Posts in Hacking and Security

Ouch – US-CERT advisory for this week deals a sharp slap in the face to Adobe

// July 13th, 2015 // No Comments » // Hacking and Security

On the heels of the Hacking Team dump, this week’s US-CERT advisory, a cyber-security bulletin which provides a summary of new security vulnerabilities, was about twice its usual size with all the Adobe Level 10 alerts included in the report. Remind me – why are these products still around?

Are Wild Neutron’s latest attacks related to the zero-day exploit(s) in Hacking Team’s drop?

// July 10th, 2015 // No Comments » // Hacking and Security

Both Kaspersky and Symantec released reports this week pointing out the increase in attacks by Wild Neutron (aka Jripbot, Morpho, or Butterfly). WN had gone mostly dormant (or undetected?) since 2013 after hitting Apple, Facebook, Twitter, and Microsoft using zero-day Java exploits (seeded in the hacked forums of various websites) and the OSX/Pintsized Mac OS […]

14 days running a secret Dark Web pedophile honeypot (and why I now think Tor is the devil)

// July 7th, 2015 // 15 Comments » // Hacking and Security

Before discoursing the lengthy analysis of the Dark Web honeypot (the pedophile honeypot in particular), let’s answer the question that is surely on everyone’s mind – did the honeypot allow me to reveal the true identity of the person visiting the site?

Imagine if we couldn’t report the news. Better yet, imagine you are Barrett Brown.

// January 23rd, 2015 // No Comments » // Hacking and Security

Imagine a cybercrime has occurred. 200 gigabytes of data have been stolen and posted on a remote site. The remote site is public, easily accessible to all. An experienced journalist (Barrett Brown) reports the location of the stolen data.

North Korea’s official full statement regarding the December 2014 Sony attack

// January 3rd, 2015 // No Comments » // Hacking and Security

Below is North Korea’s National Defense Commission’s official statement regarding the December 2014 Sony cyberattack – grammar and spelling errors left intact. The statement was published on December 22, 2014 by the country’s official news agency, KCNA. I’ve highlighted all the interesting (and humorous) parts.

US-CERT releases details on SMB worm tool used in Sony attack- complete breakdown

// December 19th, 2014 // No Comments » // Hacking and Security

US-CERT released alert TA14-353A today detailing a “SMB Worm Tool” recently used by cyber threat actors against a “major entertainment company”. Given the timing of the US formal accusations against North Korea, this certainly hints that the malware toolset being referenced is the one used by the Guardians of Peace (GOP) in the recent Sony […]

Anonymous fights fire with fire – threatens attacks against Sony (and others?) if The Interview is not released

// December 19th, 2014 // No Comments » // Hacking and Security

Anonymous Logo

In an odd but not totally unexpected twist to the story, a hacking group claiming to represent Anonymous has threatened Sony with the same type of bitch slap they got from [cough] North Korea’s GOP if the movie The Interview is not released as planned. This was followed by other messages from a poster claiming […]

FBI releases official update on Sony Investigation – officially confirms North Korea involvement in attack against Sony

// December 19th, 2014 // No Comments » // Hacking and Security

The following just went across the wire, released by the FBI, in which they “concluded that the North Korean government is responsible” for the attack and leak of Sony Pictures Entertainment data. The FBI based their conclusion on similarities in attack code and “infrastructure” previously tied to North Korea and threw down the gauntlet stating, […]

Guardians of Peace (GOP) release Sony CEO Outlook data file with threat to movie goers

// December 16th, 2014 // No Comments » // Hacking and Security

A Pastebin dump attributed to Guardians of Peace (GOP) was released a few hours ago followed by the purported screenplay for the upcoming movie The Interview. In the dump, the GOP continued to harp on their Christmas Day threat while including an invite to the public for special “requests”. The dump included another little surprise […]

Interesting list of Chinese filtered words, banned domains, and potential username/passwords

// December 12th, 2014 // No Comments » // Hacking and Security

That China filters their Internet traffic is no secret – their societal system (many believe) requires that information be filtered. What is more interesting, are the *words* that are filtered. Several research groups have studied China’s walled-off Internet infrastructure (via search engine results, reverse engineered software and hardware products, leaked router or firewall settings, etc.) […]

After loss of pre-release movies and confidential data – Sony goes on the offensive with DoS attacks

// December 11th, 2014 // No Comments » // Hacking and Security

fter the data breach and loss of pre-release films and confidential data in late November, Sony takes an offensive stance – and I like what I’m seeing. According to reports, Sony is using a deluge of Amazon cloud servers in Tokyo and Singapore to conduct DoS attacks against torrent seeds and websites hosting their stolen […]

Silk Road 2.0 bites the dust – does the U.S. government have a foothold in Tor?

// November 6th, 2014 // No Comments » // Hacking and Security

A year after the infamous Deep Web site, Silk Road, was shuttered by federal law enforcement, Silk Road 2.0 (a nearly identical dark web site which opened a month after Silk Road shut down) has suffered the same fate. Officials announced yesterday that they have arrested Blake Benthall (aka Defcon) in connection with the ownership […]

Rough start for Apple Pay alternative – CurrentC mobile payment data systems hacked today

// October 29th, 2014 // No Comments » // Hacking and Security

MCX’s CurrentC payment system, the alternative to Apple Pay backed by Walmart, Best Buy, CVS, Rite Aid, Gap, and others, was hacked today. Reports indicate the data breach involves the theft of email addresses of early beta participants and others who expressed interest in testing the new mobile payment system. No word yet on how […]

JPMorgan Chase security breach not what you think – military attack against key financial institutions turns over keys to the kingdom

// October 4th, 2014 // No Comments » // Hacking and Security

Although I’m disappointed that JPMorgan Chase delayed the disclosure of the breach that touched more than 83 million U.S. households (they knew about it at least four months ago), I’m even more upset at what they disclosed – that key customer financial data was not stolen. JPMorgan may tout the expertise of their security team […]

Rare cross-platform malware targets iOS and Android devices of Hong Kong protestors

// October 1st, 2014 // No Comments » // Hacking and Security

An Israeli security firm has discovered evidence of a cross-platform (iOS and Android) malware attack targeting the Operation Central (Umbrella Revolution) protestors in Hong Kong. The spyware, Xsser mRAT (or Xsser.0day), exposes information on the devices such as SMS and email messages, instant messages (e.g. Tencent Archive), GPS location data, phone call logs, contact information, […]

Spike DDoS toolkit details – frightening new DDoS botnet could potentially utilize Linux, Windows, and ARM IoT devices

// September 26th, 2014 // No Comments » // Hacking and Security

Security researchers have discovered an unusual, and frightening, new toolkit capable of infecting not only Windows and Linux computers, but also routers and IoTs. Dubbed Spike, it has demonstrated DDoS attacks as high as 215 gigabit/second against targets in Asia and the United States. Spike toolkit interfaces discovered by Akamai used Mandarin and thus, it […]