Robert M. Lee’s & Jeff Haas’ Little Bobby Comics – ‘WEEK 312’

via the respected information security capabilities of Robert M. Lee & the superlative illustration talents of Jeff Haas at Little Bobby Comics!

Permalink

The post Robert M. Lee’s & Jeff Haas’ Little Bobby Comics – ‘WEEK 312’ appeared first on Security Boulevard.

Read More

The post Robert M. Lee’s & Jeff Haas’ Little Bobby Comics – ‘WEEK 312’ appeared first on Malware Devil.

https://malwaredevil.com/2021/01/17/robert-m-lees-jeff-haas-little-bobby-comics-week-312/?utm_source=rss&utm_medium=rss&utm_campaign=robert-m-lees-jeff-haas-little-bobby-comics-week-312

DEF CON 28 Safe Mode IoT Village – Deral Heiland’s NAND Flash Recovering File Systems’

Many thanks to DEF CON and Conference Speakers for publishing their outstanding presentations; of which, originally appeared at the organization’s DEFCON 28 SAFE MODE Conference, and on the DEF CON YouTube channel. Enjoy!

Permalink

The post DEF CON 28 Safe Mode IoT Village – Deral Heiland’s NAND Flash Recovering File Systems’ appeared first on Security Boulevard.

Read More

The post DEF CON 28 Safe Mode IoT Village – Deral Heiland’s NAND Flash Recovering File Systems’ appeared first on Malware Devil.

https://malwaredevil.com/2021/01/17/def-con-28-safe-mode-iot-village-deral-heilands-nand-flash-recovering-file-systems/?utm_source=rss&utm_medium=rss&utm_campaign=def-con-28-safe-mode-iot-village-deral-heilands-nand-flash-recovering-file-systems

No Surrender: Some Whites Still Believe US Civil War Wasn’t Lost

From the history of a Japanese soldier, comes insight into Americans today In the Spring of 1974, 2nd Lt. Hiroo Onoda of the Japanese army made world headlines when he emerged from the Philippine jungle after a thirty-year ordeal. Hunted in turn by American troops, the Philippine army and police, hostile islanders, and eventually successive … Continue reading No Surrender: Some Whites Still Believe US Civil War Wasn’t Lost →

The post No Surrender: Some Whites Still Believe US Civil War Wasn’t Lost appeared first on Security Boulevard.

Read More

The post No Surrender: Some Whites Still Believe US Civil War Wasn’t Lost appeared first on Malware Devil.

https://malwaredevil.com/2021/01/17/no-surrender-some-whites-still-believe-us-civil-war-wasnt-lost/?utm_source=rss&utm_medium=rss&utm_campaign=no-surrender-some-whites-still-believe-us-civil-war-wasnt-lost

Unemployment Benefits Claims Fraud: New Threats for 2021

The numbers are simply staggering. According to CNBC, the U.S. lost more than $36 billion in unemployment benefits due to improper payments since the CARES Act was passed in the spring.   Yes, the federal government and states are taking steps to adjust, but will it be enough to stop the fraud as benefits are..

The post Unemployment Benefits Claims Fraud: New Threats for 2021 appeared first on Security Boulevard.

Read More

The post Unemployment Benefits Claims Fraud: New Threats for 2021 appeared first on Malware Devil.

https://malwaredevil.com/2021/01/17/unemployment-benefits-claims-fraud-new-threats-for-2021/?utm_source=rss&utm_medium=rss&utm_campaign=unemployment-benefits-claims-fraud-new-threats-for-2021

New Release of Sysmon Adding Detection for Process Tampering, (Sun, Jan 17th)

Version 13.01 of Sysmon was released, a Windows Sysinternals tool to monitor and log system activity.

This version adds detection for process tampering, like process hollowing and process herpaderping. You use ProcessTampering in your configuration to activate it.

Here is an example of process hollowing detection:

Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com DidierStevensLabs.com

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Read More

The post New Release of Sysmon Adding Detection for Process Tampering, (Sun, Jan 17th) appeared first on Malware Devil.

https://malwaredevil.com/2021/01/17/new-release-of-sysmon-adding-detection-for-process-tampering-sun-jan-17th/?utm_source=rss&utm_medium=rss&utm_campaign=new-release-of-sysmon-adding-detection-for-process-tampering-sun-jan-17th

Pcaps and the Tools That Love Them Part 1 of ???

There are many pcap tools available and which ones you use really depends on what you’re using them for. Some are very good at just giving you the raw data, others parse the data and show you certain types of packets..

But maybe we should back up one step and define what we’re taking about. What is a pcap? Simply put, a pcap is a binary file that contains packets captured off of a network interface.

How much data, and which fields depends on the manner that you capture the packets. We’ll look at some of those options as look at tcpdump. I won’t spend a lot of time on that tool because many people are familiar with it, at least the basics. It’s actually a powerful tool when combined with BPFs, but we’ll cover that as well later.

BPFs is short for Berkeley Packet Filters and they allow pcap tools to get granular down to the bit, the BIT, level in specifying what header fields you want to see. For example, the TCP flags are each one bit in size. With BPFs you can specify to your tool to only show you packets that the SYN flag is set. Or SYN and any other combination of flags

The simplest BPFs are built in to tcpdump. As Brandon pointed out “tcp” and “port” are primitives. Others include udp, src dst, icmp, host and ether and net.

Other tools built on the libpcap library can use them as well, tools like ngrep and  tshark.

An example would be tcpdump -nn -i eth0 ‘tcp and port 23’ (edited) 

This would tell tcpdump to listen on the eth0 interface, don’t resolve hostnames, don’t do port resolution, and only show packets that are the TCP protocol and either the source or destination port is 23.

If we only wanted to see traffic going to port 23, we could add the primitive dst in front of port.

tcpdump -nn -i eth0 ‘tcp and dst port 23’

Get into the habit of putting your BPF’s into single quotes.

It will make no difference using simple BPFs like “port 80 or port 443”, but when you get into complex BPFs using bitmasking, it will keep you from getting syntax errors.

So why use the -nn options, that disable name and port resolution? There are several reasons. One reason is speed and efficiency. 

If your sniffing a fast, busy segment and have to do a DNS lookup on every address, it will slow tcpdump down to the point of starting to drop packets. 

Another reason is if you’re monitoring malicious traffic and the attacker controls his/her nameserver, they will see the DNS lookup and know they’re being monitored by you. 

Port resolution is done using nmaps own services file, nmap-services instead of the default one in /etc/. This is a mapping of ports to services, so when tcpdump sees port 80 it substitutes http for 80. 

But can other services be bound to port 80? If you’re root you can bind any service you like to any port you want. That port 80 traffic could be any protocol. So we’ll bypass the commonly used ports and see what the traffic is ourselves.

The post Pcaps and the Tools That Love Them Part 1 of ??? appeared first on Security Boulevard.

Read More

The post Pcaps and the Tools That Love Them Part 1 of ??? appeared first on Malware Devil.

https://malwaredevil.com/2021/01/17/pcaps-and-the-tools-that-love-them-part-1-of/?utm_source=rss&utm_medium=rss&utm_campaign=pcaps-and-the-tools-that-love-them-part-1-of

Malware protection is easy – Malinformation protection is hard

Whenever it seems like the challenges of protecting my employer from risks to information security or business continuity are towering above me, I stop and…

The post Malware protection is easy – Malinformation protection is hard appeared first on Security Boulevard.

Read More

The post Malware protection is easy – Malinformation protection is hard appeared first on Malware Devil.

https://malwaredevil.com/2021/01/16/malware-protection-is-easy-malinformation-protection-is-hard/?utm_source=rss&utm_medium=rss&utm_campaign=malware-protection-is-easy-malinformation-protection-is-hard

New SwiftR Chapter Up: Building an R-backed SwiftUI macOS App

Last week I introduced a new bookdown series on how to embed R into a macOS Swift application. The initial chapters focused on core concepts and showed how to build a macOS compiled, binary command line application that uses embedded R for some functionality. This week, a new chapter is up that walks you though… Continue reading →

The post New SwiftR Chapter Up: Building an R-backed SwiftUI macOS App appeared first on Security Boulevard.

Read More

The post New SwiftR Chapter Up: Building an R-backed SwiftUI macOS App appeared first on Malware Devil.

https://malwaredevil.com/2021/01/16/new-swiftr-chapter-up-building-an-r-backed-swiftui-macos-app/?utm_source=rss&utm_medium=rss&utm_campaign=new-swiftr-chapter-up-building-an-r-backed-swiftui-macos-app

WhatsApp Delays Controversial ‘Data-Sharing’ Privacy Policy Update By 3 Months

WhatsApp said on Friday that it wouldn’t enforce its recently announced controversial data sharing policy update until May 15.

Originally set to go into effect next month on February 8, the three-month delay comes following “a lot of misinformation” about a revision to its privacy policy that allows WhatsApp to share data with Facebook, sparking widespread concerns about the exact kind of information that will be shared under the incoming terms.

The Facebook-owned company has since repeatedly clarified that the update does not expand its ability to share personal user chats or other profile information with Facebook and is instead simply providing further transparency about how user data is collected and shared when using the messaging app to interact with businesses.

“The update includes new options people will have to message a business on WhatsApp, and provides further transparency about how we collect and use data,” WhatsApp said in a post.

“While not everyone shops with a business on WhatsApp today, we think that more people will choose to do so in the future and it’s important people are aware of these services. This update does not expand our ability to share data with Facebook.”

On January 6, WhatsApp began alerting its 2 billion users of a new privacy policy and terms as part of its broader efforts to integrate WhatsApp better with other Facebook products and amidst its plans to transform WhatsApp into a commerce and business services provider.

Under the proposed terms — which are about how businesses manage their chats on WhatsApp using Facebook’s hosting services — WhatsApp would share additional data with Facebook such as phone number, service-related information, IP address, and transaction data for those who use the business chat feature.

The pop-up notification also gave users an ultimatum to accept the new policy by February 8 or risk losing their ability to use the app altogether.

The confusion surrounding the update, coupled with no other option to disagree beyond shutting down the account, has led to further scrutiny in India, Italy, and Turkey, not to mention an exodus of users to privacy-focused messaging competitors such as Signal and Telegram.

In the intervening days, Signal has become one of the most downloaded apps on Android and iOS, in part boosted by a tweet from Tesla CEO Elon Musk, who urged his followers to “Use Signal.” Earlier this week, Telegram said that it surpassed the 500 million active user mark, gaining over 25 million new users worldwide in 72 hours.

It’s worth noting that WhatsApp has in fact shared some user account information with Facebook since 2016, such as phone numbers, except for those who opted out of the sharing when it revamped the privacy policy that year and gave users a one-time ability not to have their account data turned over to Facebook.

WhatsApp, in a separate FAQ published this week, tried to set the record straight by stressing that it “cannot see your personal messages or hear your calls, and neither can Facebook,” and that it does not share users’ contacts and location information to its parent company.

With the company walking back some of its previous messaging, it remains to be seen if the extra time will help it tide over the controversy and “clear up the misinformation around how privacy and security works on WhatsApp.”

Found this article interesting? Follow THN on Facebook, Twitter and LinkedIn to read more exclusive content we post.

Read More

The post WhatsApp Delays Controversial ‘Data-Sharing’ Privacy Policy Update By 3 Months appeared first on Malware Devil.

https://malwaredevil.com/2021/01/16/whatsapp-delays-controversial-data-sharing-privacy-policy-update-by-3-months-3/?utm_source=rss&utm_medium=rss&utm_campaign=whatsapp-delays-controversial-data-sharing-privacy-policy-update-by-3-months-3

DEF CON 28 Safe Mode IoT Village – Dewank Pant’s & Shruti Lohani’s ‘Your Connected World Isn’t Yours Now’

Many thanks to DEF CON and Conference Speakers for publishing their outstanding presentations; of which, originally appeared at the organization’s DEFCON 28 SAFE MODE Conference, and on the DEF CON YouTube channel. Enjoy!

Permalink

The post DEF CON 28 Safe Mode IoT Village – Dewank Pant’s & Shruti Lohani’s ‘Your Connected World Isn’t Yours Now’ appeared first on Security Boulevard.

Read More

The post DEF CON 28 Safe Mode IoT Village – Dewank Pant’s & Shruti Lohani’s ‘Your Connected World Isn’t Yours Now’ appeared first on Malware Devil.

https://malwaredevil.com/2021/01/16/def-con-28-safe-mode-iot-village-dewank-pants-shruti-lohanis-your-connected-world-isnt-yours-now/?utm_source=rss&utm_medium=rss&utm_campaign=def-con-28-safe-mode-iot-village-dewank-pants-shruti-lohanis-your-connected-world-isnt-yours-now

XKCD ‘1/100,000th Scale World’

via the comic delivery system monikered Randall Munroe resident at XKCD!

Permalink

The post XKCD ‘1/100,000th Scale World’ appeared first on Security Boulevard.

Read More

The post XKCD ‘1/100,000th Scale World’ appeared first on Malware Devil.

https://malwaredevil.com/2021/01/16/xkcd-1-100000th-scale-world/?utm_source=rss&utm_medium=rss&utm_campaign=xkcd-1-100000th-scale-world

Joker’s Stash, The Largest Carding Marketplace, Announces Shutdown

Joker’s Stash, the largest dark web marketplace notorious for selling compromised payment card data, has announced plans to shut down its operations on February 15, 2021.
In a message board post on a Russian-language underground cybercrime forum, the operator of the site — who goes by the name “JokerStash” — said “it’s time for us to leave forever” and that “we will never ever open again,”
Read More

The post Joker’s Stash, The Largest Carding Marketplace, Announces Shutdown appeared first on Malware Devil.

https://malwaredevil.com/2021/01/16/jokers-stash-the-largest-carding-marketplace-announces-shutdown-2/?utm_source=rss&utm_medium=rss&utm_campaign=jokers-stash-the-largest-carding-marketplace-announces-shutdown-2

WhatsApp Delays Controversial ‘Data-Sharing’ Privacy Policy Update By 3 Months

WhatsApp said on Friday that it wouldn’t enforce its recently announced controversial data sharing policy update until May 15.
Originally set to go into effect next month on February 8, the three-month delay comes following “a lot of misinformation” about a revision to its privacy policy that allows WhatsApp to share data with Facebook, sparking widespread concerns about the exact kind of
Read More

The post WhatsApp Delays Controversial ‘Data-Sharing’ Privacy Policy Update By 3 Months appeared first on Malware Devil.

https://malwaredevil.com/2021/01/16/whatsapp-delays-controversial-data-sharing-privacy-policy-update-by-3-months/?utm_source=rss&utm_medium=rss&utm_campaign=whatsapp-delays-controversial-data-sharing-privacy-policy-update-by-3-months

Obfuscated DNS Queries, (Fri, Jan 15th)

This week I started seeing some URL with /dns-query?dns in my honeypot[1][2]. The queries obviously did not look like a standard DNS queries, this got me curious and then proceeded to investigate to determine what these DNS query were trying to resolve.

But before proceeding, I have logs going back to May 2018 and reviewed the logs to see when this activity was first captured. The first time the honeypot logged something similar was in February 2020 with one long query that was different to all other queries. All the logs are targeting TCP/443 and are unencrypted.

Using base64 URL safe option in CyberChef, I was able to decode the DNS information for the 3 different queries. The first query captured in February 2020 appears to be a test (see decoded information below). The other two resolve to a URL: one as a test (www.example[.]com) and the other to Baidu search engine (www.baidu[.]com).

Sample Logs

• tcp-honeypot-20200212-195552.log:20200226-230039: 192.168.25.9:443-54.153.67.242:59822 data ‘GET /dns-query?dns=AAABAAABAAAAAAAAAWE-NjJjaGFyYWN0ZXJsYWJlbC1tYWtlcy1iYXNlNjR1cmwtZGlzdGluY3QtZnJvbS1zdGFuZGFyZC1iYXNlNjQHZXhhbXBsZQNjb20AAAEAAQ HTTP/1.1rnHost: XX.30.102.198:443rnConnection: closernAccept-Encoding: gziprnUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36rnrn’
• tcp-honeypot-20200413-081332.log:20200413-171212: 192.168.25.9:443-195.37.190.77:40634 data ‘GET /dns-query?dns=AAABAAABAAAAAAAAA3d3dwdleGFtcGxlA2NvbQAAAQAB HTTP/1.1rnHost: XX.30.102.198rnUser-Agent: Go-http-client/1.1rnAccept-Encoding: gziprnConnection: closernrn’

[…]

• 20210112-110540: 192.168.25.9:443-39.96.138.251:60736 data ‘GET /dns-query?dns=AAABAAABAAAAAAAAA3d3dwViYWlkdQNjb20AAAEAAQ HTTP/1.1rnHost: XX.49.33.78rnUser-Agent: Go-http-client/1.1rnAccept: application/dns-messagernAccept-Encoding: gziprnConnection: closernrn’
• 20210113-040125: 192.168.25.9:443-161.117.239.46:49778 data ‘GET /dns-query?dns=AAABAAABAAAAAAAAA3d3dwViYWlkdQNjb20AAAEAAQ HTTP/1.1rnHost: XX.49.33.78rnUser-Agent: Go-http-client/1.1rnAccept: application/dns-messagernAccept-Encoding: gziprnConnection: closernrn’

Base64 Decoded Queries

• AAABAAABAAAAAAAAAWE-NjJjaGFyYWN0ZXJsYWJlbC1tYWtlcy1iYXNlNjR1cmwtZGlzdGluY3QtZnJvbS1zdGFuZGFyZC1iYXNlNjQHZXhhbXBsZQNjb20AAAEAAQ ………….a>62characterlabel-makes-base64url-distinct-from-standard-base64.example.com…..
• AAABAAABAAAAAAAAA3d3dwViYWlkdQNjb20AAAEAAQ   ………….www.baidu.com…..
• AAABAAABAAAAAAAAA3d3dwdleGFtcGxlA2NvbQAAAQAB ………….www.example.com…..

DNS Queries by Base64 String

• IP Activity resolving to www.example[.]com has been active since April 2020 with 2 packets per month.
• User-Agent → Mozilla/5.0 (compatible; DNSResearchBot/2.1; +http://195.37.190.77)

195.37.190[.]77

====================

• IP Activity resolving to www.baidu[.]com only started in December 2020 and has been active since then.
• User-Agent → Go-http-client/1.1

39.96.138[.]251
39.96.139[.]173
39.96.139[.]223
39.96.140[.]32
47.74.84[.]52
47.241.66[.]187
54.153.67[.]242

====================

• IP Activity resolving to 62characterlabel-makes-base64url-distinct-from-standard-base64.example.com only seen once in February 2020 which appears to be only a test.
• Something interesting, 62characterlabel-makes-base64url-distinct-from-standard-base64 is equal to 62 characters
• User-Agent → Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36

161.117.239[.]46

====================

Do you have similar obfuscated DNS queries in your logs? Please use our comment form to share them.

[1] https://github.com/DidierStevens/Beta/blob/master/tcp-honeypot.py
[2] https://www.inetsim.org/documentation.html
[3] https://gchq.github.io/CyberChef/

———–
Guy Bruneau IPSS Inc.
My Handler Page
Twitter: GuyBruneau
gbruneau at isc dot sans dot edu

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Read More

The post Obfuscated DNS Queries, (Fri, Jan 15th) appeared first on Malware Devil.

https://malwaredevil.com/2021/01/16/obfuscated-dns-queries-fri-jan-15th/?utm_source=rss&utm_medium=rss&utm_campaign=obfuscated-dns-queries-fri-jan-15th

NSA Suggests Enterprises Use ‘Designated’ DNS-over-HTTPS’ Resolvers

The U.S. National Security Agency (NSA) on Friday said DNS over HTTPS (DoH) — if configured appropriately in enterprise environments — can help prevent “numerous” initial access, command-and-control, and exfiltration techniques used by threat actors.

“DNS over Hypertext Transfer Protocol over Transport Layer Security (HTTPS), often referred to as DNS over HTTPS (DoH), encrypts DNS requests by using HTTPS to provide privacy, integrity, and ‘last mile’ source authentication with a client’s DNS resolver,” according to the NSA’s new guidance.

Proposed in 2018, DoH is a protocol for performing remote Domain Name System resolution via the HTTPS protocol.

One of the major shortcomings with current DNS lookups is that even when someone visits a site that uses HTTPS, the DNS query and its response is sent over an unencrypted connection, thus allowing third-party eavesdropping on the network to track every website a user is visiting.

Even worse, the setup is ripe for carrying out man-in-the-middle (MiTM) attacks simply by changing the DNS responses to redirect unsuspecting visitors to a malware-laced site of the adversary’s choice.

Thus by using HTTPS to encrypt the data between the DoH client and the DoH-based DNS resolver, DoH aims to increase user privacy and security by preventing eavesdropping and manipulation of DNS data by MiTM attacks.

To that effect, the NSA recommends using only designated enterprise DNS resolvers to achieve the desired cybersecurity defense, while noting that such resolvers will be bypassed completely when a client has DoH enabled and is configured to use a DoH resolver not designated by the enterprise.

The gateway, which is used to forward the query to external authoritative DNS servers in the event the enterprise DNS resolver does not have the DNS response cached, should be designed to block DNS, DoH, and DNS over TLS (DoT) requests to external resolvers and DNS servers that are not from the enterprise resolver, the agency added.

Although DoH protects DNS transactions from unauthorized modification, the NSA cautioned of a “false sense of security.”

“DoH does not guarantee protection from cyber threat actors and their ability to see where a client is going on the web,” it said. “DoH is specifically designed to encrypt only the DNS transaction between the client and resolver, not any other traffic that happens after the query is satisfied.”

“Enterprises that allow DoH without a strategic and thorough approach can end up interfering with network monitoring tools, preventing them from detecting malicious threat activity inside the network, and allowing cyber threat actors and malware to bypass the designated enterprise DNS resolvers.”

What’s more, the encryption does nothing to prevent the DNS provider from seeing both the lookup requests as well as the IP address of the client making them, effectively undermining privacy protections and making it possible for a DNS provider to create detailed profiles based on users’ browsing habits.

Oblivious DNS-over-HTTPS (ODoH), announced last month by engineers at Apple, Cloudflare, and Fastly, aims to address this issue. It prevents the DoH resolver from knowing which client requested what domain names bypassing all requests via a proxy that separates the IP addresses from the queries, “so that no single entity can see both at the same time.”

Put differently, this means the proxy does not know the contents of queries and responses, and the resolver does not know the IP addresses of the clients.

Secondly, the use of DoH also doesn’t negate the possibility that resolvers that communicate with malicious servers upstream could still be susceptible to DNS cache poisoning.

“DNSSEC should be used to protect the upstream responses, but the DoH resolver may not validate DNSSEC,” the NSA said. “Enterprises that do not realize which parts of the DNS process are vulnerable could fall into a false sense of security.”

Found this article interesting? Follow THN on Facebook, Twitter and LinkedIn to read more exclusive content we post.

Read More

The post NSA Suggests Enterprises Use ‘Designated’ DNS-over-HTTPS’ Resolvers appeared first on Malware Devil.

https://malwaredevil.com/2021/01/16/nsa-suggests-enterprises-use-designated-dns-over-https-resolvers/?utm_source=rss&utm_medium=rss&utm_campaign=nsa-suggests-enterprises-use-designated-dns-over-https-resolvers

Joker’s Stash, The Largest Carding Marketplace, Announces Shutdown

Joker’s Stash, the largest dark web marketplace notorious for selling compromised payment card data, has announced plans to shut down its operations on February 15, 2021.

In a message board post on a Russian-language underground cybercrime forum, the operator of the site — who goes by the name “JokerStash” — said “it’s time for us to leave forever” and that “we will never ever open again,” according to twin reports from cybersecurity firms Gemini Advisory and Intel471.

“Joker goes on a well-deserved retirement. Joker’s Stash is closing,” the post read. “When we opened years ago, nobody knew us. Today we are one of the largest cards/dumps marketplace[s].”

The exact reason for the shut down is still unclear.

Joker’s Stash, since its origins in 2014, emerged as one of the biggest players in the underground payment card economy over the years, with over $1 billion generated in revenues.

The news of the imminent shutdown comes weeks after the US Federal Bureau of Investigation (FBI) and Interpol allegedly seized proxy servers used in connection with Blockchain-based domains belonging to the site last month, briefly disrupting its operations.

Adding to the mounting troubles was a “severe decline” in the volume of stolen data posted on the site, leading to complaints from clients about the poor quality of the payment card data.

Then in late October, the site’s routine activities also suffered after the actor who allegedly runs the site claimed to have contracted COVID-19 and had been spending more than one week in a hospital.

Gemini Advisory pointed to Bitcoin’s recent spike as another reason that may have led to the website’s demise.

Bitcoin hit a record high of $40,000 last week, lifting the total value of the cryptocurrency market above $1 trillion for the first time ever.

“JokerStash was an early advocate of Bitcoin and claims to keep all proceeds in this cryptocurrency,” the researchers said. “This actor was already likely to be among the wealthiest cybercriminals, and the spike may have multiplied their fortune, earning them enough money to retire.”

Joker’s Stash’s shut down isn’t the end of the road, however, as vendors are expected to transition to other dark web marketplaces to advertise their services.

The site’s administrator had a few parting words of advice for cybercriminals.

“We are also want to wish all young and mature ones cyber-gangsters not to lose themselves in the pursuit of easy money (sic),” the post concluded. “Remember, that even all the money in the world will never make you happy and that all the most truly valuable things in this life are free.”

Found this article interesting? Follow THN on Facebook, Twitter and LinkedIn to read more exclusive content we post.

Read More

The post Joker’s Stash, The Largest Carding Marketplace, Announces Shutdown appeared first on Malware Devil.

https://malwaredevil.com/2021/01/16/jokers-stash-the-largest-carding-marketplace-announces-shutdown/?utm_source=rss&utm_medium=rss&utm_campaign=jokers-stash-the-largest-carding-marketplace-announces-shutdown

NSA Appoints Rob Joyce as Cyber Director

Subscribe to Newsletters

Webinar Archives

White Papers

From MFA to Zero Trust

Two-Factor Evaluation Guide

Seven recommendations for a Successful SD-WAN Strategy

ROI Study: Economic Validation Report of the Anomali Threat Intelligence Platform

Threat Intelligence Solutions: A SANS Review of Anomali ThreatStream

More White Papers

Video

All Videos

Cartoon

Latest Comment: This comment is waiting for review by our moderators.

Cartoon Archive

Current Issue

2020: The Year in SecurityDownload this Tech Digest for a look at the biggest security stories that – so far – have shaped a very strange and stressful year.

Back Issues | Must Reads

Flash Poll

All Polls

Assessing Cybersecurity Risk in Today’s Enterprises
COVID-19 has created a new IT paradigm in the enterprise — and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.

Download Now!

The Malware Threat Landscape

0 comments

How Data Breaches Affect the Enterprise (2020)

0 comments

Building an Effective Cybersecurity Incident Response Team

0 comments

More Reports

Twitter Feed

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database
CVE-2020-25533
PUBLISHED: 2021-01-15

An issue was discovered in Malwarebytes before 4.0 on macOS. A malicious application was able to perform a privileged action within the Malwarebytes launch daemon. The privileged service improperly validated XPC connections by relying on the PID instead of the audit token. An attacker can construct …

CVE-2021-3162
PUBLISHED: 2021-01-15

Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation.

CVE-2021-21242
PUBLISHED: 2021-01-15

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which can lead to pre-auth remote code execution. AttachmentUploadServlet deserializes untrusted data from the `Attachment-Support` header. This Servlet does not enforce any authentication or a…

CVE-2021-21245
PUBLISHED: 2021-01-15

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, AttachmentUploadServlet also saves user controlled data (`request.getInputStream()`) to a user specified location (`request.getHeader("File-Name")`). This issue may lead to arbitrary file upload which can be used to u…

CVE-2021-21246
PUBLISHED: 2021-01-15

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, the REST UserResource endpoint performs a security check to make sure that only administrators can list user details. However for the `/users/` endpoint there are no security checks enforced so it is possible to retrieve ar…

The post NSA Appoints Rob Joyce as Cyber Director appeared first on Malware Devil.

https://malwaredevil.com/2021/01/15/nsa-appoints-rob-joyce-as-cyber-director-3/?utm_source=rss&utm_medium=rss&utm_campaign=nsa-appoints-rob-joyce-as-cyber-director-3

Tractors, Pod Ice Cream and Lipstick Awarded CES 2021 Worst in Show

Expert panel awards dubious honors to 2021 Consumer Electronics Show’s biggest flops, including security and privacy failures.
Read More

The post Tractors, Pod Ice Cream and Lipstick Awarded CES 2021 Worst in Show appeared first on Malware Devil.

https://malwaredevil.com/2021/01/15/tractors-pod-ice-cream-and-lipstick-awarded-ces-2021-worst-in-show/?utm_source=rss&utm_medium=rss&utm_campaign=tractors-pod-ice-cream-and-lipstick-awarded-ces-2021-worst-in-show