• Archive of 1.4 BEEELLION credentials in clear text found in dark web archive
    A data dump containing over 1.4 billion email addresses, passwords, and other credentials, all in clear text, has been found online by security shop @4iQ. "None of the passwords are encrypted, and what’s scary is that we’ve tested a subset of these passwords and most of the have been verified to be true," said Julio Casal, founder of @4iQ. Disturbingly the archive also shows that years of advice on choosing strong passwords is still being ignored. The top password is, depressingly, still 123456, followed by 123456789, qwerty, password and 111111, and the history of some accounts shows the minor variations that would make other passwords for the account easier to guess. When the firm contacted some of the recipients, the email addresses of many proved to be still active, although in most cases the passwords were no longer in use. That said, those passwords may well have been used on other accounts, making the job a lot easier for hackers.Read More
  • Pentagon Hacked in New U.S. Air Force Bug Bounty Program
    The Hack the Air Force 2.0 bug bounty program kicked off earlier this month with researchers finding a critical vulnerability that could have been exploited to gain access to a network of the U.S. Department of Defense. Hack the Air Force 2.0 started on December 9 with a live hacking competition hosted by the HackerOne platform at the WeWork Fulton Center inside the Fulton Center subway station in New York City. Hack the Air Force 2.0 will run until January 1, 2018 and anyone can apply as long as they are a citizen or a permanent resident of Five Eyes countries, NATO countries, or Sweden. “Hack the Air Force allowed us to look outward and leverage the range of talent in our country and partner nations to secure our defenses,” said Air Force CISO Peter Kim. Hack the Air Force 2.0 was announced following the success of the first Hack the Air Force program, which resulted in more than $130,000 being paid out for over 200 valid vulnerability reports. Previous DoD bug bounty projects included Hack the Pentagon, which resulted in payouts of roughly $75,000, and Hack the Army, with rewards totaling approximately $100,000.Read More
  • MedusaHTTP DDoS Slithers Back into the Spotlight
    Enter Medusa – StevenKings’ DDoS botnet kit since 2015 This isn’t the first time ASERT has encountered the Medusa botnet, we  previously analyzed the IRC version of Medusa in 2016. Medusa Now in HTTP Our research shows Stevenkings advertising the HTTP version of the Medusa botnet on underground hacker marketplaces in early 2017. The advertisements for this version included images of the HTTP command and control panel which appears to use the code and images from Diamond Fox, another well-known DDoS botnet. All other portions of the code, except for the HTTP-based command and control communications, remain very similar to the IRC version of the Medusa botnet. Command and Control Communication The latest version of MedusaHTTP uses a HTTP-based command and control (C2) communication method as opposed the IRC communication of its predecessor. Observed Command Traffic ASERT observed and was able to capture DDoS and command traffic from a portion of the purported attack types available to MedusaHTTP.Read More
  • Firefox Prepares to Mark All HTTP Sites "Not Secure" After HTTPS Adoption Rises
    "We should start preparing for a shift toward marking non-secure sites as insecure (as opposed to marking secure sites as secure)." "As a first step, let's add a negative indicator for all non-secure sites, gated by a pref that's off by default," Barnes wrote in a feature request he made last year. Hidden setting available in Firefox Nightly 59 Mozilla approved his request, and Firefox Nightly 59 now includes a hidden preference named "security.insecure_connection_icon.enabled" that when enabled will show the above strikethrough lock icon on all HTTP pages. Currently, most security experts and UI designers believe it's detrimental if a site would show a permanent warning when users are on HTTP pages, as this could lead to something called an "error fatigue" that could make users blind and ignorant to these warnings. But, as Barnes pointed out, if HTTPS adoption rises even more, showing a "Not Secure" warning on non-HTTPS sites could become acceptable, as these errors will show more rarely than they would have a few years back.Read More
  • "Zealot" Apache Struts Attacks Abuses NSA Exploits
    A sophisticated multi-staged Apache Struts cyber attack campaign is abusing NSA-linked exploits to target internal networks, researchers from F5 Networks have discovered. Dubbed Zealot, the highly obfuscated attack uses the EternalBlue and EternalSynergy exploits to target Windows and Linux systems. “The Zealot campaign aggressively targets both Windows and Linux systems, with the DNN and Struts exploits together. Two more files are downloaded onto the machine, namely “zealot.zip” and “raven64.exe.” The former includes several Python scripts and libraries, including a script designed to execute the EternalBlue and EternalSynergy exploits, an SMB protocol wrapper, and a series of known Python packages. The “raven64.exe” file scans the internal network for port 445 and calls the main script to inject three different shellcodes for Windows 7 and Windows 8 systems to exploit EternalSynergy and EternalBlue. The goal is to obtain arbitrary code execution to run the same PowerShell script delivered via the Apache Struts exploit.Read More
  • What are the dangers of facial recognition technology?
    In short, facial recognition is a security system typically used to identify or verify a person from a digital image or a set of facial features stored in a database. The technology is also becoming increasingly popular with retailers where facial recognition is deployed as a way to make payments. This feature enables users to unlock the device just by identifying the users’ face as a form of biometric authentication. Security concerns Hackers will already be looking to replicate people's faces in order to trick facial recognition systems, but the technology has proved harder to hack than fingerprint or voice recognition technology in the past.  Wired magazine spent thousands of dollars on expensive masks and enlisted experienced biometric hackers in an attempt to trick Face ID following the release of the iPhone X, but still failed to beat the system. Richard Parris, CEO of cybersecurity specialists Intercede told Techworld: “Biometrics, facial recognition being one example of this, is fast becoming the de facto security measure for a wide range of business and consumer applications.Read More
  • Why companies should employ ethical hackers
    Yahoo breach: The Internet giant Yahoo reported security breaches on its site that affected more than 500 million Yahoo! The examples above underscore the need for a hacker in organisations.  In most cases, ethical hackers easily detect glaring security flaws in the system of any organisation. Ethical hackers, also known as white hat hackers, search and exploit weakness and vulnerabilities in various systems just like malicious hackers would. However, the difference between the two is that an ethical hacker legitimately uses those skills and try to find vulnerabilities and fix them while an attacking cyber-hacker does this to exploit them to ahcieve their own malicious purposes. Skills of an ethical hacker When searching for the right ethical hacker for your organisation, you need to look out for following skills: ·        He or she must be a computer systems expert and should have programming and computer networking skills. ·        Above all, an ethical hacker should able to understand the situation and understand the mind-set of hackers.Read More
  • Internet giants told: Accept cyber curbs to be welcome in China
    GENEVA (Reuters) - Google and Facebook will have to accept China’s censorship and tough online laws if they want access to its 751 million internet users, Chinese regulators told a conference in Geneva on Monday. Google (GOOGL.O) and Facebook (FB.O) are blocked in China, along with Twitter Inc (TWTR.N) and most major Western news outlets. “That’s a question maybe in many people’s minds, why Google, why Facebook are not yet working and operating in China,” said Qi Xiaoxia, director general of the Bureau of International Cooperation at the Cyberspace Administration of China (CAC). China’s Communist Party has tightened cyber regulation in the past year, formalizing new rules that require firms to store data locally and censor tools that allow users to subvert the Great Firewall that blocks sites including Facebook and Google. In June, China introduced a new national cybersecurity law that requires foreign firms to store data locally and submit to data surveillance measures. “Can you guess the number of websites in China?Read More
  • Bitfinex cryptocurrency exchange hit by “heavy DDoS” attack again
    On December 12, 2017, one of the world’s largest cryptocurrency exchange Bitfinex announced its servers were under a series of massive distributed denial of service (DDoS) attacks. On December 17th however, the company said its platform is suffering a “heavy DDoS” attack once again. — Bitfinex (@bitfinex) December 17, 2017 “you can’t seriously believe that bitfinex is under DDoS attack, right? you can’t seriously believe that bitfinex is under ddos attack,right ? After following the timeline of DDoS attacks against Bitfinex in December, it was revealed that the company first suffered the attack on December 4th which continued till December 7th.Read More
  • Advanced Deception: How It Works & Why Attackers Hate It
    Distributed deception platforms have grown well beyond basic honeypot trapping techniques and are designed for high-interaction deceptions, early detection, and analysis of attackers' lateral movement. Additionally, deception platforms change the asymmetry of an attack by giving security teams the upper hand when a threat enters their network and forcing the attackers to be right 100% of the time or have their presence revealed, and by providing decoys that obfuscate the attack surface and through valuable threat intelligence and counterintelligence that is required to outmaneuver the advanced human attacker. If you're suspicious of attack activity, resetting the attack surface will avoid attacker fingerprinting that could be used to mark and avoid decoys, create uncertainty, and increase the likelihood of an attacker making a mistake. Deception slows the attack as threat actors get lost in the deception environment while thinking they are escalating their attack. The use of adaptive deception creates complexity for the attacker by dynamically changing the perceived attack surface on attackers, increasing their cost, and acting as a deterrent.Read More