(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Privacy and human rights advocates are having a field day picking through a massive leak purporting to show spyware developer Hacking Team's most candid moments, including documents that appear to contradict the company's carefully scripted PR campaign.

"Imagine this: a leak on WikiLeaks showing YOU explaining the evilest technology on earth! :-)," Hacking Team CEO David Vincenzetti wrote in a June 8 e-mail to company employees including Walter Furlan, whose LinkedIn profile lists him as the international sales engineer of the spyware developer. "You would be demonized by our dearest friends the activists, and normal people would point their fingers at you."

Other documents suggested the US FBI was among the customers paying for software that allowed targets to be surreptitiously surveilled as they used computers or smartphones. According to one spreadsheet first reported by Wired, the FBI paid Hacking Team more than $773,226.64 since 2011 for services related to the Hacking Team product known as "Remote Control Service," which is also marketed under the name "Galileo." One spreadsheet column listed simply as "Exploit" is marked "yes" for a sale in 2012, an indication Hacking Group may have bundled some sort of attack code that remotely hijacked targets' computers or phones. Previously, the FBI has been known to have wielded a Firefox exploit to decloak child pornography suspects using Tor.

Read 5 remaining paragraphs | Comments

[CORE-2015-0012] - AirLive Multiple Products OS Command Injection

A controversial company that sells weaponized spyware has been penetrated by hackers who claim to have plundered more than 400GB worth of e-mails, source code, and other sensitive data—including invoices showing that the firm has done business in countries ruled by highly repressive governments.

Italy-based Hacking Team has long denied selling to nations with poor human rights records. It instead markets itself as a supplier of customized software for law enforcement departments and government agencies in countries with good human rights records. Its spyware, company officials have said, helps crack down on criminals and terrorists. Over the weekend, unidentified people claimed to hack Hacking Group computers and social media accounts and to make off with documents contradicting that narrative. As proof, the hacktivists posted invoices purporting to show malware sales to groups in Egypt, Russia, Saudi Arabia, Bahrain, the United Arab Emirates, Azerbaijan, Kazakhstan, and Uzbekistan.

"Since we have nothing to hide, we're publishing all our e-mails, files, and source code," the hackers wrote in a tweet that included a BitTorrent link to the alleged trove of documents. The statement was posted to the official Hacking Team Twitter account, which the hackers said had also been compromised (the account handle was changed to "Hacked Team").

Read 5 remaining paragraphs | Comments

Re: Google HTTP Live Headers v1.0.6 - Client Side Cross Site Scripting Web Vulnerability
Google Chrome Address Spoofing - Google's Opinion
127 ipTIME router models vulnerable to an unauthenticated RCE by sending a crafted DHCP request
Ruxcon 2015 Final Call For Presentations
WK UDID v1.0.1 iOS - Command Inject Vulnerability
CVE-2015-3442 Authentication Bypass in Xpert.Line Version 3.0
SQL Injection in easy2map wordpress plugin v1.24

Naked Security

Monday review - the hot 25 stories of the week
Naked Security
Get yourself up to date with everything we've written in the last seven days - it's weekly roundup time. Watch the top news in 60 seconds, and then check out the individual links to read in more detail.

Internet Storm Center Infocon Status