Cybersec Brief w/c 5th September 2016

Selected cybersecurity events of the week commencing Monday 5th September 2016.

A malware developer is outraged because of incorrect details being published about his malware.

Geo-Politics

[GERMAN] Judge justifies sentence partly based on browsing history of murder suspect: 'He googled for "strangling until death" not for "strangling until unconscious"'
http://www.spiegel.de/panorama/justiz/anneli-prozess-er-hat-nicht-nach-betaeubung-gegoogelt-sondern-nach-tod-a-1111005.html

Cybercrime

Android malware developer contacts IBM cybersecurity to correct published details about his malware
https://ig.ft.com/sites/special-reports/cyber-attacks/

Research & Reports

Conference talk submission system hack writeup
http://haxx.ml/post/149975211631/how-i-hacked-your-cfp-and-probably-some-other

A non-technical, short pitch about how narrow AI might be used for cybersecurity in the future
http://www.darkreading.com/analytics/introducing-deep-learning-boosting-cybersecurity-with-an-artificial-brain/a/d-id/1326824?

A well-rounded picture of various phases of a cyber-attack: the CISO's perspective, how the IR team reacts, the future of cybercrime, ...
https://ig.ft.com/sites/special-reports/cyber-attacks/

Cybersec Brief w/c 29th August 2016

Selected cybersecurity events of the week commencing Monday 29th August 2016.

A new Stuxnet documentary and a mature IoT botnet seen in the wild

Geo-Politics

New documentary about Stuxnet sheds light on overall cyberwar plans
http://www.techrepublic.com/article/zero-days-why-the-disturbing-stuxnet-documentary-is-a-must-see/

Cybercrime

IoT malware creates botnet
https://www.hackread.com/bashlite-malware-linux-iot-ddos-botnet/

Kernel.org hacking suspect arrested
http://www.securityweek.com/kernelorg-hacking-suspect-arrested-florida

BitTorrent client Transmission infected with malware

http://uk.businessinsider.com/transmission-malware-2016-8?r=US&IR=T

Research & Reports

Inversoft hacking challenge hacked: Hack this hardened server
http://polynome.co/infosec/inversoft/elasticsearch/linode/penetration-testing/2016/08/16/hack-that-inversoft.html

How to make the best out of a Pentest or Bug Bounty
https://infosecremedy.blogspot.in/2016/06/how-to-truly-benefit-from-pentests-and-bugbounties.html

[LONG] The threat of autonomous weapons
https://www.buzzfeed.com/sarahatopol/how-to-save-mankind-from-the-new-breed-of-killer-robots?utm_term=.tk3Amd0na#.xcY4QBbqz

Cybersec Brief w/c 22nd August 2016

Selected cybersecurity events of the week commencing Monday 22nd August 2016.

NASA having security issues, iOS 0-days seen in the wild an some things about crypto-currencies.

Tools, Techniques & Procedures

Major update for exploit development toolkit Pwntools
http://www.theregister.co.uk/2016/08/24/major_update_drops_for_popular_pwntools_penetration_showbag/

Geo-Politics

Banks starting to regulate crypto-currencies
http://www.reuters.com/article/us-banks-blockchain-ubs-idUSKCN10Z147

NASA let's HPE's authority to operate expire due to HPE's failure to deliver services & hardware
http://www.csoonline.com/article/3112677/leadership-management/nasa-cio-allows-hpe-contract-to-expire-refuses-to-sign-off-on-authority-to-operate.html

NASA's security a mess under HPE's support
http://www.siliconbeat.com/2016/08/24/nasa-computer-network-a-security-mess-under-hp-enterprise-management-report/

Russian hackers target US
https://hacked.com/new-york-times-russian-intelligence-hackers-targeted-us/

Cybercrime

Multiple iOS 0-days discovered in UAE surveillance case
http://www.theregister.co.uk/2016/08/25/update_your_ios_devices_now_theres_an_apt_in_the_wild/

Linux devices turned into botnet zombies
https://www.hackread.com/trojan-turns-linux-devices-into-botnet/

Blizzard once again under DDoS fire
http://www.theregister.co.uk/2016/08/23/blizzard_ddos/

[GERMAN] Ausgeklügleter Virus schürft Krypto-Währungen
http://www.golem.de/news/kritische-infrastrukturen-wenn-die-usv-kryptowaehrungen-schuerft-1608-122837.html

EpicGames forum hacked, 800k gamers' credentials at risk
https://hacked.com/800000-gamers-credentials-risk-epic-games-forums-breach/

Research & Reports

AskMeAnything with game hacking book author
https://www.reddit.com/r/netsec/comments/4yqjis/i_am_nick_cano_author_of_game_hacking_developing/

Cybersec Brief w/c 15th August 2016

Selected cybersecurity events of the week commencing Monday 15th August 2016.

Potential NSA tools & exploits being leaked and the German Intelligence Agency challenging applicants with a reverse engineering puzzle.

Tools, Techniques & Procedures

Monitoring WMI to catch WMI attacks
https://www.fireeye.com/blog/threat-research/2016/08/wmi_vs_wmi_monitor.html

[GERMAN] German intelligence agency puts reverse engineering challenge online for applicants
http://www.bnd.bund.de/DE/Karriere/Reversing_Challenge/Reversing_Challenge_node.html

Cybercrime

Munich shooting gun dealer suspect arrested
http://www.thelocal.de/20160816/man-who-sold-gun-to-munich-shooter-arrested-in-marburg

'ShadowBrokers' offering potential Equation Group (NSA?) tools and exploits for highest bidder
https://www.riskbasedsecurity.com/2016/08/the-shadow-brokers-lifting-the-shadows-of-the-nsas-equation-group/

Research & Reports

Cisco to cut 5,500 jobs as revenue drops by 2%
https://www.theguardian.com/technology/2016/aug/17/cisco-systems-to-sack-fifth-of-global-workforce-says-report

Powershell to be ported to Linux & Mac and becoming Open-Source
http://www.theregister.co.uk/2016/08/18/microsoft_brings_powershell_to_linux_and_mac_publishes_as_open_source/

Cybersec Brief w/c 8th August 2016

Selected cybersecurity events of the week commencing Monday 8th August 2016.

A busy week in the wake of Defcon and Blackhat 2016. Bug bounties on the rise and smart machines automating vulnerability discovery and patching.

Tools, Techniques & Procedures

A collection of multiple years' worth of DefconCTFs
Enough brainteasers for the rainy autmn season.
http://fuzyll.com/2016/the-defcon-ctf-vm/

Cybercrime

Malware-infected USB sticks sent out by o2 UK
An interesting case of a supply chain attack? 
http://www.theregister.co.uk/2016/08/08/o2_sent_customers_a_windows_virus_on_usb_pens/

Research & Reports

Collection of Defcon 2016 presentations
https://media.defcon.org/DEF%20CON%2024/DEF%20CON%2024%20presentations/

Bugcrowd AskUsAnything
Prominent bug bounty platform opens up for questions

https://www.reddit.com/r/netsec/comments/4uuyo9/we_are_bugcrowd_ask_us_anything_casey_ellis/

Vulnerability might leave big parts of the internet open to 'Man-In-The-Middle' attack

Even if attacker is not sitting along the traffic route 

http://arstechnica.com/security/2016/08/linux-bug-leaves-usa-today-other-top-sites-vulnerable-to-serious-hijacking-attacks/

AskUsAnything with people behind Mayhem, 'AI' winning Darpa's Grand Cyber Challenge 2016

Mayhem was designed to identify and patch vulnerabilities automatically. Good bye, Pentesters!

https://www.reddit.com/r/IAmA/comments/4x9yn3/iama_mayhem_the_hacking_machine_that_won_darpas/

Insights on bug bounties from a successful, long-term bug hunter

http://www.skeletonscribe.net/2016/08/reviewing-bug-bounties-hackers.html

Cybersec Brief w/c 1st August 2016

Selected cybersecurity events of the week commencing Monday 1st August 2016.

Tools, Techniques & Procedures

Dark Web OSINT automation with python and OnionScan
In-depth description and coding tutorial in python.
http://www.automatingosint.com/blog/2016/07/dark-web-osint-with-python-and-onionscan-part-one/

FireEye releases Fakenet-NG to provide malware analysts and Pentesters with a configurable traffic interception framework

https://github.com/fireeye/flare-fakenet-ng

A multiplayer framework for Pentesters during engagements
Make Pentesting a gamified collaborative effort and maximize the synergies of Pentesters working together.
https://www.faradaysec.com/

Salesforce releases Vulnreport, a tool to automate Pentest / Vulnerability Management reporting
The tool is meant to help Pentesters increase efficiency and focus on the testing rather than the reporting.
https://medium.com/salesforce-open-source/introducing-vulnreport-b3ad324411a1#.mrys1asz0
http://vulnreport.io/

Cybercrime

FossHub hacked - Software Audacity & Classic-Shell was bundled with malware

http://www.infosecisland.com/blogview/24798-FossHub-Hacked-Distributes-Malware-Packed-Audacity-and-Classic-Shell.html

Research & Reports

FireEye releases ICS Vulnerability Trend Report
https://www2.fireeye.com/rs/848-DID-242/images/ics-vulnerability-trend-report-final.pdf

IBM claims to have created artificial spiking neurons, opening possible advancements in AI 
http://www.theregister.co.uk/2016/08/03/ibm_phase_change_material_neuron_modelling/

High frequency bug hunting: 120 bugs in 120 days. A report
https://shubs.io/high-frequency-security-bug-hunting-120-days-120-bugs/

Cybersec Brief w/c 25th July 2016

Selected cybersecurity events of the week commencing Monday 25th July 2016.

Tools, Techniques & Procedures

FireEye releases tool-roundup about some frequently used Red Teaming tools.
The round-up covers multiple phases of a Red Team engagement.
https://www.fireeye.com/blog/threat-research/2016/07/red_team_tool_roundup.html

Nettitude consultants release PoshC2, a Powershell C2 post exploitation framework for Red Teaming.
The functionality and features are similar to Empire and CobaltStrike's Beacon.
https://github.com/nettitude/PoshC2

A 5-step how-to on how to get your Threat hunting team going.
http://www.darkreading.com/vulnerabilities---threats/how-to-roll-your-own-threat-intelligence-team/a/d-id/1326445?

A project dedicated to Threat hunting including various IoCs and tips.
http://www.threathunting.net/

Geo-Politics

US Democratic National Comittee hacked. Unconfirmed rumors say Russians are behind the attack.
https://www.theguardian.com/us-news/2016/jul/26/russia-hackers-democratic-national-committee-email-leak

German shooter buys gun on Darknet and lures victims in via hacked Facebook account.
http://www.networkworld.com/article/3099197/security/german-shooter-hacked-facebook-account-to-lure-victims-bought-gun-on-dark-net.html