Here’s a brief overview of some of last week’s most interesting cyber security news, including a massive cyber attack against Israeli websites, theEasyJet's data breach, the arrest of a hacker known as Sanix, responsible for selling billions of hacked user credentials, and more.
Last week the Ukrainian Secret Service (SBU) has arrested the hacker known as “Sanix” who attempted to sell a massive database containing 773 million email addresses and 21 million unique passwords. It is believed that Sanix is the person responsible of initially assembling a number of databases with millions user and password combos known as Collection #1, #2, #3, #4, #5, and others.
The stolen data included usernames and email passwords, bank card PIN codes, e-wallets of cryptocurrencies, PayPal accounts and information about hacked computers intended to be used as bots in botnets and to launch DDoS attacks.
British low-cost airline EasyJet has suffered a security breach, which resulted in theft of the email and travel details of nearly 9 million customers. EasyJet admitted that 2,208 credit card details were accessed by hackers, though the company has not seen any signs of the stolen information being mistreated.
The EasyJet hack is suspected to be carried out by a group of Chinese hackers that has targeted multiple airlines in recent months.
Personal information of 40 million users registered on Wishbone, a mobile application for comparing social content, are being sold on multiple hacking forums for 0.85 bitcoin.
The Wishbone data includes user information such as usernames, emails, phone numbers, city/state/country, as well as hashed passwords. According to the database seller, the info was obtained as a result of a breach that happened earlier this year.
Israeli security researchers have warned about a new unfixable flaw affecting DNS protocol that can be exploited to launch amplified, large-scale distributed denial-of-service (DDoS) attacks to render inoperable targeted websites.
The attack involves a malicious actor sending a DNS request to a recursive server for an attacker-controlled domain. As this recursive server does not have the authority to resolve the request, it sends a query to the authoritative DNS server (which is also attacker-controlled) for the attacker's domain. This authoritative server would return a list of fake server names or subdomains controlled by the threat actor that points to a victim DNS domain. The DNS server, then, forwards the query to all the nonexistent subdomains, creating a massive surge in traffic to the victim site.
Last Thursday multiple Israeli websites were targeted in a coordinated cyber attack, with the home pages replaced with the images of Israel’s demise. The attack impacted thousands of websites, including some belonging to major firms, political groups and other organizations and individuals.
Most of the hacked sites were hosted on uPress, a local Israeli WordPress hosting service. According to the hosting provider, the hackers have exploited a vulnerability in a WordPress plugin.
The attack was reportedly carried out by a group named “Hackers of Saviour,” which is describing itself as a crew seeking on avenging Israel’s policy on the Palestinian situation.