Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).
- Pricey identity-theft protection isn't worth the cost (Consumer Reports)
In the second part of his series on pharming, Chris Bowen details how hosts files can be modified to carry out pharming attacks and provides pharming protection recommendations for this method of attack.
This isn't the first time the Pingback functionality of WordPress has been abused to launch DDoS attacks, but it's the largest publicy reported in terms of the volume of sites involved. If you are running WordPress, check your site on Securi's DDoS detection tool to determine if it's being used in an attack.
The GnuTLS library has a bug that allows attackers to decrypt SSL and TLS communications. The downstream impact of the vulnerability will be significant considering that many of the most popular flavors of Linux use GnuTLS, as well as hundreds of applications.
- Did Target Ignore Security Warning? (BankInfoSecurity.com)
"Ignore" isn't the best term, but it does look like they incorrectly analyzed alerts coming from some of their security tools -- which allowed the attack to fly under the radar. The simple truth is that an organization the size of Target can't respond to every alert in their environment. Security tools are noisy, even when well-tuned, and there was likely some threshold that suspicious activity had to pass before it could be assessed as a real threat.