https://au.finance.yahoo.com/news/security-experts-borrowing-phone-charger-like-underwear-toothbrush-200052264.html
https://www.cshub.com/attacks/articles/incident-of-the-week-passwords-and-biometrics-info-for-one-million-users-exposed-in-biostar-2-data-breach
https://www.bleepingcomputer.com/news/security/second-steam-zero-day-impacts-over-96-million-windows-users/
https://thenewdaily.com.au/life/tech/2019/08/22/kmart-text-message-scam/
https://www.globenewswire.com/news-release/2019/08/21/1905045/0/en/Anomali-Threat-Research-Team-Identifies-North-Korea-Based-Cyber-Attack-Targeting-Stanford-University-Government-Agencies-Think-Tanks.html
series: WestWild
Medium:
https://www.vulnhub.com/entry/westwild_11,338/
unknown maybe hard from description
https://www.vulnhub.com/entry/westwild_2,351/
Whole series happened so far, while on vacation.
https://www.vulnhub.com/series/westwild,224/
New CTF images
Still catching up on things after taking a vacation with the family.
One of these things is the latest additions to vulnhub.
Quite a few of these to post today.
Let;s get started.
Tr0ll: 3
https://www.vulnhub.com/entry/tr0ll_3,340/
beginner++ it says in the description
The whole series can be see here now:
https://www.vulnhub.com/series/tr0ll,49/
One of these things is the latest additions to vulnhub.
Quite a few of these to post today.
Let;s get started.
Tr0ll: 3
https://www.vulnhub.com/entry/tr0ll_3,340/
beginner++ it says in the description
The whole series can be see here now:
https://www.vulnhub.com/series/tr0ll,49/
failed installation
QxSearch hijacker fakes failed installs
Malwarebytes Labs
https://blog.malwarebytes.com/pups/2019/08/qxsearch-hijacker-fakes-failed-installs/
Course Review - Intensive Ethical Hacking Series
Course Name: Intensive Ethical Hacking Series
Course Instructor: Zeal Vora
Overall Verdict: Stay Away
Pros:
Cons:
Review: It seems the goal of this course is to start you at the very beginning, and then take you through the process all the way to more advanced topics in penetration testing. To be honest, there is a lot of introductory IT stuff in this course. For example the discussion on DNS should not be in this course IMO. This is something you should already know, before you start learning about Ethical Hacking. (BTW, I would strongly debate the instructor on how many types of DNS records there are, and Question and Answer are not 2 of them.)
Very tool focused, like the CEH. no discussion of programming, scripting, social engineering, etc. For the whole section on protocols and networking, we only opened Wireshark on the last lesson. Just saying.
Some favorite quotes:
"Hacking is not just about attacking the server. It is a 2 way process. one is breaking into the serve,r and the other is coming out of the server safely." --> no mention of trying to get data out. My assumption was this is what he instructor meant, but a beginner will not know this.
"Ethical hacking is not just about the point-to-click and the tool will hack into the network. it is about you trying to understand what exactly the tool does from the bottom up." --> in reality this just makes you an advanced script kiddie, IMO. Nothing about learning the network and infrastructure around you. Nothing about how to find the data that "you" the Ethical Hacker want to see, or how to get it out of the organization.
Course Instructor: Zeal Vora
Overall Verdict: Stay Away
Pros:
Cons:
Review: It seems the goal of this course is to start you at the very beginning, and then take you through the process all the way to more advanced topics in penetration testing. To be honest, there is a lot of introductory IT stuff in this course. For example the discussion on DNS should not be in this course IMO. This is something you should already know, before you start learning about Ethical Hacking. (BTW, I would strongly debate the instructor on how many types of DNS records there are, and Question and Answer are not 2 of them.)
Very tool focused, like the CEH. no discussion of programming, scripting, social engineering, etc. For the whole section on protocols and networking, we only opened Wireshark on the last lesson. Just saying.
Some favorite quotes:
"Hacking is not just about attacking the server. It is a 2 way process. one is breaking into the serve,r and the other is coming out of the server safely." --> no mention of trying to get data out. My assumption was this is what he instructor meant, but a beginner will not know this.
"Ethical hacking is not just about the point-to-click and the tool will hack into the network. it is about you trying to understand what exactly the tool does from the bottom up." --> in reality this just makes you an advanced script kiddie, IMO. Nothing about learning the network and infrastructure around you. Nothing about how to find the data that "you" the Ethical Hacker want to see, or how to get it out of the organization.
a bit of humor
How a 'NULL' License Plate Landed One Hacker in Ticket Hell
https://www.wired.com/story/null-license-plate-landed-one-hacker-ticket-hell
Buffer Overflow Practice
https://github.com/stephenbradshaw/vulnserver/blob/master/readme.md
someone recently shared this with me, so I wanted to pass it along.
some links from the author:
http://www.thegreycorner.com/2010/01/beginning-stack-based-buffer-overflow.html
http://www.thegreycorner.com/2010/01/seh-stack-based-windows-buffer-overflow.html
http://www.thegreycorner.com/2010/01/windows-buffer-overflow-tutorial.html
http://www.thegreycorner.com/2010/01/heap-spray-exploit-tutorial-internet.html
http://www.thegreycorner.com/2010/02/windows-buffer-overflow-tutorial.html
http://www.thegreycorner.com/2010/03/difference-between-heap-overflow-and.html
and on and on......
I found at least 20 posts that it is worth spending some time with, so hats off to the author.
Buffer Overflow Practice
https://github.com/stephenbradshaw/vulnserver/blob/master/readme.md
someone recently shared this with me, so I wanted to pass it along.
file under oops
Election Systems Are Even More Vulnerable Than We Thought
https://www.wired.com/story/security-news-election-systems-more-vulnerable
https://www.vice.com/en_us/article/3kxzk9/exclusive-critical-us-election-systems-have-been-left-exposed-online-despite-official-denials
“If they did everything correctly [with the ES&S systems] as they say they do, there is no danger,” Robert Graham, CEO of Errata Security, told Motherboard. “These are all secure technologies that if [configured] correctly work just fine. It’s just that we have no faith that they are done correctly. And the fact that [election officials are] saying they aren’t on the internet and yet they are on the internet shows us that we have every reason to distrust them.”
rising prices of business
https://www.bloomberg.com/news/articles/2019-08-07/cybersecurity-pros-name-their-price-as-hacker-attacks-multiply
In the 12 months ended August 2018, there were more than 300,000 unfilled cybersecurity jobs in the U.S., according to CyberSeek, a project supported by the National Initiative for Cybersecurity Education. Globally, the shortage is estimated to exceed 1 million in coming years, studies have shown.
Flying Vulnerabilities
A Boeing Code Leak Exposes Security Flaws Deep in a 787's Guts
https://www.wired.com/story/boeing-787-code-leak-security-flaws
The Boeing press release makes me think that they're hiding something, or that they weren't able to fully test the vulnerabilities found.
Lies and Damn Lies: Getting Past the Hype of Endpoint Security Solutions
Some good things in here for anyone to use in their own evaluation.
I especially liked the business centrist view of the talk, as nothing gets done unless you can prove to the bean counters the benefits to the bottom line.
Mr. Wang trail deepens
More breadcrumbs..........
In summary, Zeng Xiaoyong, a well-known Chinese hacker using the handles ‘envymask’ and ‘EMM’ worked for RealSOI. RealSOI was closely associated with the MSS front companies identified in previous articles and Zeng knew Wang Qingwei, having worked as an InfoSec trainer with him.
#youknowwherethisleads
APT trends report Q2 2019
https://securelist.com/apt-trends-report-q2-2019/91897/
In April, we published our report on TajMahal, a previously unknown APT framework that has been active for the last five years. This is a highly sophisticated spyware framework that includes backdoors, loaders, orchestrators, C2 communicators, audio recorders, keyloggers, screen and webcam grabbers, documents, and cryptography key stealers; and even its own file indexer for the victim’s computer. We discovered up to 80 malicious modules stored in its encrypted Virtual File System – one of the highest numbers of plugins we have ever seen in an APT toolset. The malware features its own indexer, emergency C2s, the ability to steal specific files from external drives when they become available again, and much more. There are two different packages, self-named ‘Tokyo’ and ‘Yokohama’ and the targeted computers we found include both packages. We think the attackers used Tokyo as the first stage infection, deploying the fully functional Yokohama package on interesting victims, and then leaving Tokyo in place for backup purposes. So far, our telemetry has revealed just a single victim, a diplomatic body from a country in Central Asia. This begs the question, why go to all that trouble for just one victim? We think there may be other victims that we haven’t found yet. This theory is supported by the fact that we couldn’t see how one of the files in the VFS was used by the malware, opening the door to the possibility of additional versions of the malware that have yet to be detected.
In April, we published our report on TajMahal, a previously unknown APT framework that has been active for the last five years. This is a highly sophisticated spyware framework that includes backdoors, loaders, orchestrators, C2 communicators, audio recorders, keyloggers, screen and webcam grabbers, documents, and cryptography key stealers; and even its own file indexer for the victim’s computer. We discovered up to 80 malicious modules stored in its encrypted Virtual File System – one of the highest numbers of plugins we have ever seen in an APT toolset. The malware features its own indexer, emergency C2s, the ability to steal specific files from external drives when they become available again, and much more. There are two different packages, self-named ‘Tokyo’ and ‘Yokohama’ and the targeted computers we found include both packages. We think the attackers used Tokyo as the first stage infection, deploying the fully functional Yokohama package on interesting victims, and then leaving Tokyo in place for backup purposes. So far, our telemetry has revealed just a single victim, a diplomatic body from a country in Central Asia. This begs the question, why go to all that trouble for just one victim? We think there may be other victims that we haven’t found yet. This theory is supported by the fact that we couldn’t see how one of the files in the VFS was used by the malware, opening the door to the possibility of additional versions of the malware that have yet to be detected.
Subscribe to:
Posts (Atom)