Razzle Dazzle v2.0
During World War I, British artist and navy officer Norman Wilkinson proposed the use of "Dazzle Camouflage" on ships. The concept behind Dazzle Camouflage, as Wilkinson explained, was to “paint...
High Stakes Gambling with Apple Stock
Miscreants are always trying to put new twists on age-old schemes. However, I must admit that this latest twist has me slightly puzzled. Today, Cisco TRAC encountered a piece of stock related spam touting Apple’s stock, AAPL.
The Phishing Grounds
On August 15, 2013, Brian Krebs featured a screen shot of a fake Outlook webmail login page used by the Syrian Electronic Army in a phishing attack against the Washington Post. If you look carefully at the location bar, you will note that the domain used in the phishing attack is ‘webmail.washpost.site88.net’.
Syrian Electronic Army Continues Spree: Cracks New York Times, Twitter and Huffington Post
The Syrian Electronic Army continues to hammer away at media organizations. This afternoon the Syrian Electronic Army appears to have compromised the registrar Melbourne IT which hosts the domains of notable media organizations like Twitter, The New York Times, and The Huffington Post.
Syrian Electronic Army Cracks ShareThis.com GoDaddy Account
ShareThis provides a mechanism for web surfers to share content online through a customizable widget. According to the information on their website, ShareThis interacts with “more than 94% of U.S. Internet users across more than 2 million publisher sites and 120+ social media channels.” On the evening of August 21, 2013, ShareThis reported that their […]
DEFCON 21 Wrapup
My first DEFCON was DEFCON Three, held at the Tropicana Hotel in Las Vegas. The computer security conference scene was much, much smaller back then, but DEFCON had already become THE security conference of the year. Since that time I’ve continued to regularly attend DEFCON, and over the years I have collected some very fond memories […]
Error Correction Using Response Policy Zones: Eliminating the Problem of Bitsquatting
A memory error is a condition that occurs any time one or more bits being read from memory have changed state from what was previously written. By even the most conservative of estimates Internet devices experience more than 600,000 memory errors per day. Cosmic radiation, operating a device outside its recommended environmental conditions, and defects […]
‘Hijacking’ of DNS Records from Network Solutions
UPDATE: This blog post is related to the redirection of domain name servers that occurred back in June 2013. This post is NOT related to the ongoing activity occuring July 16, 2013. Cisco TRAC is currently analyzing the ongoing issues with Network Solutions’ hosted domain names and has more information available here. Multiple organizations with […]
Scope of ‘KeyBoy’ Targeted Malware Attacks
On June 6, 2013, malwaretracker.com released an analysis of Microsoft Office-based malware that was exploiting a previously unknown vulnerability that was patched by MS12-060. The samples provided were alleged to be targeting Tibetan and Chinese Pro-Democracy Activists. On June 7, 2013, Rapid7 released an analysis of malware dubbed ‘KeyBoy,’ also exploiting unknown vulnerabilities in Microsoft Office, similarly patched by MS12-060, […]
Massive Canadian Pharmacy Spam Campaign
On Tuesday May 28, 2013 at 17:30 UTC a massive pharmaceutical-based spam campaign began, using the Subject: header “Only 24 Hours Left to Shop!”. Cisco witnessed volume rates peaking as high as 8 out of every 10 spam messages being sent. The indiscriminate nature of the attack’s recipients suggests that most anti-spam vendors, including Cisco, will have blocked […]
The Effects of #OpUSA
In the days leading up to #OpUSA, security professionals were busy making preparations for the supposed flood of new attacks coming on 7 May 2013. As we mentioned on 1 May 2013, publicly announced attacks of this nature can have highly volatile credibility. In some cases, the announcements exist only for the purpose of gaining notoriety. In […]
Watering Hole Attacks an Attractive Alternative to Spear Phishing
“Watering Hole” attacks, as evidenced by the recent attack involving the U.S. Department of Labor, are becoming increasingly popular as alternatives to attacks such as Spear Phishing. In a “Watering Hole” attack, the attacker compromises a site likely to be visited by a particular target group, rather than attacking the target group directly. Eventually, someone from […]
STOPhausDDoS: Suspect in Custody
Back in March, Seth Hanford wrote about a distributed denial of service (DDoS) attack aimed at the SpamHaus organization. Since then, there have been some new developments in the aftermath of the DDoS attack, most notably the arrest of the attackers’ spokesperson, Sven Olaf Kamphuis. Update On April 26, Kamphuis, STOPhaus activist and possibly the person […]