Month: April 2017

Hajime ‘Vigilante Botnet’ Growing Rapidly; Hijacks 300,000 IoT Devices Worldwide

Last week, we reported about a so-called ‘vigilante hacker’ who hacked into at least 10,000 vulnerable ‘Internet of Things’ devices, such as home routers and Internet-connected cameras, using a botnet malware in order to supposedly secure them. Source: Hajime ‘Vigilante Botnet’ Growing Rapidly; Hijacks 300,000 IoT Devices Worldwide

April 27, 2017
NSA backdoor detected on >55,000 Windows boxes can now be remotely removed

Enlarge (credit: Countercept ) After Microsoft officials dismissed evidence that more than 10,000 Windows machines on the Internet were infected by a highly advanced National Security Agency backdoor , private researchers are stepping in to fill the void. Source: NSA backdoor detected on >55,000 Windows boxes can now be remotely removed

April 26, 2017
Lazarus Under the Hood – Kaspersky [PDF]

Lazarus Under the Hood – Kaspersky [PDF] :

April 21, 2017
Script kiddies pwn 1000s of Windows boxes using leaked NSA hack tools

Vulnerable unpatched systems expose exploitable SMB networking to world+dog The NSA’s Equation Group hacking tools, leaked last Friday by the Shadow Brokers, have now been used to infect thousands of Windows machines worldwide, we’re told.… Source: Script kiddies pwn 1000s of Windows boxes using leaked NSA hack tools

April 21, 2017
A Surprise Encounter With A Telco Apt [Pdf]

A SURPRISE ENCOUNTER WITH A TELCO APT [PDF] : You know who.

April 20, 2017
AlessandroZ/BeRoot

AlessandroZ/BeRoot : BeRoot(s) is a post exploitation tool to check commun Windows misconfigurations to find a way to escalate our privilege. A compiled version is available here . It will be added to the pupy project as a post exploitation module (so it will be executed all in memory without touching the disk).

April 20, 2017
Exploits: how great is the threat?

How serious, really, is the danger presented by exploits? The recent leak of an exploit toolset allegedly used by the infamous Equation Group suggests it’s time to revisit that question. Several zero-days, as well as a bunch of merely ‘severe’ exploits apparently used in-the-wild were disclosed, and it is not yet clear whether this represents…

April 20, 2017
Introduction to the NIST CyberSecurity Framework for a Landscape of Cyber Menaces

The implementation of the NIST CyberSecurity Framework is of vital importance for the changes taking place in the landscape of zero-day threats The NIST CyberSecurity Framework is a guide for businesses and enterprises of good practices for information security. Source: Introduction to the NIST CyberSecurity Framewor for a Landscape of Cyber Menaces

April 20, 2017
netsec/ CLDAP Protocol Allows DDoS Attacks with 70x Amplification Factor

http://ift.tt/2pikfL7 Ref: http://ift.tt/2pgMCMI Date: April 15, 2017 at 01:40AM Author: prinnyerwin

April 19, 2017
netsec/ Dropping reverse shells via SSH

http://ift.tt/2psPJOT Ref: http://ift.tt/2oFeGIg Date: April 17, 2017 at 10:10AM Author: mrschyte

April 19, 2017