Stack Exchange Security Blog kippo - SSH Honeypot Kippo is a medium interaction SSH honeypot designed to log brute force attacks and, most importantly, the entire shell interaction performed by the attacker. Kippo is inspired, but not based on Kojoney. Demo Some interesting logs from a live Kippo installation below (viewable within a web browser with the help of Ajaxterm). Note that some commands may have been improved since these logs were recorded. Features Submit Suspicious Files We use cookies to save your preferences. To safeguard our commercial interests, we require necessary information about your use of our web pages and the geolocation of the device from where they are accessed. We use Google Analytics to identify this data. As part of this, we have configured Google Analytics to minimize the amount of data that is collected and to ensure compliance with legal requirements.By agreeing to all the categories, you help us:
Thieves Reaching for Linux—"Hand of Thief" Trojan Targets Linux #INTH3WILD Just two weeks after reporting about the commercialization of the KINS banking Trojan, RSA reveals yet another weapon to be used in a cybercriminal’s arsenal. It appears that a Russia based cybercrime team has set its sights on offering a new banking Trojan targeting the Linux operating system. This appears to be a commercial operation, which includes support/sales agents and software developer(s). Meet the “Hand of Thief” Trojan Hand of Thief is a Trojan designed to steal information from machines running the Linux OS. This malware is currently offered for sale in closed cybercrime communities for $2,000 USD (€1,500 EUR) with free updates.
Errata Security bonesi - BoNeSi - the DDoS Botnet Simulator BoNeSi, the DDoS Botnet Simulator is a Tool to simulate Botnet Traffic in a testbed environment on the wire. It is designed to study the effect of DDoS attacks. What traffic can be generated? BoNeSi generates ICMP, UDP and TCP (HTTP) flooding attacks from a defined botnet size (different IP addresses). BoNeSi is highly configurable and rates, data volume, source IP addresses, URLs and other parameters can be configured. What makes it different from other tools?
Bitdefender Cybersecurity Blog: News, Views and Insights Website down! DDoS-for-hire site Webstresser shut by crime agencies by Graham CLULEY, from HotForSecurity , on 25.04.2018 International law enforcement agencies have forced offline a website believed to be the worldand#8217;s biggest marketplace for hiring distributed denial-of-service (DDoS) attacks. Webstresser.org offered anyone the ability to purchase a DDoS attack, capable of making websites and services inaccessible to internet users, for less than $20. As a Europol press release explains, Webstresserand#8217;s alleged administrators [and#8230;] read more Hand of Thief Banking Trojan Takes Aim at 'Secure' Linux OS The appropriately named “Hand of Thief” trojan carries a formidable price tag – it’s now for sale in closed cybercrime communities for $2,000, with free updates, according to RSA cyber-intelligence expert Limor Kessem. The functionality includes form-grabbers and backdoor capabilities for now, but it’s expected that the trojan will have a new suite of web injections soon, she said. And so, it should graduate to become full-blown banking malware in the very near future. At that point, the price is expected to rise to $3,000, plus a hefty $550 per major version release. But it’s unclear if it can command that kind of money for the long haul considering that, unlike KINS, it lacks the ability to spread the malware widely via the Windows platform.
Enterprise Security Without Compromise Kernel Sec Features Editor's Note: This is a guest post from James Morris, the Linux kernel security subsystem maintainer and manager of the mainline Linux kernel development team at Oracle. In this article, we'll take a high-level look at the security features of the Linux kernel. We'll start with a brief overview of traditional Unix security, and the rationale for extending that for Linux, then we'll discuss the Linux security extensions. Unix Security – Discretionary Access Control
Don't trust me: I might be a spook Shortly after the Snowden papers started to be published, I was invited to write an op-ed about PRISM and its implications for privacy and online security. I initially agreed, but after spending a few hours putting some thoughts together I changed my mind: I really had nothing useful to say. Yes, the NSA is spying on us, listening to our phone calls, and reading our email — but we already knew that, and a few powerpoint slides of confirmation really doesn't change anything. When the first revelations about BULLRUN — the fact that the NSA can read a lot of encrypted data on the internet — appeared, I was similarly unimpressed: If you can find a weakness in an implementation of a cryptographic system, you can often bypass the cryptography, and the US government, via defense contractors, has hundreds of open job postings for exploit writers with Top Secret clearances. If the NSA can break 2048-bit RSA, it would be a Big Deal; if they can break OpenSSL, not so much.