Most Popular DNS Server 'Dyn' attacked by DDOS - Popular Sites get offline

Cyber attacks are getting evil and worst nightmare for companies day-by-day, and the Distributed Denial of Service (DDoS) attack is one such attacks that cause a massive damage to any service.

Recently, the Internet witnessed a record-breaking largest DDoS attack of over 1 Tbps against France-based hosting provider OVH, and now the latest victim of the attack is none other than Dyn DNS provider.

A sudden outage of popular sites and services, including Twitter, SoundCloud, Spotify, and Shopify, for many users, is causing uproar online. It's because of a DDoS attack against the popular Domain Name System (DNS) service provider Dyn, according to a post on Ycombinator.

DNS act as the authoritative reference for mapping domain names to IP addresses. In other words, DNS is simply an Internet's phone book that resolves human-readable web addresses, like thehackernews.com, against IP addresses.

Dyn DNS is used by many websites and services as their upstream DNS provider, including Twitter, Spotify, SaneBox, Reddit, Box, Github, Zoho CRM, PayPal, Airbnb, Freshbooks, Wired.com, Pinterest, Heroku and Vox Media properties.

All of these sites and services are reportedly experiencing outages and downtime, either completely or partially.

According to Dyn DNS, the DDOS started at 11:10 UTC and is mostly affecting its customers in the East Coast of the United States, specifically Managed DNS customers.

"We are aware of the ongoing service interruption of our Managed DNS network. For more information visit our status page," Dyn tweeted.

At the time, it's not clear who is behind this DDoS attack, but the company said its engineers are working on "mitigating" the issue.

Here's the statement posted by Dyn on its website:

"This attack is mainly impacting US East and is impacting Managed DNS customers in this region. Our Engineers are continuing to work on mitigating this issue.

Starting at 11:10 UTC on October 21th-Friday 2016 we began monitoring and mitigating a DDoS attack against our Dyn Managed DNS infrastructure. Some customers may experience increased DNS query latency and delayed zone propagation during this time. Updates will be posted as information becomes available.

Customers with questions or concerns are encouraged to reach out to our Technical Support Team."

What websites are down for you? Let us know in the comments below.

Google Steps forward to Secure its Web Store

Intro:
Chrome apps and extensions make things easier, but they can also do terrible things like spy on web users and collect their personal data.

But, now Google has updated its browser’s User Data Policy requiring all Chrome extension and app developers to disclose what data they collect.

Furthermore, developers are prohibited from collecting unnecessary browsing data and must also use encryption when handling sensitive information from users

Around 40 percent of all Google Chrome users have some kind of browser extensions, plugins or add-ons installed, but how safe are they?

The company plans to enforce developers starting this summer, to "ensure transparent use of the data in a way that is consistent with the wishes and expectations of users."

Google is making its Chrome Web Store safer for its users by forcing developers to disclose how they handle customers' data.

Google’s new User Data Policy will now force app developers, who use the Chrome Web Store to distribute their products, to be more transparent about their data collection practices.

In other words, the company wants its Chrome users to know what's happening when they use third-party apps and services that rely on its browser.

According to Google, "Protecting our users is our key priority, and we believe this change will make sure users are better informed and allow them to choose how their user data is handled."

Here's the list of new requirements for developers:

• Be transparent about the handling of user's data and disclose privacy practices.
• Post a privacy policy as well as use encryption for handling personal or sensitive information of users.
• Ask users to consent to the collection of their personal or sensitive data via a prominent disclosure, when the use of the data is not related to a prominent feature.

Besides this, developers are also restricted from collecting user's Web browsing activity that is not at all required for their app's main functionality.

Google has already started notifying app developers about the change in its privacy policy and is giving them 3 months from now to comply.

From July 15, 2016, any app or extension that violates any of the requirements mentioned above will be discarded from the Chrome Web Store. So the only way to be restored will be to comply with the new policies.

Warning ! Linux Mint Website Hacked & ISO replaced with Backdoored Operating System

Are you also the one who downloaded Linux Mint on February 20th? You may have been Infected!

Linux Mint is one of the best and popular Linux distros available today, but if you have downloaded and installed the operating system recently you might have done so using a malicious ISO image.

Here's why:

Last night, Some unknown hacker or group of hackers had managed to hack into the Linux Mint website and replaced the download links on the site that pointed to one of their servers offering a malicious ISO images for the Linux Mint 17.3 Cinnamon Edition.

"Hackers made a modified Linux Mint ISO, with a backdoor in it, and managed to hack our website to point to it," the head of Linux Mint project Clement Lefebvre said in a surprising announcementdated February 21, 2016.

Who are affected?

As far as the Linux Mint team knows, the issue only affects the one edition, and that is Linux Mint 17.3 Cinnamon edition.

The situation happened last night, so the issue only impacts people who downloaded the above-mentioned version of Linux Mint on February 20th.

However, if you have downloaded the Cinnamon edition or release before Saturday 20th, February, the issue does not affect you. Even if you downloaded a different edition including Mint 17.3 Cinnamon via Torrent or direct HTTP link, this does not affect you either.

What had Happened?

Hackers believed to have accessed the underlying server via the team's WordPress blog and then got shell access to www-data.

From there, the hackers manipulated the Linux Mint download page and pointed it to a malicious FTP (File Transfer Protocol) server hosted in Bulgaria (IP: 5.104.175.212), the investigative team discovered.

The infected Linux ISO images installed the complete OS with the Internet Relay Chat (IRC) backdoor Tsunami, giving the attackers access to the system via IRC servers.

Tsunami is a well-known Linux ELF trojan that is a simple IRC bot used for launching Distributed Denial of Service (DDoS) attacks.

Hackers vs. Linux Mint SysAdmins

However, the Linux Mint team managed to discover the hack, cleaned up the links from their website quickly, announced the data breach on their official blog, and then it appears that the hackers compromised its download page again.

Knowing that it has failed to eliminate the exact point of entry of hackers, the Linux Mint team took the entire linuxmint.com domain offline to prevent the ISO images from spreading to its users.

The Linux Mint official website is currently offline until the team investigates the issue entirely. However, the hackers' motive behind the hack is not clear yet.

"What we don't know is the motivation behind this attack. If more efforts are made to attack our project and if the goal is to hurt us, we’ll get in touch with authorities and security firms to confront the people behind this," Lefebvre added.

Hackers Selling Linux Mint Website's Database

The hackers are selling the Linux Mint full website's database for a just $85, which shows a sign of their lack of knowledge.

The hack seems to be a work of some script kiddies or an inexperienced group as they opted to infect a top-shelf Linux distro with a silly IRC bot that is considered to be outdated in early 2010. Instead, they would have used more dangerous malware like Banking Trojans.

Also, even after the hack was initially discovered, the hackers re-compromised the site, which again shows the hackers' lack of experience.

Here's How to Protect your Linux Machine

Users with the ISO image can check its signature in an effort to make sure it is valid. 

To check for an infected download, you can compare the MD5 signature with the official versions, included in Lefebvre's blog post.

If found infected, users are advised to follow these steps:

• Take the computer offline.
• Backup all your personal data.
• Reinstall the operating system (with a clean ISO) or format the partition.
• Change passwords for sensitive websites and emails.

You can read full detail about the hack here. The official website is not accessible at the time of writing. We’ll update the story when we hear more.