Hackin9

Infosecurity Magazine

Mobile Fraud Skyrockets, But Merchants Are Unprepared
Infosecurity Magazine
Despite mobile fraud growing by 81% between 2011 and 2015, nearly four out of 10 merchants (38.5%) say determining if they've been victimized is the largest barrier to effectively managing fraud risk. According to the latest data from the Kount 2016 ...

 

Engadget

How 60 Minutes played 'Telephone' with public hacking hysteria
Engadget
Then he read through Alfonsi's (apparently unencrypted) CBS News email. Hering's next proof of his super-hacker power was to show Alfonsi that he could spy on her using the front facing camera on her phone. At the beginning of this little contrived ...

and more »
 

Australia to cyber the world
New Zealand Herald
... dollars is being sunk on the initiative. Already, I've had an avalanche of emails from security vendors welcoming the cyber security policy, no doubt hoping for a slice of the action. Now's probably a good time to consider a career in infosec in ...

and more »
 
 

Don't Let Tax Procrastinators Become Prey for Hungry Hackers
Accounting Today
The 2015 State of File Collaboration Security report by Enterprise Management Associates revealed that 80 percent of IT and information security professional survey participants were aware of data leakage incidents in their organizations, and 50 ...

and more »
 

If its happen that you like to run your honeypot on a Windows system then Honeyport is something worth to try.

Honeyports is a powershell script that will Creates a job that listens on TCP Ports specified and when a connection is established, it can either simply log or add a local firewall rule to block the host from further connections.

The script is written by John Hoyt, Carlos Perez and Greg Foss and its available on">

.\honeyport.ps1 -ports 2222

">One of the greatest features of thehoneyportspowershellscript that it will log to the Windows events ,the events would be logged under thename of">" />

Now lets try to connect to port 2222 and see what">

nc 192.168.8.104 2222

">

Index Time EntryType Source InstanceID Message

----- ---- --------- ------ ---------- -------

108216 Apr 22 14:48 Information BlueKit 1002 192.168.8.105 has probed the HoneyPort on port ...

108215 Apr 22 14:47 Information BlueKit 1001 HoneyPort has started listening for connections...

Now let">

.\honeyport.ps1 -ports 4444 -block $true

">

Index Time EntryType Source InstanceID Message

----- ---- --------- ------ ---------- -------

115644 Apr 22 16:36 Information BlueKit 1002 192.168.8.105 has been blocked on port 4444

115643 Apr 22 16:36 Information BlueKit 1002 192.168.8.105 has probed the HoneyPort on port ...

">

$rule.Protocol = 6

">

$rule.Protocol = all

">

stop-job -name HoneyPort

remove-job -name HoneyPort

And don">

Remove-NetFirewallRule -DisplayName Block scanner

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

 

Tampabay.com

Pinellas Sheriff's Office is using a tool that can turn your phone into a tracking device
Tampabay.com
The Sting Ray ll made by the Harris Corp. is used by some law enforcement agencies to track cell phone activity. Photo from the Infosec Institute. James McLynas was driving his Ford Explorer across the Howard Frankland Bridge on Oct. 30, 2013 when he ...

 
[security bulletin] HPSBGN03580 rev.1 - HP Data Protector, Remote Code Execution, Remote Unauthorized Disclosure of Information
 
[security bulletin] HPSBMU03573 rev.1 - HPE System Management Homepage (SMH), Remote Disclosure of Information
 

The Web console for Nuclear, the customer-friendly malware-as-a-service platform. Some Nuclear infrastructure operating on DigitalOcean servers was recently disrupted. (credit: Check Point)

Security researchers at Cisco Talos and Check Point have published reports detailing the inner workings of Nuclear, an "exploit kit" Web service that deployed malware onto victims' computers through malicious websites. While a significant percentage of Nuclear's infrastructure has been recently disrupted, the exploit kit is still operating—and looks to be a major contributor to the current crypto-ransomware epidemic.

Introduced in 2010, Nuclear has been used to target millions of victims worldwide, giving attackers the ability to tailor their attacks to specific locations and computer configurations. Though not as widely used as the well-known Angler exploit kit, it has been responsible for dropping Locky and other crypto-ransomware onto more than 140,000 computers in more than 200 countries, according to statistics collected by Check Point (PDF). The Locky campaign appeared to be placing the greatest demand on the Nuclear pay-to-exploit service.

Much of Talos' data on Nuclear comes from tracking down the source of its traffic—a cluster of "10 to 15" IP addresses that were responsible for "practically all" of the exploit infrastructure. Those addresses were being hosted by a single cloud hosting provider—DigitalOcean. The hosting company's security team confirmed the findings to Talos and took down the servers—sharing what was on them with security researchers.

Read 12 remaining paragraphs | Comments

 
SEC Consult SA-20160422-1 :: Multiple vulnerabilities in Digitalstrom Konfigurator
 
SEC Consult SA-20160422-0 :: Insecure credential storage in my devolo Android app
 

Infosecurity Magazine

Alarming Percentage of Orgs Can't ID a Data Breach
Infosecurity Magazine
... a database breach. “This study reveals there's a clear shift beginning to occur in information security away from total reliance on perimeter security toward a greater emphasis on database security,” said Michael Osterman, president of Osterman ...

and more »
 
[SECURITY] [DSA 3553-1] varnish security update
 

ITWeb

Can SA turn insecurity into profit?
ITWeb
Craig Rosewarne, MD of Wolfpack Information Risk and a keynote speaker at the ITWeb Security Summit 2016, says he expects to see cyber threats on the rise, and information security budgets under pressure, creating a high-risk environment until the ...

 
Internet Storm Center Infocon Status