Infosec links June 23, 2014

Hacker Hijacks Synology NAS Boxes for Dogecoin Mining Operation, Reaping Half Million Dollars in Two Months - Pat Litke - Dell SecureWorks

I don't own a Synology myself, but I know a few people that do and they weren't aware that this had happened. This appears to have happened at the end of last year to the beginning of this year. The article has a good analysis of the event, but the tl:dr version is that someone was able to get malware installed on Synology boxes and run Dogecoin mining operations and they made a lot of money during the operation.

Gear to Block 'Juice Jacking' on Your Mobile - Brian Krebs - Krebs on Security

And now to the super paranoid. Brian Krebs uses a device that defends against Juice-Jacking, which is a technique where data is accessed via a USB cable that you use to charge up your electronic device. Our electronic devices are setup to sync data when connected via USB. Even if you're just trying to charge it, the device will try to sync with whatever you plug into. Just like ATM skimmers you could see the possibility of a USB power station being compromised OR setup to grab data off your electronic device. The solution is to buy a device that stops the sync from happening. Krebs previews to of these devices: USB Condom; and the Juice-Jack Defender. This might not be something you need to worry about, but you should certainly be aware of it, especially, if you handle sensitive information.

DotA 2 Phishing Page Offers Up Treasure Keys and Rare Items - Christopher Boyd - Malwarebytes Unpacked

Time to wrap up with a good ol'phishing scam. This is your typical phishing site: scammers setup a fake website and offers discounted/rewards/free stuff in an attempt to lure people (in this instance gamers) to login into their website with account information. Thus compromising their account. In this particular scam they want Yahoo login credentials. Broken records: always be aware of where you're logging into and setup two-factor authentication where ever you can. Yahoo Mail does offer two-factor authentication and would help mitigate this attack, if you compromised your account by accident.

This post first appeared on Exploring Information Security.