It's interesting the attack to one of Italy's PEC system providers went unnoticed abroad.
PEC (electronic certified mail) system is used to send and receive a lot of sensitive emails - and in many situations is now mandatory to use it for document exchanges with government and its agencies.
It looks 500,000 accounts have been attacked on November 10, of which tens of thousand used by government and its agencies, courts included. Actually, when the provider (not disclosed, but many sources says it's TIM) shut down the system to avoid bigger damages, courts were badly hit, as their operations were blocked.
Sources say the activity on 10th were a recon, while the full-blown attack was started on 12th. The provider notified the police the following day, but on 14th the systems were shutdown to contain the attack.
Italy's government and its law enforcement agencies, including the "cyber" ones, kept a very low profile - even when the news became public, although they hinted about a foreign source.
Affected users should have been notified, but the real extent of the breach is not known.
Linux gets its own nasty Bitcoin malware
“If the malware gets onto a Linux system it, as the name suggests, attempts to hijack cycles to mine cryptocurrency and also tries to disable any security software.”
How exactly does the Linux malware get onto the Linux system in the first place, without the user downloading and running the malware and providing the root password? Oh look this link points to a website for Dr.Web Anti-virus on which resides this quote:
“A multicomponent malware program capable of infecting Linux devices and intended to be used for Monero (XMR) mining. It is implemented as a shell script containing over 1,000 lines of code. When launched”
Yes, the suspence is killing me, how does the script execute itself, without user action. And while you're at it share with us what Linux techie runs a script without reading it!!!
“After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.”
Re: Linux gets its own nasty Bitcoin malware
"How exactly does the Linux malware get onto the Linux system in the first place, without the user downloading and running the malware and providing the root password?"
Sadly many installers these days consist of something like this:
# curl https://bit.ly/script.sh | /bin/bash
Not everyone downloads the script first and analyses it before running it. To be fair it is no more dangerous than installing *anything* off say Tucows on a Windows box.
@Walter - Re: Linux gets its own nasty Bitcoin malware
You're absolutely right and I don't know why you got the down-votes. I've seen this many times, including for Windows malware when they tell you in great detail what harm it is causing to your system but they omit the most important bit: how the pox gets into the system so we can defend against it. This is somewhat irresponsible in my opinion.
Ebay didn't pay the researcher
As is typical of the scumware Ebay, they didn't pay that researcher:
> Sadly, they have no cash rewards for valid bugs
Even though they leaked full access credential which would have easily enabled a complete takeover of their infrastructure. That's about as bad as it gets. Should have given the researcher $20k+.
Next time, just announce the bug to the world. Give them a reason to pay people for their time, like they should be doing.
Re: the company caught wind of an attempted hack on its customer rewards program
Perhaps a trial run. One would suppose that DK's reward program is under less scrutiny than, say, banking sites. Run your whole database against DK, identify re-used credentials, then re-use only them against banking sites?
"Matt Caswell says that the upcoming release, which will be the first released under the Apache License 2.0, will also introduce a new version scheme that will look to simplify the release process and bring it more into line with other software."
At last ! The versioning of OpenSSL was a never ending source of laughter !
No hacking necessary
But the app of a particular burrito chain doesn't deduct reward points when I spend them (properly) on a free burrito. Instead it gives me more points as if I'd paid for it.
(Also found on a holiday website that I got a voucher code intended for first-time customers when I linked my social accounts. Each time I linked my social accounts.)