Hacking, AppSec, and Bug Bounty newsletter
2018-04-25 | MITM attack targets Amazon Route 53, Operation GhostSecret, and Doxing on the Daily
Wednesday, April 25
Test run? About 1,300 addresses for Amazon Route 53 were rerouted for two hours using a man in the middle attack. The attackers managed to steal about $150,000 of currency from MyEtherWallet users. Given the scale of pulling off the attack, one theory is this was a test run. Researcher Kevin Beaumont said in his blog post “The security vulnerabilities in BGP and DNS are well known, and have been attacked before. This is the largest scale attack I have seen which combines both, and it underscores the fragility of internet security.”
OTHER ARTICLES WE’RE READING
Symantec’s Security Response Attack Investigation Team has identified a new attack group dubbed Orangeworm deploying the Kwampirs backdoor in a targeted attack campaign against the healthcare sector and related industries.
Operation GhostSecret, McAfee’s advanced threat research team published analysis that shows the GS campaign leverages multiple implants, tools, and malware variants associated with the state-sponsored cyber group Hidden Cobra.
Doxing on the daily: Facebook posts with sensitive personal information advertised by cyber criminals and not policed effectively per Motherboard article. This after Brian Krebs reported over 100 Facebook cybercrime groups with more than 300,000 members last week.
Not that way! @ziot writes about solving MonteCrypto, an UE4 crypto puzzle game, winning 1 BTC. This might be the most interesting thing you read this week.
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: email@example.com
Get this email forwarded to you? Click here to subscribe to the Zero Daily
On their end it's pure laziness to wait for an abuse report to stop post that are following a doxing template
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.