Hackers and DDoS attacks almost broke the Internet !!

[crazed 9.6]

Change your passwords guys and gals !!

Thursday, October 20, 2016

http://thehackernews.com/2016/10/weebly-foursquare-data-breach.html

Friday, October 21, 2016

http://thehackernews.com/2016/10/iot-dyn-ddos-attack.html

http://heavy.com/tech/2016/10/ddos-attack-outage-map-what-websites-areas-regions-are-affected-source/

Affected sites include:
ActBlue
Amazon
AthenaNet
Basecamp
BlueHost
Box
Braintree
CNN
Credit Karma
DYN
Eventbrite
Etsy
Fox News
Freshbooks
Github
HBO Now
Heroku
Imgur
Indeed
Intercom
Kayak
Netflix
New York Times
NHL
Okta
Pagerduty
Paypal
People
Playstation Network
Qualtrics
Recode
Reddit
Shopify
Soundcloud
SpeedTest
Spotify
Storify
The Verge
Twitter
Weebly
Whatsapp
Wikia
Wired
WSJ
Yelp
Zendesk
Zillow

Even if stolen passwords are much difficult to crack, it's still a good idea to change the password for your Weebly account, just to be safe.
Also change passwords for other online accounts immediately, especially if you use the same password for multiple websites.


Passwords are your last lines of defense against online threats.

http://thehackernews.com/2016/07/best-password-manager.html

 

[Kimbo]

Thank You Crazed had to changed my Amazon Prime password!!

 

[crazed 9.6]

5 major Russian banks hit with powerful DDoS attacks

Friday, November 11, 2016
Swati Khandelwal
thehackernews.com

Distributed Denial of Service (DDoS) attacks have risen enormously in past few months and, mostly, they are coming from hacked and insecure internet-connected devices, most commonly known as Internet of Things (IoT).

Recent DDoS attack against DNS provider Dyn that brought down a large chunk of the Internet came from hacked and vulnerable IoT devices such as DVRs, security cameras, and smart home appliances.

This DDoS was the biggest cyber attack the world has ever seen.

Now, in the latest incident, at least five Russian banks have been subject to a swathe of DDoS attacks for two days, said the Russian banking regulator.

The state-owned Sberbank was one of the five targets of the attacks that began on last Tuesday afternoon and lasted over the next two days.

According to Kaspersky Lab, the longest attack last for 12 hours and peaked at 660,000 requests per second came from a botnet of at least 24,000 hacked devices located in 30 countries.

Although the culprit appears to be using hacked and insecure IoT devices such as CCTV cameras or digital video recorders, Kaspersky Lab believes that the latest attack does not look like the work of the "Mirai IoT botnet" — the one used to disrupt the Dyn DNS service.

Mirai is a piece of nasty malware that scans for IoT devices that have weak factory default setting (hard-coded usernames and passwords), converts them into bots, and then used them to launch DDoS attack.

In a statement, Sberbank representative said the bank managed to neutralize the cyber attack without disturbing the ongoing operation of its website, adding that the latest DDoS attacks were among the largest the bank had ever seen, RT reports.

Another Russian bank, Alfabank, has also confirmed the DDoS attack, though it called the attack weak. The bank's representative told RIA Novosti that "there was an attack, but it was relatively weak. It did not affect Alfabank's business systems in any way."

Kaspersky said more than a half of the IoT botnet devices were situated in the United States, India, Taiwan, and Israel. To gain control over the devices, the hackers took advantage of smart devices that use easy to guess passwords.

Security researchers are continually pointing out serious threats from new connected devices that have been rushed to market with poor, or no, security implementations.

Just last week, the DDoS attack through hacked IoT devices led to the disruption of the heating systems for at least two apartments in the city of Lappeenranta, literally leaving their residents in subzero weather.

Keeping in mind the rise in the number of insecure IoT devices, it is entirely possible that the next round of attacks emerged from IoT-based botnet could reach orders of magnitude larger so much so that it could even take down our cities if we let it.

So the best way to protect your smart devices from being a part of DDoS botnet is to be more vigilant about the security of your internet-connected devices. Change the default settings and credentials of your devices and always protect your devices behind a firewall.

Although IoT manufacturers and Internet standard creators have a huge role to play in securing these vulnerable devices, consumers must also require taking some personal responsibility for safeguarding their own devices.

 

[crazed 9.6]

Mirai malware scans for Internet of Things (IoT) devices that are still using their default passwords and then enslaves those devices into a botnet, which is then used to launch DDoS attacks.

Monday, November 28, 2016
Mohit Kumar
thehackernews.com

Mirai Botnet is getting stronger and more notorious each day that passes by. The reason: Insecure Internet-of-things Devices.

Last month, the Mirai botnet knocked the entire Internet offline for a few hours, crippling some of the world's biggest and most popular websites.

Now, more than 900,000 broadband routers belonging to Deutsche Telekom users in Germany knocked offline over the weekend following a supposed cyber-attack, affecting the telephony, television, and internet service in the country.

The German Internet Service Provider, Deutsche Telekom, which offers various services to around 20 Million customers, confirmed on Facebook that as many as 900,000 customers suffered internet outages on Sunday and Monday.

Millions of routers are said to have vulnerable to a critical Remote code Execution flaw in routers made by Zyxel and Speedport, wherein Internet port 7547 open to receive commands based on the TR-069 and related TR-064 protocols, which are meant to use by ISPs to manage your devices remotely.

The same vulnerability affects Eir D1000 wireless routers (rebranded Zyxel Modem) deployed by Irish internet service provider Eircom, while there are no signs that these routers are actively exploited.

According to Shodan search, around 41 Million devices leave port 7547 open, while about 5 Million expose TR-064 services to the outside world.

According to an advisory published by the SANS Internet Storm Center, honeypot servers posing as vulnerable routers are receiving exploit code every 5-10 minutes for each target IP.

An intercepted packet showed how a remote code execution flaw in the <NewNTPServer> part of a SOAP request was used to download and execute a file in order to infect the vulnerable device.

Security researchers at BadCyber also analyzed one of the malicious payloads that were delivered during the attacks and discovered that the attack originated from a known Mirai's command-and-control server.

"The unusual application of TR-064 commands to execute code on routers has been described for the very first time at the beginning of November, and a few days later a relevant Metasploit module had appeared," BadCyber wrote in a blog post. "It looks like someone decided to weaponize it and create an Internet worm based on Mirai code."

It all started early October when a cyber criminal publicly released the source code of Mirai, a piece of nasty IoT malware designed to scan for insecure IoT devices – mostly routers, cameras, and DVRs – and enslaves them into a botnet network, which is then used to launch DDoS attacks.

The hacker created three separate exploit files in order to infect three different architectures: two running different types of MIPS chips and one with ARM silicon.

he malicious payloads open the remote administration interface and then attempt to log in using three different default passwords. After this is done, the exploit then closes port 7547 in order to prevent other attackers from taking control of the infected devices.

"Logins and passwords are obfuscated (or "encrypted") in the worm code using the same algorithm as does Mirai," the researchers say. "The C&C server resides under timeserver.host domain name, which can be found on the Mirai tracker list."

More in-depth technical details about the vulnerability can be found on ISC Sans, Kaspersky Lab, and Reverse Engineering Blog.

Deutsche Telekom has issued an emergency patch for two models of its Speedport broadband routers – Speedport W 921V, Speedport W 723V Type B – and currently rolling out firmware updates.