ICYMI: compromised Cert.D, largest breach, home automation, bitcoin bounty, CrypoWall 4.0 exploit
The latest In Case You Missed It (ICYMI) looks at compromised Cert.D, Russians in largest breach, vulnerable home automation, Bitcoin bounty on DDoS, CryptoWall 4.0 deliverd via Nuke EK.
Windows Defender comes to the rescue.
Microsoft has dealt the fatal blow to bad certificates which were pre-loaded onto Dell laptops. It has programmed its Windows Defender to root out the nefarious certificate for which the private keys were leaked online.
A suspected Russian hacker claiming to have stolen 1.2 billion unique email and password combinations is being pursued by the FBI. The hacker has also offered access to hacked social media accounts. In August 2014 Alex Holden, CISO of Hold Security in Milwaukee, USA, told the FBI that he'd found, “what could be arguably the largest data breach known to date.”Internet of malicious things: Yale home automation vulnerable
Penetration testing and vulnerability assessment firm MWR InfoSecurity has issued an advisory detailing a vulnerability it has discovered in the Yale Home System (Europe) Android application making it vulnerable to a man-in-the-middle attack due to TLS errors. The app itself acts as remote smartphone-based software to control the Yale Easy Fit SmartPhone alarm system with arm and disarm tasks as well as a camera function.News websites offer bitcoin bounty over DDoS attacker
CryptoCoinNews and Hacked offer a bounty of five bitcoins to catch blackmailer who is holding them to ransom with DDoS threat. CryptoCoinsNews (CCN) and its sister-site Hacked are offering a five bitcoin reward for information that leads to the arrest of an extortionist targeting them with a distributed denial of service attack.
CryptoWall 4.0 has been spotted being distributed not by the classical phishing campaign but by the ever-more prevalent Nuke exploit kit (EK). Heimdall Security CEO Morten Kjaersgaard confirmed to SCMagazineUK.com that “only today we have had multiple sightings of CryptoWall 4.0 delivery via Nuclear EK from a range of websites".