BuzzSec

A spear-phishing attack this week hooked a customer service employee at GoDaddy.com , the world’s largest domain name registrar, KrebsOnSecurity has learned. The incident gave the phisher the ability to view and modify key customer records, access that was used to change domain settings for a half-dozen GoDaddy customers, including transaction brokering site escrow.com . Escrow.com  helps people safely broker all sorts of transactions online (ironically enough, brokering domain sales is a big part of its business). For about two hours starting around 5 p.m. PT Monday evening, Escrow.com’s website looked radically different: Its homepage was replaced with a crude message in plain text: The profanity-laced message left behind by whoever briefly hijacked the DNS records for escrow.com. Image: Escrow.com DomainInvesting.com’s Elliot Silver picked up on the change and got a statement from Matt Barrie , the CEO of freelancer.com , which owns escrow.com. “During the incident, the hack

Today, an unprecedented percentage of the workforce is working remotely in an attempt to help slow the spread of COVID-19 in communities across the country. One question everyone should be asking is how to ensure business continues as usual – but in as secure a way as possible. from SBS CyberSecurity https://sbscyber.com/resources/mitigating-the-cybersecurity-risk-of-remote-work

Click here to download the complete analysis as a PDF. This report covers tactics and techniques tagged in Recorded Future® Platform sandbox submissions as mapped to the MITRE ATT&CK® framework over 2019. This report is designed for those familiar with ATT&CK, with particular relevance to security teams that rely on the framework to inform red and blue team exercises, penetration testing, threat hunting, and various security protocol prioritizations. Executive Summary In 2019, Recorded Future began integrating data regarding cyberattacker tactics, techniques, and procedures (TTPs) based on MITRE ATT&CK® into its data collection and analysis. As part of a review of these identifiers across sandbox submissions for the year, Recorded Future’s Insikt Group assembled a list of the top 10 most frequently referenced techniques. Our analysis of this data found that Defense Evasion was the predominant tactic observed in 2019, with the number one technique being Security Softwar

A federal court has ruled that violating a website's tems of service is not "hacking" under the Computer Fraud and Abuse Act. The plaintiffs wanted to investigate possible racial discrimination in online job markets by creating accounts for fake employers and job seekers. Leading job sites have terms of service prohibiting users from supplying fake information, and the researchers worried that their research could expose them to criminal liability under the CFAA, which makes it a crime to "access a computer without authorization or exceed authorized access." So in 2016 they sued the federal government, seeking a declaration that this part of the CFAA violated the First Amendment. But rather than addressing that constitutional issue, Judge John Bates ruled on Friday that the plaintiffs' proposed research wouldn't violate the CFAA's criminal provisions at all. Someone violates the CFAA when they bypass an access restriction like a password. But so

Click here to download the complete analysis as a PDF. Recorded Future analyzed data from several Western social media platforms from January 1 to March 9, 2020 to determine how the Chinese state exploits social media to influence Western public perceptions of the coronavirus disease 2019 (COVID-19) outbreak. This report details those techniques and campaigns using data acquired from the Recorded Future® Platform, social media sites, and other OSINT techniques. This report will be of most value to government departments, geopolitical scholars and researchers, and all users of social media. Executive Summary Over the course of 2019, we published research on Chinese English-language social media influence operations, revealed that they are seeded by state-run media, and that they generally present a positive, benign, and cooperative image of China. This research examines Chinese influence attempts during the novel coronavirus, known as the coronavirus disease 2019 (COVID-19) outbre

In 2018, KrebsOnSecurity unmasked the creators of Coinhive — a now-defunct cryptocurrency mining service that was being massively abused by cybercriminals — as the administrators of a popular German language image-hosting forum. In protest of that story, forum members donated hundreds of thousands of euros to nonprofits that combat cancer (Krebs means “cancer” in German). This week, the forum is celebrating its third annual observance of that protest to “fight Krebs,” albeit with a Coronavirus twist. Images posted to the decidedly not-safe-for-work German-language image forum pr0gramm[.]com. Members have posted a large number of ‘thank you’ receipts from cancer research organizations that benefited from their fight cancer/krebs campaign. On March 26, 2018, KrebsOnSecurity published  Who and What is Coinhive , which showed the founder of Coinhive was the co-creator of the German forum  pr0gramm[dot]com  (not safe for work).  I undertook the research because Coinhive’s code at the t

In this blog post, we will look at some simple JavaScript tricks for creating weaponized cross-site scripting (XSS) payloads. If less reading more videoing is your thing, watch this topic in webinar form here: https://www.trustedsec.com/events/webinar-popping-shells-instead-of-alert-boxes-weaponizing-xss-for-fun-and-profit/ Often, penetration testers use a simple alert(1) payload to demonstrate successful JavaScript execution when we identify an XSS vulnerability. While this effectively proves JavaScript execution, it fails to highlight the type of actions a malicious attacker might actually perform against a vulnerable web application. Developing a weaponized XSS payload can better demonstrate the possible next steps of a malicious adversary and is quite a bit of hacking fun as well. So, what can we do with an XSS vulnerability? Well, if sensitive session cookies are not set with the HttpOnly flag, we can read that session cookie value and send that to a third-party server we co