securityXspace: a blog about cyber-philosophy.

Move shows the importance of international co-operation to take down cybercrime at its roots Source: Discovery of 8,800 C2 servers sends warning to Asian cybercriminals

‘Antbleed’ attack could crock 70 per cent of all mining. Time to try another flavour? A new branded bug ( sigh ) has landed, specific to an ASIC-based Bitcoin miner: dubbed “Antbleed”, it allows remote shutdown of hardware sold by a company called “Bitmain”.… Source: Unplug the Bitcoin miner and do us all a favour:…

A malware family known as FalseGuide masqueraded as game guides on Google Play to infect nearly two million Android devices. David Bisson reports. Source: Almost two million Androids infected by FalseGuide malware, masquerading as game guides

SAN FRANCISCO (Reuters) – To understand why it is so difficult to defend computers from even moderately capable hackers , consider the case of the security flaw officially known as CVE-2017-0199. The bug was unusually dangerous but of a common … Source: Hackers exploited Word flaw for months while Microsoft investigated

Last week, we reported about a so-called ‘vigilante hacker’ who hacked into at least 10,000 vulnerable ‘Internet of Things’ devices, such as home routers and Internet-connected cameras, using a botnet malware in order to supposedly secure them. Source: Hajime ‘Vigilante Botnet’ Growing Rapidly; Hijacks 300,000 IoT Devices Worldwide

Enlarge (credit: Countercept ) After Microsoft officials dismissed evidence that more than 10,000 Windows machines on the Internet were infected by a highly advanced National Security Agency backdoor , private researchers are stepping in to fill the void. Source: NSA backdoor detected on >55,000 Windows boxes can now be remotely removed

Lazarus Under the Hood – Kaspersky [PDF] :

Vulnerable unpatched systems expose exploitable SMB networking to world+dog The NSA’s Equation Group hacking tools, leaked last Friday by the Shadow Brokers, have now been used to infect thousands of Windows machines worldwide, we’re told.… Source: Script kiddies pwn 1000s of Windows boxes using leaked NSA hack tools

A SURPRISE ENCOUNTER WITH A TELCO APT [PDF] : You know who.

AlessandroZ/BeRoot : BeRoot(s) is a post exploitation tool to check commun Windows misconfigurations to find a way to escalate our privilege. A compiled version is available here . It will be added to the pupy project as a post exploitation module (so it will be executed all in memory without touching the disk).