Cybercriminals are busy innovators, adapting their weapons and attack strategies, and ruthlessly roaming the web in search of their next big score.

Every manner of sensitive information, such as confidential employee records, customers’ financial data, protected medical documents, and government files, are all subject to their relentless threats to cybersecurity.

Solutions span a broad spectrum, from training email users to ensuring a VPN kill switch is in place, to adding extensive advanced layers of network protection.

To successfully guard against severe threats from hackers, worm viruses to malware, such as botnet attacks, network managers need to use all tools and methods that fit well into a comprehensive cyber defense strategy.

Of all the menaces mentioned above to a website owner’s peace of mind, botnets arguably present the most unsettling form of security risk. They’re not the mere achievements of malicious amateur cybercriminals.

They’re state-of-the-dark-art cyber-crafts. What’s most rattling about them, perhaps, is their stealth, their ability to lurk around seeking vulnerabilities to exploit invisibly.

How Do Botnets Work?

Proliferating botnets is not one of the more straightforward strategic hacking weapons. Botnets are subtle data-extracting malware. They infiltrate networks, unauthorisedly access computers, and allow malware to continue operating without disruption for users, while they steal data and funnel it outside the victim network and into awaiting “botmasters,” evading detection throughout the process.

What Can You Do to Stop Botnets?

The front line of cyber defense has got to be manned by people — real people working at their computers, doing their everyday tasks in the office.

The best defense against ever-evolving threats is to educate the users who are the perpetrators’ prime targets. These particular front lines span the spectrum of web interactions, from email to social media.

It’s recommended to implement a strategy that incorporates as many of the following approaches, from some basics to more sophisticated solutions, as practicable for your organization:

images from Hacker News

If you haven’t recently updated your Drupal-based blog or business website to the latest available versions, it’s the time.

Drupal development team yesterday released important security updates for its widely used open-source content management software that addresses a critical and three “moderately critical” vulnerabilities in its core system.

Considering that Drupal-powered websites are among the all-time favorite targets for hackers, the website administrators are highly recommended to install the latest release Drupal 7.69, 8.7.11, or 8.8.1 to prevent remote hackers from compromising web servers.

Critical Symlinks Vulnerability in Drupal

The only advisory with critical severity includes patches for multiple vulnerabilities in a third-party library, called ‘Archive_Tar,’ that Drupal Core uses for creating, listing, extracting, and adding files to tar archives.

The vulnerability resides in the way the affected library untar archives with symlinks, which, if exploited, could allow an attacker to overwrite sensitive files on a targeted server by uploading a maliciously crafted tar file.

Due to this, to be noted, the flaw only affects Drupal websites that are configured to process .tar, .tar.gz, .bz2, or .tlz files uploaded by untrusted users.

According to Drupal developers, a proof-of-concept exploit for this vulnerability already exists and considering the popularity of Drupal exploits among hackers, you may see hackers actively exploiting this flaw in the wild to target Drupal websites.

Moderately Critical Drupal Vulnerabilities

Besides this critical vulnerability, Drupal developers have also patched three “moderately critical” vulnerabilities in its Core software, brief details of which are as follows:

• Denial of Service (DoS): The install.php file used by Drupal 8 Core contains a flaw that can be exploited by a remote, unauthenticated attacker to impair the availability of a targeted website by corrupting its cached data.
• Security Restriction Bypass: The file upload function in Drupal 8 does not strip leading and trailing dot (‘.’) from filenames, which can be used by an attacker with file upload ability to overwrite arbitrary system files, such as .htaccess to bypass security protections.
• Unauthorized Access: This vulnerability exists in Drupal’s default Media Library module when it doesn’t correctly restrict access to media items in certain configurations. Thus, it could allow a low-privileged user to gain unauthorized access to sensitive information that is otherwise out of his reach.

According to the developers, affected website administrators can mitigate the access media bypass vulnerability by unchecking the “Enable advanced UI” checkbox on /admin/config/media/media-library, though this mitigation is not available in 8.7.x.

images from Hacker News

A British man suspected to be a member of ‘The Dark Overlord,’ an infamous international hacking group, has finally been extradited to the United States after being held for over two years in the United Kingdom.

Nathan Francis Wyatt, 39, appeared in federal court in St. Louis, Missouri, on Wednesday to face charges related to his role in hacking healthcare and accounting companies in the U.S. and then threatening to publish stolen information unless victims paid a ransom in Bitcoin.

According to a court indictment unsealed yesterday, Wyatt faces one count of conspiracy, two counts of aggravated identity theft and three counts of threatening to damage a protected computer.

However, the suspect has not yet pledged guilty to any of the charges in the U.S. federal court, where he appeared after fighting for 11 months to avoid being extradited from Britain.

Cyber Attacks by The Dark Overlord Group

British police first arrested Wyatt in September 2016 during an investigation into the hacking of an iCloud account belonging to Pippa Middleton, the younger sister of the British royal family member Duchess of Cambridge, and stealing 3,000 images of her.

Though he was released in that case without charge due to lack of evidence, Wyatt was again arrested in September 2017 over hacking companies, credit card fraud, and blackmail schemes.

The indictment does not name the companies allegedly attacked by The Dark Overlord hacking group between February 2016 and June 2017 but says the victims include multiple healthcare providers and accounting firms in Missouri, Illinois, and Georgia states.

However, the Dark Overload is the same hacking crew that previously has been attributed to a number of hacking attacks, including leaking 10 unreleased episodes of the 5th season of ‘Orange Is The New Black‘ series from Netflix and hacking Gorilla Glue, Little Red Door cancer service agency, among others.

The Dark Overlord Threatened Victims and their Relatives

According to the press release published by the Justice Department, Wyatt created and operated the email and phone accounts to threaten the compromised organizations to extort money, and in case victims refused to pay, Wyatt harassed and threatened their relatives.

images from Hacker News

Besides rewarding ethical hackers from its pocket for responsibly reporting vulnerabilities in third-party open-source projects, Google today announced financial support for open source developers to help them arrange additional resources, prioritizing the security of their products.

The initiative, called “Patch Rewards Program,” was launched nearly 6 years ago, under which Google rewards hackers for reporting severe flaws in many widely used open source software, including OpenSSH, OpenSSL, Linux kernel, Apache, Nginx, jQuery, and OpenVPN.

So far, Google has paid hundreds of thousands of dollars as bounty to hackers across the world who helped improve the overall security of many crucial open source software and technologies that power the Internet, operating systems, and networks.

The company has now also decided to motivate volunteer work done by the open source community by providing upfront financial help to project teams, using which they can acquire additional development capacity.

The support is available for both small teams ($5,000) as well as for a large team ($30,000) of developers.

In a blog post published today, Google itself described that small teams could get the amount as a reward for fixing a small number of security issues.

Whereas, large open source teams need to use the funds to heavily invest in security, like providing support to find additional developers, or implementing significant new security features.

If you run any open source project or want to support any other open-source project, you can nominate it for support from Google by filling out https://goo.gle/patchz-nomination.​

images from Hacker News

LifeLabs, the largest provider of healthcare laboratory testing services in Canada, has suffered a massive data breach that exposed the personal and medical information of nearly 15 million Canadians customers.

The company announced the breach in a press release posted on its website, revealing that an unknown attacker unauthorisedly accessed its computer systems last month and stole customers’ information, including their:

• Names
• Addresses
• Email addresses
• Login information
• Passwords, for their LifeLabs account
• Dates of birth
• Health card numbers
• Lab test results

The Toronto-based company discovered the data breach at the end of October, but the press release does not say anything about the identity of the attacker(s) and how they managed to infiltrate its systems.

However, LifeLabs admitted it paid an undisclosed amount of ransom to the hackers to retrieve the stolen data, which indicates that the attack might have been carried out using a ransomware style malware with data exfiltration abilities.

“Retrieving the data by making a payment. We did this in collaboration with experts familiar with cyber-attacks and negotiations with cybercriminals,” the company said while announcing several measures it took to protect its customers’ information.

LifeLabs also said the majority of affected customers, who used its labs for diagnostic, naturopathic, and genetic tests, reside in British Columbia and Ontario, with relatively few customers in other locations.

“In the case of lab test results, our investigations to date of these systems indicate that there are 85,000 impacted customers from 2016 or earlier located in Ontario; we will be working to notify these customers directly,” the press release read.

“Our investigation to date indicates any instance of health care information was from 2016 or earlier.”

LifeLabs said it immediately involved “world-class cybersecurity experts” to isolate and secure the affected computer systems and determine the scope of the cyber attack.

images from Hacker News