Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 27

Thread: Cloud computing - episodes ...

  1. #11
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Unhappy Dropbox - malware distribution

    FYI...

    Dropbox - malware distribution
    - http://blog.webroot.com/2012/03/21/t...-distribution/
    March 21, 2012 - "... a collection of files masquerading as RealNetworks updater executables. These files were all located in a user’s %AppData%\real\update_ob\ directory, and the sizes were all quite consistent... the software is in fact malicious, and that it is actually downloading malicious files from the popular web-based file hosting service Dropbox. These files came in two varieties: some files were randomly-named; other files were named for legitimate software. For example: utorrent.exe, Picasa3.exe, Skype.exe, and Qttask.exe... While some of the potential payloads were not present, some malicious URLs were still active... these target files on Dropbox are not legitimate, and they are definitely malicious. When executed they would write -many- files with legitimate names in generally legitimate locations. In some cases, file icons for the malicious files are not identical to the legitimate software that they are masquerading as.
    > https://webrootblog.files.wordpress....pbox-spy-3.jpg
    ... the malware obtains instructions from an XML script accessed via a dynamic DNS service that directs it to directs it to download additional malware and utilities from Dropbox and to disable certain antivirus programs which may be running on the infected PC... Another objective of this spy is to collect VERY specific system information, including hardware ID serials, computer and user names, OS version info, AV info, firewall info, UAC status, video device info, and many other pieces of information that no one would want falling into the hands of a stranger... this Dropbox-utilizing spy runs as a chain of downloaders for additional malware; the non-Dropbox-hosted C&C servers can determine what malware is grabbed by the downloaders so ultimately the end result of the infection is almost limitless. Once installed, malicious actions can vary from serving up rogue AVs, installing keyloggers, rootkits, or whatever the cybercrimal fancies. While it’s unfortunate malware writers have exploited this free service to serve their malware, Dropbox users don’t need to fret. There is no indication that legitimate Dropbox accounts were harvested to serve this malware and it is much more likely the writers simply opened their own accounts within Dropbox to carry this action out."

    - http://www.symantec.com/connect/blog...bused-spammers
    08 Mar 2012 - "... Dropbox is being abused by malware authors, as well as spammers. We recently saw a Brazilian Portuguese malware message claiming to contain photos and asking if they can be put onto a popular social networking site. The links in the email point to a Trojan hosted on Dropbox... This abuse is a good reminder that -any- site which makes user-supplied content publicly available must continue to be vigilant about dealing with abuse. Although Dropbox is a high-profile site, spammers target all sorts of sites, big and small. There are many things that sites do to deal with such abuse, but in some cases this crucial work is often seen as low priority, despite the damage that such abuse can cause..."

    - http://forums.spybot.info/showpost.p...8&postcount=94
    13 April 2012 - "... the use of Dropbox as a delivery mechanism is a something that the industry is going to have to take into account and protect against, as it is an emerging trend."

    Last edited by AplusWebMaster; 2012-04-13 at 17:22.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #12
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Zeus targets Cloud Payroll Service ...

    FYI...

    Zeus targets Cloud Payroll Service ...
    - http://www.trusteer.com/blog/zeus-ta...ey-enterprises
    April 10, 2012 - "... we have discovered a Zeus attack that focuses on cloud payroll service providers. These attacks are designed to route funds to criminals, and bypass industrial strength security controls maintained by larger businesses. Our researchers have captured a Zeus configuration that targets Ceridian, a Canadian human resources and payroll solutions provider. In this attack, Zeus captures a screenshot of a Ceridian payroll services web page ... when a corporate user whose machine is infected with the Trojan visits this website. This allows Zeus to steal the user id, password, company number and the icon selected by the user for the image-based authentication system... The financial losses associated with this type of attack can be significant. In August of last year, Cyberthieves reportedly funneled $217,000 from the Metropolitan Entertainment & Convention Authority (MECA). According to published reports an employee at MECA was victimized by a phishing e-mail and infected with malware that stole access credentials to the organization’s payroll system. With valid credentials, the cyberthieves were able to add fictitious employees to the MECA payroll. These money mules, who were hired through work-at-home scams, then received payment transfers from MECA's bank account which they sent to the fraudsters. We expect to see increased cybercriminal activity using this type of fraud scheme for the following reasons:
    First, targeting enterprise payroll systems enables attackers to siphon much larger amounts of money than by targeting individual consumers.
    Second, by stealing the login credentials belonging to enterprise users of these payroll services, fraudsters have everything they need to route payments to money mules before raising any red flags. Using these valid credentials fraudsters can also access personal, corporate and financial data without the need to hack into systems, while leaving very little evidence that malicious access is occurring.
    Third, by targeting a cloud service provider, the criminals are bypassing tight security mechanisms that are typically employed by medium to large enterprises. In a cloud service provider environment, the enterprise customers who use the service have no control over the vendor’s IT systems and thus little ability to protect their backend financial assets.
    Fourth, cloud services can be accessed using unmanaged devices that are typically less secure and more vulnerable to infection by financial malware (e.g. Zeus)..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #13
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Lightbulb What Google Analytics -doesn't- show you ...

    FYI...

    What Google Analytics -doesn't- show you...
    - http://www.incapsula.com/the-incapsu...-your-business
    "... 31% of your website visitors are likely to be damaging intruders. Google Analytics doesn’t show you 51% of your site’s traffic including hackers, spammers & other non-human stalkers. Most website owners don’t know that a startling 31% of any site’s traffic can harm its business. And although most website owners rely on Google analytics to track who’s visiting their site, Google simply doesn’t show you 51% of your site’s traffic including some seriously shady non-human visitors including hackers, scrapers, spammers and spies of all sorts who are easily thwarted, but only if they’re seen and blocked...
    > http://www.incapsula.com/images/blog...ng_%20Pie.jpeg
    As website owners work hard to attract good human traffic, it’s just as important to see and block the bad guys & bots that can hack your site, steal your customer’s data, share your proprietary business information, and a whole lot more. It’s time to see who’s visiting your site, and make sure the good guys get through fast while the bad guys are kept out. So who's stalking your site?...
    > http://www.incapsula.com/images/blog...g%20table.jpeg
    ... Information was anonymously compiled from a sample of one thousand websites of Incapsula customers, with an average of 50,000 to 100,000 monthly visitors."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #14
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Post Security in the Clouds - Part 1 ...

    FYI...

    Security in the Clouds - Part 1 ...
    - http://www.wired.com/cloudline/2012/...clouds-part-1/
    May 24, 2012 - "... Securing a cloud environment involves doing everything we do for traditional IT security plus more. In other words, the fundamental issues of ensuring the CIAs of security – Confidentiality, Integrity and Availability – are still in play. In fact, it’s even more complicated since now we are dealing with the additional complexity of someone else’s infrastructure. That means we have to begin with a comprehensive risk assessment and from there proceed to develop relevant policies, a solution architecture, a solid implementation that enforces those policies and finish up with a process to analyze results and feedback improvements into the previous steps of the cycle. Nothing new here but sometimes in the cloud rush some people think the laws of gravity have somehow been suspended... What the public cloud adds to the equation is a heightened need to get all this right since it will be in a shared infrastructure at a remote location. In addition, things like federated single sign-on (to connect across disparate authentication systems), federated account provisioning/deprovisioning (to create and delete the correct access privileges on the system you no longer have direct access to) and securing the hypervisor layer of the virtualization system used by the service provider become key issues. That last part is often overlooked but it shouldn’t be because each new layer of infrastructure represents a potential attack vector. We know OS’s and apps aren’t perfect so we harden them, patch them and stand up intrusion prevention layers to protect them from the bad guys. The hypervisor in a virtualized computing environment needs the same protections but doesn’t always get the same scrutiny... what happens if the SLA is not met? Many assume that the provider has the capability to guarantee this commitment but in some cases this may be nothing more than a best effort statement with no penalties if violated and no actual ability to deliver this level of service...
    Some questions to consider:
    • Is the data sufficiently isolated from other users of the shared cloud?
    • Are access controls up to the task of keeping the prying eyes of unauthorized users at bay?
    • Are you protected against data leakage by administrators working for the cloud provider who are not authorized to view the data but may, by virtue of their privileged status, be able to subvert protections in place?
    • Can you get easy access to an audit trail showing who, when, from where, etc., has accessed the data?
    • Is it being backed up in case a hard drive crashes?
    • Is the environment sufficiently provisioned to handle the demand placed upon it not only by legitimate users but also by attackers launching a denial of service attack?
    • What about disaster recovery?
    • Is there a mechanism to failover to hot or warm standby at a substantially different geographical location so as to not disrupt operations during an outage?
    • Will auditors and regulators be satisfied with your answers to all of these questions?
    ... so it may not be all that simple to let someone else handle it as you might have first thought as you clearly have some due diligence to perform before turning over the keys to the kingdom..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #15
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down AWS power outages ...

    FYI...

    AWS power outages...
    - http://status.aws.amazon.com/?rf
    Amazon CloudSearch (N. Virginia) - Elevated error rates
    10:16 PM PDT We are investigating elevated error rates impacting a limited number customers. The high error rates appear related to a recent loss of power in a single US-EAST-1 Availability Zone...
    Jun 30, 2:18 AM PDT CloudSearch control plane APIs are operating normally. We are continuing to recover impacted CloudSearch domains that are still experiencing high error rates.
    ___
    Amazon Elastic Compute Cloud (N. Virginia) - Power issues
    Jun 30, 12:37 AM PDT ELB is currently experiencing delayed provisioning and propagation of changes made in API requests. As a result, when you make a call to the ELB API to register instances, the registration request may take some time to process....
    Jun 30, 7:14 AM PDT We are continuing to make progress towards recovery of the remaining EC2 instances, EBS volumes and ELBs...
    ___
    Amazon Relational Database Service (N. Virginia) - Power Issues
    8:33 PM PDT We are investigating connectivity issues for a number of RDS Database Instances in the US-EAST-1 region.
    9:24 PM PDT We can confirm that a large number of RDS instances are impaired. We are actively working on recovering them...
    Jun 30, 7:38 AM PDT We are continuing to make progress in recovering the impacted RDS database instances...
    ___
    AWS Elastic Beanstalk (N. Virginia) - Power Issues...
    ___

    > http://status.aws.amazon.com/
    Current Status...
    ___

    3 million without power - 13 killed
    > http://www.washingtonpost.com/politi...uCW_story.html
    June 30, 2012

    - http://hardware.slashdot.org/story/1...r-amazon-cloud
    June 30, 2012 - "An Amazon Web Services data center in northern Virginia lost power Friday night during an electrical storm, causing downtime for numerous customers — including Netflix, which uses an architecture designed to route around problems at a single availability zone. The same data center suffered a power outage two weeks ago and had connectivity problems earlier on Friday."

    - http://www.informationweek.com/news/...ndly=this-page
    June 15, 2012

    Last edited by AplusWebMaster; 2012-07-02 at 07:09.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #16
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Unhappy Major outage - Salesforce.com...

    FYI...

    Salesforce.com hit with second major outage in two weeks
    Seven instances were affected at one time or another
    - https://www.computerworld.com/s/arti...e_in_two_weeks
    July 10, 2012 - "Salesforce.com suffered a significant service outage on Tuesday, less than two weeks after another serious set of system problems. The cloud-based CRM (customer relationship management) vendor's systems are divided into many instances around the world, each serving customers in different geographic regions. Seven instances went down at some time or another on Tuesday, starting with NA1, NA5 and NA6 in North America, according to a notice posted at 12:49 a.m. PDT on Salesforce.com's system status page*. Shortly thereafter, the CS0, CS1, CS3 and CS12 regions... Salesforce.com's Application Store also went down because it shares infrastructure with the NA6 instance, the site said in another update... It wasn't immediately clear what caused the problems... "power problems" had been detected and fixed, but the outages persisted. Some Salesforce.com customers may still be reeling from the last system outage, which occurred in late June. Those problems were caused by a fault in Salesforce.com's storage tier, the company said at the time."
    * http://trust.salesforce.com/trust/status/

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #17
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Unhappy Dropbox users targeted by spammers

    FYI...

    Dropbox users targeted by spammers
    - https://krebsonsecurity.com/2012/07/...dropbox-users/
    July 17, 2012 - "... trouble began earlier today, when users on the Dropbox support forums began complaining of suddenly receiving spam at email addresses they’d created specifically for use with Dropbox. Various users in Germany, the Netherlands and United Kingdom reported receiving junk email touting online gambling sites... At around 3 p.m. ET, the company’s service went down in a rare outage, blocking users from logging into and accessing their files and displaying an error message on dropbox.com*...
    Update, 6:37 p.m. ET: Dropbox just issued the following statement about today’s events: 'We‘re aware that some Dropbox users have been receiving spam to email addresses associated with their Dropbox accounts. Our top priority is investigating this issue thoroughly and updating you as soon as we can...'"
    * http://status.dropbox.com/
    Dropbox client running normally
    Dropbox web running normally
    ... as of date/time of this post.

    > https://krebsonsecurity.com/wp-conte...boxdropped.png

    Email-Address leaked from Dropbox
    > http://forums.dropbox.com/topic.php?page=5&id=64367
    17 July 2012 - "... junk mail to the email address registered to Dropbox..."

    > http://www.geek.com/articles/geek-pi...cted-20120717/
    July 17, 2012
    > http://techcrunch.com/2012/07/17/dro...leak-to-blame/
    July 17, 2012 - "... Update 3, 6 PM ET: Dropbox says the downtime was unrelated..."
    ___

    - http://h-online.com/-1646660
    18 July 2012 - "... On the Dropbox forums, the company announced that it has asked its security team to investigate the incident, and has also called in outside experts*. At present, it has found no evidence of unauthorised access to Dropbox accounts, but this could change as the investigation moves forward..."
    * http://forums.dropbox.com/topic.php?...10#post-455535

    Last edited by AplusWebMaster; 2012-07-18 at 17:44.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #18
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down iCloud attack began with Amazon hack

    FYI...

    iCloud attack began with Amazon hack
    - http://h-online.com/-1661646
    7 August 2012 - "... Mat Honan has detailed how attackers broke into his iCloud account and remotely wiped his iPhone, iPad and MacBook. In an article in Wired*, Honan explains how the attackers used flaws in Amazon's and Apple's customer service lines to expose his iCloud password... Once the account had been breached, Honan notes that the password reset email messages from the services were quickly moved to the trash by the attackers and within forty minutes of the call to Apple they had reset his Twitter password, posted a claim to the hack on his Twitter account, deleted his Google account and sent wipe commands to Honan's iPhone, iPad and MacBook. He has since been contacted by the hackers who say they were only attempting to "grab" his three character Twitter id and that the account deletions and device wiping were collateral damage... Apple told the New York Times** that it made a mistake when resetting the password, and protocols were not completely followed in this case..."

    * http://www.wired.com/gadgetlab/2012/...n-hacking/all/

    ** http://bits.blogs.nytimes.com/2012/0...n-itunes-hack/
    ___

    - http://www.gfi.com/blog/secure-cloud-computing-101/
    August 9, 2012 - "... practical tips for users on how to keep their information safe online and in the cloud:
    Back up information and files onto multiple hard drives and store them somewhere safe.
    • Take advantage of two-factor authentication if this feature is available to your service provider.
    Make data security a priority. Secure credentials with authentication devices and never reveal or share them with anyone..."

    Last edited by AplusWebMaster; 2012-08-09 at 17:25.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #19
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation CloudStack - critical vulnerability

    FYI...

    CloudStack - critical vulnerability
    - http://h-online.com/-1726599
    09 Oct 2012 - "Citrix and the Apache Software Foundation have alerted* users to a critical vulnerability in the CloudStack open source cloud infrastructure management software. All versions downloaded from the cloudstack .org site will be vulnerable. CloudStack is also an incubating Apache project but there have been no official releases from Apache of that project. If users have taken the source from the Apache project, that software will be vulnerable. Details of the issue were disclosed on Sunday; it appears that the system had a configuration issue which meant that any use could execute arbitrary CloudStack API calls such as deleting all the VMs in the system. A workaround, detailed in the various announcements, involves logging into the MySQL database that backs the system and setting a random password on the cloud .user account. The Apache CloudStack code has been updated with a fix for the issue and it is believed that the issue should not affect any upcoming releases of the incubating Apache CloudStack project; version 4.0 has currently been frozen and a release candidate is expected soon."
    * http://cloudstack.org/blog/185-cloud...iscovered.html
    08 Oct 2012 - "A configuration vulnerability has been discovered in CloudStack that could allow a malicious user to execute arbitrary CloudStack API calls, such as deleting all VMs being managed by CloudStack... The issue does have a workaround that can be applied immediately... This is considered a critical vulnerability. You should take action to mitigate the issue immediately. Note that this can be mitigated with no downtime..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  10. #20
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Data in the Cloud: Safer, but more attractive to Attackers

    FYI...

    Data in the Cloud: Safer, but more attractive to Attackers
    - http://www.gtcybersecuritysummit.com...eatsReport.pdf
    Nov 14, 2012 - Georgia Tech Information Security Center report - PDF (Pg.3): "Consider data storage in the cloud. As security expertise is increasingly being located within cloud service providers, companies and their customers typically improve the overall security posture of their data. However, while improved virtualization infrastructure means that mass compromises are unlikely, the growing trove of data concentrated in these cloud storage services will attract attackers... In June, attackers compromised DDoS mitigation service CloudFlare by using flaws in AT&T’s voicemail service for its mobile users and in Google’s account-recovery service for its Gmail users. The attack — which aimed to get control over the site of one of CloudFlare’s customers — failed, but only because the company moved quickly when it discovered the incident... 'We will see more of these types of attacks, because a lot of interesting data is being hosted on [these] sites,' Kirda said. Google’s latest approach to two-factor authentication is a good hybrid method, he said. Using a recognized device and a password, a user logs in and authorizes applications on other devices. By providing a different password for each application-device combination, the service provides stronger, yet usable, security... (Pg.6) Cloud infrastructure is not just about data, however. The ability to stand up virtualized computers, if successfully exploited by attackers, can be used to quickly create botnets. Just as large collections of data in the cloud become a siren call to attackers, the ability to create vast computing resources will continue to convince cybercriminals to look for ways to co-opt the infrastructure to their own ends, said Yousef Khalidi, distinguished engineer with Microsoft’s Windows Azure group. “If I’m a bad guy, and I have a zero-day exploit and the cloud provider is not up on their toes in terms of patching, the ability to exploit such a big capacity means I can do all sorts of things,” Khalidi said. The most obvious exploit that could lead to the creation of malicious compute clouds is simple credit-card fraud. Most cybercriminals have access to thousands, if not millions, of stolen credit card numbers. Using the stolen accounts to buy cloud computing resources can be a quick way for attackers to create dangerous clusters of virtual systems..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •