised as games, skins, themes, and phone optimization boosters have all been spotted in the store: the Trojan is only a small part of the app, making it much harder to spot. Read more.
Synack researcher Patrick Wardle has presented new findings that attackers can enable malware to monitor a Mac and only record the video sessions when the webcam is in use. Mac’s have a hard-wired light indicator that tells the user when it’s in use, however, this malware is able to piggyback when the camera is in use and record so there are no visible indications of malicious activity. Read more.
While Dropbox had over 60 million account details stolen in August, yesterday the email addresses and hashed passwords associated with these accounts were uploaded online. Thomas White aka The Cthulu, uploaded the entire database on his website—a move that he claims is to help researchers examine the breach. Read more.
The FBI secretly arrested a Booz Allen Hamilton contractor working for the NSA and is investigating whether he stole and disclosed highly classified computer codes developed to hack into the networks of foreign governments reports The New York Times. Read more.
Wikileaks celebrated its tenth anniversary on Tuesday and founder Julian Assange teased the release of documents that could be damaging to presidential candidate Hillary Clinton. However, when he failed to release anything new, the hacker known as Guccifer 2.0 released new documents on his blog. Guccifer 2.0 stated he or she hacked the Clinton Foundation server and downloaded “hundreds of thousands of docs and donors’ databases. Read more.
A portion of BuzzFeed’s website was breached and a handful of articles were defaced by the hacking group OurMine on Wednesday morning. According to a Google search of cached Buzzfeed pages, at least three articles briefly have had their headline changed to “Hacked By OurMine,” or some variation of that. Read more.