Fort Disco: The new brute-force botnet. Internet security firm Arbor Networks reports that a new botnet, Fort Disco, is made up of over 25,000 Windows PCs and is targeting blog sites and content management systems (CMS)es.
Once these are infected, they can then be used to spread the botnet's malware and to attack other systems. Matthew Bing, an Arbor Security Engineering & Response Team (ASERT) research analyst, wrote, "Arbor ASERT has been tracking a campaign we are calling Fort Disco which began in late May 2013 and is continuing. We’ve identified six related command-and-control (C&C) sites that control a botnet of over 25,000 infected Windows machines. To date, over 6,000 Joomla, WordPress, and Datalife Engine installations have been the victims of password guessing. " Arbor Networks has determined that there are at least four variants of the Windows malware used by the Fort Disco botnet. After 30 Years of "Hacking" Data Security Has Not Changed Much. Data security (and privacy) has been in the news a lot lately as if it is a new and troubling issue.
In fact this has been a major topic of discussion going back to the mid-1980s when the first consumer available modems hit the market. This started the practice of war dialing where phone phreaks would dial random numbers to see if any would answer to their computers. One of the more famous phone phreaks is none other than Steve Wozniak, Co-Founder of Apple Computers. These are the guys that pioneered the hacking scene (and in some cases the piracy scene as well).
Five unsettling hacks from DefCon and Black Hat. At the Black Hat and DefCon conferences in Las Vegas, hackers showcase exploits they've found to help fix them.
Security researchers showed the latest phone, home and car hacks in Las VegasSmartphones were hacked through chargers, malware and femtocellsSome cameras in computers, toys and smart TVs can be secretly viewed by third parties (CNN) -- If something can connect to a network, it can be hacked. Computers and phones are still popular targets, but increasingly so are cars, home security systems, TVs and even oil refineries.
That was the message at this year's Black Hat and DefCon computer security conferences, which took place last week in Las Vegas. The annual conferences draw a mix of computer researchers and hackers who present the latest bugs and vulnerabilities they've discovered. Black Hat: Researchers demo charger capable of malicious app installs on iPhone. August 01, 2013 Apple will now include a fix for the issue in an iOS 7 update planned for the fall.
Researchers demonstrated Wednesday how a craftily built malicious charger for iPhones can trick users into launching a "trojanized" application the looks just like popular apps already on their phones. Wolf in sheep's clothing at Black Hat: Getting pwn'd by innocent looking devices. A trio of researchers presented “Mactans: Injecting Malware into iOS Devices via Malicious Chargers” at Black Hat, demonstrating how an “iOS device can be compromised within one minute” after plugging into a maliciously crafted charger.
Until Apple patches the vulnerability that allows the exploit, all iPhone or iPad users are vulnerable as the device does not need to be jailbroken for the attack to work. It takes advantage of an iOS flaw that allows pairing without any notification to the user. Their proof-of-concept charger, dubbed Mactans, was built using a $45 BeagleBoard.
As soon as an iOS device is plugged in, the fake charger instantly captures the Unique Device Identifier (UDID). Pwned again: An exclusive look at Pwnie Express’ newest hack-in-a-box. Tomorrow at the Black Hat security conference in Las Vegas, the Pwnie Express will officially unleash Pwn Plug R2, the next generation in its arsenal of penetration testing and hacking hardware.
Ars got an exclusive rundown in advance on the device from Dave Porcello, founder and CEO of Pwnie Express. Point of Sale skimmer that prints out real-seeming receipts. Brian Krebs reports on a terrifyingly real-seeming Point of Sale skimmer: a device that looks and feels just the thing you normally stick your credit-card into and then enter your pin into, which can print out a real-seeming receipt showing the transaction was approved by your bank.
Instead, what this thing does is record your card number, PIN, and other information needed to replicate your card and use it to clean out your account. This miscreant sells two classes of pre-hacked wireless Verifone POS devices: The Verifone vx670, which he sells for $2,900 plus shipping, and a Verifone vx510, which can be had for $2,500. Below is a video he posted to youtube.com showing a hacked version of the vx510 printing out a fake transaction approval receipt. Matthew Jakubowski: Hacker cracks 4 million hotel locks with 'James Bond Dry Erase Marker' By Daily Mail Reporter Published: 17:00 GMT, 6 October 2012 | Updated: 21:15 GMT, 6 October 2012.
HakShop — WiFi Pineapple Mark IV. Command the WiFi landscape and direct attacks from a live recon dashboard, passively monitoring all devices in the vicinity. Limit the audit to specified clients and access points within the scope of engagement and ensure zero collateral damage. Acquire clients with a comprehensive suite of WiFi man-in-the-middle tools specializing in targeted asset collection. Record and analyze logs, generate emailed reports at set intervals, and identify vulnerable devices in your organization.
The WiFi Pineapple® NANO and TETRA are the 6th generation auditing platforms from Hak5. Thoughtfully developed for mobile and persistent deployments, they build on over 8 years of WiFi penetration testing expertise. At the core of the WiFi Pineapple is PineAP, an advanced suite of wireless penetration testing tools for reconnaissance, man-in-the-middle, tracking, logging and reporting. ATM skimmers that fit in the card-slot. Police in an unidentified European nation have retrieved wafer-thin ATM skimmers that are so small that they can be fitted inside the credit-card insertion slot.
Brian Krebs describes the finding: That’s according to two recent reports from the European ATM Security Team (EAST), an organization that collects ATM fraud reports from countries in the region. In both reports, EAST said one country (it isn’t naming which) alerted them about a new form of skimming device that is thin enough to be inserted directly into the card reader slot. These devices record the data stored on the magnetic stripe on the back of the card as it is slid into a compromised ATM. HOWTO open an electronic hotel-room lock without a key. Cody Brocious -- a Mozilla dev and security researcher -- presented a paper on a vulnerability in hotel-door locks last month at Black Hat.
Many electronic hotel door-locks made by Onity have a small DC power-port that also supplies data beneath them. Brocious showed that if he plugs an Arduino into these locks, reads out the 24-bit number sitting there, and re-transmits it to them, some appreciable fraction of them (but not all of them) spring open. Testing a standard Onity lock he ordered online, he’s able to easily bypass the card reader and trigger the opening mechanism every time.