Akamai disrupts massive DDoS, Australia faces spyware charges

Akamai disrupts record DDoS in Europe

The CDN provider reports that it has foiled the largest DDoS attack ever launched on the continent. The attack lasted 30 days, peaking on July 21 with peaks of 853.7 gigabits per second over a 14-hour period. The attack targeted an anonymous Akamai customer in Eastern Europe and used UDP as a vector, rather than HTTPS. Based on analysis of the attack, Akamai believes it used “a highly sophisticated global botnet of compromised devices to orchestrate this campaign.” Last April, Kaspersky announced that DDoS attacks hit a record high in the first quarter, up 46% from the fourth quarter.

(The register)

Australian man faces spyware charges

Australian Federal Police have arrested an unnamed 24-year-old Australian, charging him with six counts related to the creation of the Imminent Monitor remote access Trojan. The individual is said to have created the RAT when he was 15 years old, eventually selling it to more than 14,500 people in 128 countries. The tool can usually be found on hacking forums for around $25, allowing customers to record keystrokes or activate webcams and microphones. It is estimated to have generated up to $400,000 in revenue through 2019 when it was taken down with a coordinated global law enforcement operation called Operation Cepheus.

(The record)

Meta accused of failing to tackle hate speech in Kenya

Last week, Kenya’s National Cohesion and Integration Commission accused Meta’s Facebook platform of failing to properly address hate speech and incitement on its platform ahead of the August 9 elections in the country. The NCIC said it was consulting with the Kenya Communications Authority to recommend Facebook’s suspension. While government officials criticized decisions taken haphazardly with content moderation on the platform, several promised that the platform would not be shut down in the country as a result. Several experts have blamed this content on a lack of Kenya-specific content training for Facebook’s AI moderation tools, and a lack of human moderators with local context.

(Reuters)

Indonesia blocks sites that violate registration rules

Indonesia’s Communications Ministry said it had blocked access to Yahoo, PayPal and several gaming sites, including Steam and Epic Games, citing the inability to properly register with authorities. Under the rules, companies must register with the regulator, which has the power to compel platforms to release user data and remove illegal content within 24 hours. Regulators announced the rules in November 2020 and companies had to come into compliance last week. Reuters reports that several companies rushed to meet the deadline, including Meta. Officials say the government may reopen access to PayPal for a short time to allow users to withdraw deposits, and will unblock sites once properly registered.

(Reuters)

Thanks to today’s episode sponsor, HYAS

Cybercriminals do their best to cover their tracks, but no matter what, they always leave a trail. HYAS Insight gives you access to all the data you need to trace an attack back to its source. This helps you map the complete attack campaign infrastructure, allowing you to proactively defend against future attacks and even potentially provide key data to law enforcement.

Take your cybersecurity investigations further than you ever thought possible with HYAS Insight.

Visit HYAS.com

Researchers find apps that leak Twitter keys

A new report from CloudSEK security researchers documents 3,207 apps that leak legitimate consumer key and consumer secret information. Of these, 230 apps leaked the four authentication credentials needed to fully take control of the Twitter account. These leaked credentials could be automatically harvested by a malicious operation to enroll the affected accounts into a larger coordinated army of bots. The researchers noted that other apps in the past have leaked secret keys for GitHub, AWS, HubSpot, and Razorpay accounts. CloudSEK recommends that organizations review code for directly hard-coded API keys and periodically rotate keys to help reduce the explosion radius caused by a leak.

(Pirate News)

Data brokers sell access to ‘actively pregnant’ user profiles

An investigation by Gizmodo found that 32 different data brokers across the United States were selling access to a unique mobile IDS from 2.9 billion profiles of people tagged as “active pregnant” or “purchasing products.” motherhood,” with another dataset of 478 million profiles tagged “interested in pregnancy.” It is unclear how many of these datasets overlap. Pricing for access to these profiles is based on customers reached by an ad, ranging from $0.49 per user to $2.25. Brokers collected data from people who shared data by registering with promotional sites, while others collected based on internal data analysis to correlate purchase activity with these categories. Brokers have obtained data through relationships with payment processors, through outright ownership of coupon sites, or through ad network partnerships with retailers.

(Gizmodo)

Samsung launches repair mode

The company has introduced a new repair mode for its Galaxy S21 line of smartphones in South Korea, under the Battery and Device Care settings. Once enabled, this will hide personal information, photos, messages, and linked account, making only pre-installed apps visible to repair technicians. No details on how this “masking” of content and settings works. Whether it saves the state of the device to an encrypted partition and replaces it with a stored device image, potentially making it a security measure, or whether this information is simply hidden from view by a technician . The company plans to roll out repair mode to other models in the future, but it’s unclear if it will come to other markets.

(Engadget)

And now your Tuesday update “should have been patched”

Nozomi Networks researchers have discovered a flaw in Dahua IP cameras that could allow attackers to take control of them via Open Network Video Interface Forum authentication. Dahua patched the flaw on June 28. The GNU Project patched the GnuTLS cryptographic library to fix a memory mismanagement error that could allow malicious code to access a double-allocated block of memory.

(Security Affairs, Bare Security)

Comments are closed.