Cybersecurity Weekly: Jeff Bezos hacked, DDoS defense firm admits to DDoS, TrickBot steals AD creds

Infosec_Sam

Saudi prince allegedly hacked Jeff Bezos using WhatsApp. The founder of a DDoS mitigation firm admits to launching DDoS attacks. TrickBot now steals Windows Active Directory credentials. All this, and more, in this week’s edition of Cybersecurity Weekly.

1. Saudi prince allegedly hacked Jeff Bezos using WhatsApp

Amazon founder Jeff Bezos’ iPhone was reportedly hacked in May 2018 after receiving a WhatsApp message from Saudi Crown Prince Mohammed bin Salman. A large amount of data was exfiltrated from Bezos’ phone within hours after the attack. The exploit involved a zero-day vulnerability in the WhatsApp platform’s video messaging service.
Read more »

2. DDoS mitigation firm founder admits to DDoS

Last week, a Georgia man who co-founded a service designed to protect companies from DDoS attacks pleaded guilty to paying a DDoS-for-hire service to launch attacks against others. His DDoS-protection firm developed the habit of hijacking internet addresses to prevent attacks, but new evidence emerged of him using this technology against innocent organizations.
Read more »

3. TrickBot now steals Windows Active Directory credentials

A new module for the TrickBot trojan targets the Active Directory database stored on compromised Windows domain controllers. To compromise a network, TrickBot will download modules that perform specific behaviors such as stealing cookies, browser information and OpenSSH keys.
Read more »

For more cybersecurity news stories like these, check out the blog »

TechGromit

Infosec_Sam said:

2. DDoS mitigation firm founder admits to DDoS

Last week, a Georgia man who co-founded a service designed to protect companies from DDoS attacks pleaded guilty to paying a DDoS-for-hire service to launch attacks against others. His DDoS-protection firm developed the habit of hijacking internet addresses to prevent attacks, but new evidence emerged of him using this technology against innocent organizations.
Read more »

It's the prefect business model, if there isn't a need for your business, make one. Kinda like protection money from the mob. I'm wondering if businesses would pay me to un-encrypt there systems. 

TechGromit

1. Saudi prince allegedly hacked Jeff Bezos using WhatsApp

Amazon founder Jeff Bezos’ iPhone was reportedly hacked in May 2018 after receiving a WhatsApp message from Saudi Crown Prince Mohammed bin Salman. A large amount of data was exfiltrated from Bezos’ phone within hours after the attack. The exploit involved a zero-day vulnerability in the WhatsApp platform’s video messaging service.
Read more »

What does he keep on his phone? Other than photos and a few contacts there's really nothing of value on my phone, no passwords, accounts, I do get email on it, but once I log onto the home computer the emails are downloaded and wiped off the server.   

Infosec_Sam

TechGromit said:

It's the prefect business model, if there isn't a need for your business, make one. Kinda like protection money from the mob. I'm wondering if businesses would pay me to un-encrypt there systems. 

As far as I'm concerned, the only thing he did wrong was get caught! </sarcasm> 

thomas_

TechGromit said:

1. Saudi prince allegedly hacked Jeff Bezos using WhatsApp

Amazon founder Jeff Bezos’ iPhone was reportedly hacked in May 2018 after receiving a WhatsApp message from Saudi Crown Prince Mohammed bin Salman. A large amount of data was exfiltrated from Bezos’ phone within hours after the attack. The exploit involved a zero-day vulnerability in the WhatsApp platform’s video messaging service.
Read more »

What does he keep on his phone? Other than photos and a few contacts there's really nothing of value on my phone, no passwords, accounts, I do get email on it, but once I log onto the home computer the emails are downloaded and wiped off the server.   

Apparently, d*ck pics that he would send to a woman he was having an affair with.