FTC Releases Alert on Fraudulent Emails

Original release date: May 16, 2017

The Federal Trade Commission (FTC) has released an alert about scammers sending out fake emails that look authentic to trick you into sending money to them. Users should be suspicious of unsolicited phone calls or email messages from individuals asking about your information. If an unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company.

US-CERT encourages users and administrators to refer to the FTC Scam Alert and the US-CERT Tip on Avoiding Social Engineering and Phishing Attacks for more information.

This product is provided subject to this Notification and this Privacy & Use policy.

WCry ransomware worm’s Bitcoin take tops $70k as its spread continues

(credit: fdecomite)

WCry, the National Security Agency exploit-powered ransomware worm that began spreading worldwide on Friday, had reportedly affected hundreds of thousands of computers before the weekend, but the malware had only brought in about $20,000 in ransom payments. However, as the world returned to the office on Monday, those payments have been rapidly mounting, based on tracking data for the three Bitcoin wallets tied by researchers to the malware. As of noon Eastern Time on Monday, payments had reached an estimated $71,000 since May 12. So far, 263 payments have been made to the three wallets linked to the code in the malware.

The payment history for each wallet shows individual transactions ranging mostly between 0.16 and 0.34 Bitcoin (approximately $300 and $600, respectively), with the number of larger payments increasing over time. Different ransom amounts have been presented to victims, and the price of Bitcoin has climbed dramatically over the past week, causing some variation in the payment sizes.

According to researchers at Symantec Security Response, tracking ransom transactions would have been much more difficult if not for a bug in code that was supposed to create an individual bitcoin wallet for each victim:

Read 1 remaining paragraphs | Comments

Trump confirms he shared classified intel with Russia’s foreign minister

Enlarge / WASHINGTON, DC - MAY 15: National Security Adviser Army Lt. Gen. H.R. McMaster preparing to make a statement to reporters on May 15 regarding President Trump's sharing of intelligence with Russian officials. (credit: Photo by Jabin Botsford/The Washington Post via Getty Images)

In an Oval Office meeting the day after firing FBI Director James Comey, President Donald Trump shared intelligence provided by an allied nation's sources on an Islamic State plot to bring down passenger airplanes with laptop computers turned into bombs. The intelligence, which was apparently the cause for the US extending a ban on laptops to include flights from Europe earlier this month, had been highly classified because of the sensitivity of its source.

Statements from President Trump on Twitter and from White House National Security Advisor Lt. Gen. H.R. McMaster essentially confirmed these details initially reported by the Washington Post late on Monday. McMaster said that no sources or methods were exposed in the conversation. However, the unnamed officials cited in the Post report were concerned that Trump's citing of the exact location "in the Islamic State’s territory where the U.S. intelligence partner detected the threat" could expose the source. And the sharing of the classified information with Russia's foreign minister and ambassador to the United States was within Trump's purview, as the president holds the ultimate authority over classification of sensitive data and can de-classify information at will. Tuesday morning, Trump tweeted:

Trump also lashed out at the intelligence community for leaking about his actions:

Read 4 remaining paragraphs | Comments

Github Dorks – Github Security Scanning Tool

Github search is quite a powerful and useful feature and can be used to search for sensitive data in repositories, this Github security scanning tool comes with a collection of Github dorks that can reveal sensitive personal and/or other proprietary organisational information such as private keys, credentials, authentication tokens and so on....

Read the full post at darknet.org.uk