Farsight Security – Computer Security Articles

A Deep Dive on the Recent Widespread DNS Hijacking Attacks

February 18, 2019 admin A Little Sunshine, APNIC, Bill Woodcock, Cisco Talos, Comodo, CrowdStrike, data breaches, DHS, DNSpionage, dnssec, EPP, extensible provisioning protocol, Farsight Security, FireEye, Frobbit, ICANN, John Crain, Key Systems, Lars Michael Jogbäck, LetsEncrypt, Netnod, Packet Clearing House, Patrik Fältström, PCH, SecurityTrails, The Coming Storm, U.S. Department of Homeland Security

Credit to Author: BrianKrebs| Date: Mon, 18 Feb 2019 13:51:01 +0000

The U.S. government — along with a number of leading security companies — recently warned about a series of highly complex and widespread attacks that allowed suspected Iranian hackers to siphon huge volumes of email passwords and other sensitive data from multiple governments and private companies. But to date, the specifics of exactly how that attack went down and who was hit have remained shrouded in secrecy. This post seeks to document the extent of those attacks, and traces the origins of this overwhelmingly successful cyber espionage campaign back to a cascading series of breaches at key Internet infrastructure providers.

Independent Krebs

Got Robocalled? Don’t Get Mad; Get Busy.

June 25, 2017 admin Do Not Call registry, Farsight Security, Federal Communications Commission, Federal Trade Commission, Little Brook Media, Martin Toha. voip.com, Michael LaSalla, National Association of Credit Services Organizations, NoMoRobo, Other, ringless voicemails, Robby Birnbaum, robocalls, System Admin LLC, TrueCaller

Credit to Author: BrianKrebs| Date: Sun, 25 Jun 2017 15:24:16 +0000

Several times a week my cell phone receives the telephonic equivalent of spam: A robocall. On each occasion the call seems to come from a local number, but when I answer there is that telltale pause followed by an automated voice pitching some product or service. So when I heard from a reader who chose to hang on the line and see where one of these robocalls led him, I decided to dig deeper. This is the story of that investigation. Hopefully, it will inspire readers to do their own digging and help bury this annoying and intrusive practice.

Independent Krebs

Inside a Porn-Pimping Spam Botnet

June 15, 2017 admin 55687349, AmateurMatch, cecash, CyberErotica, Deniro Marketing, Farsight Security, Nmap, Other, Scott Philips, Scott Phillips, scott@cecash.com, spamhaus, Techcrunch, Voice Media

Credit to Author: BrianKrebs| Date: Thu, 15 Jun 2017 14:35:27 +0000

For several months I’ve been poking at a decent-sized spam botnet that appears to be used mainly for promoting adult dating sites. Having hit a wall in my research, I decided it might be good to publish what I’ve unearthed so far to see if this dovetails with any other research out there. In late October 2016, an anonymous source shared with KrebsOnSecurity.com a list of nearly 100 URLs that — when loaded into a Firefox browser — each displayed what appeared to be a crude but otherwise effective “counter” designed to report in real time how many “bots” were reporting in for duty. Here’s a set of archived screenshots of those counters illustrating how these various botnet controllers keep a running tab of how many “activebots” — hacked servers set up to relay spam — are sitting idly by and waiting for instructions.

Independent Krebs

Tracing Spam: Diet Pills from Beltway Bandits

April 19, 2017 admin American Registry for Internet Numbers, ARIN, C3T, dan@gtacs.com, Defense Point Security, Farsight Security, GTACS, Matthew Sodano, Other, Power Storm Technologies, Ron Guilmette, tracesystems.com

Credit to Author: BrianKrebs| Date: Wed, 19 Apr 2017 18:56:10 +0000

Reading junk spam messages isn’t exactly my idea of a good time, but sometimes fun can be had when you take a moment to check who really sent the email. Here’s the simple story of how a recent spam email advertising celebrity “diet pills” was traced back to a Washington, D.C.-area defense contractor that builds tactical communications systems for the U.S. military and intelligence communities.

Independent Krebs

Who Ran Leakedsource.com?

February 15, 2017 admin 231-343-0295, 68.41.238.208, abusewithus, abusing.rs, Alex Davros, Alexander Marcus Davros, Blackshades, Breachalarm, cyberpay.info, daily-streaming.com, desi parker, DomainTools.com, eadeh_andrew@yahoo.com, Farsight Security, FBI, HaveIBeenPwned.com, hyperfilter.com, imjeremeywade@gmail.com, Jeremy Wade, LeakedSource, leakedsource@chatme.im, leakedsourceonline@gmail.com, Nick Davros, no-ip.biz, Other, panic-stresser, Paypal, Runescape, Secure Gaming LLC, tiny-chats.com, xdavros@gmail.com, xerx3s, xerx3s@chatme.im

Credit to Author: BrianKrebs| Date: Wed, 15 Feb 2017 18:03:06 +0000

Late last month, multiple news outlets reported that unspecified law enforcement officials had seized the servers for Leakedsource.com, perhaps the largest online collection of usernames and passwords leaked or stolen in some of the worst data breaches — including billions of credentials for accounts at top sites like LinkedIn, Myspace, and Yahoo. In a development that may turn out to be deeply ironic, it seems that the real-life identity of Leakedsource’s principal owner may have been exposed by many of the same stolen databases he’s been peddling.