Skip to main content

HITB2015AMS

Discovering connections between attackers

posted onJune 5, 2015
by l33tdawg

In the last few years, Pedram Hayati, founder of Australian IT company Security Dimension, has been developing a custom honeypot intelligence system called Smart Honeypot.

Honeypots - fake systems designed to look like the real thing - can be used for many different purposes. One of these is to determine what attackers are after, their capabilities and the tactics they use to achieve their goals, and this is why Hayati set up thirteen Smart Honeypots in different geographic regions of Amazon Web Services and Google Cloud (America, Europe, Asia and Oceania).

New Guidance Aims to Plug Peepholes in City Surveillance Systems

posted onJune 2, 2015
by l33tdawg

A Commerce Department standards body has released preliminary guidelines for masking the personal data of individuals captured by traffic sensors, speed cameras and other Internet-connected government systems.

Coincidentally, the publication came out the day a Spanish researcher demonstrated that any stalker can monitor the driving habits of customers patronizing dozens of European parking lots. An unnamed major provider of parking management systems allegedly has not been implementing typical security settings.

Hackers Scan All Tor Hidden Services To Find Weaknesses In The 'Dark Web'

posted onJune 2, 2015
by l33tdawg

If you go down to the deep web today, you’ll be following hot on the heels of a digital beast. In a matter of hours last week, the entire semi-anonymising Tor network, where activists and criminals alike try to hide from the gaze of their respective authorities, was traversed by PunkSPIDER, an automated scanner that pokes websites to uncover vulnerabilities.

New Android NFC Attack Could Steal Money From Credit Cards Anytime Your Phone Is Near

posted onJune 1, 2015
by l33tdawg

Your NFC capable Android smartphone could be the newest weapon hackers use to steal money from the credit cards in your pocket, researchers find.  In a presentation at Hat In The Box Security Conference in Amsterdam, security researchers Ricardo J. Rodriguez and Jose Vila presented a demo of a real world attack, to which all NFC capable Android phones are vulnerable. This attack, delivered through poisoned apps, exploits the NFC feature allowing unethical hackers to steal money from victims’ credit cards anytime the cards are near the victims' phone.

HITB Haxpo Kicks Off With Richard Thieme’s Call To InfoSec Community To ‘Think Beyond The Edges’

posted onJune 1, 2015
by l33tdawg

“Think beyond the edges, because the edges are where new things come,” urged Richard Theime in the opening keynote for Hat In The Box Haxpo in Amsterdam. The former priest gone author and futuristic technology guru is well known within the InfoSec community and considered a “father figure” of the hacking convention circuit, keynoting at events such as DefCon and BlackHat.

PeopleSoft Vulnerabilities Elevate ERP Security Issues

posted onJune 1, 2015
by l33tdawg

Enterprise resource planning systems are the unexplored continent of vulnerability research, in spite of the fact that these massive, critical business systems support the inner workings of many large corporations and IT organizations.

A recent run of bugs in SAP, and a presentation at this week’s Hack in the Box conference in Amsterdam, however, could turn the tide and open some eyes to ERP security issues.

Hacking With Pictures; New Stegosploit Tool Hides Malware Inside Internet Images For Instant Drive-by Pwning

posted onJune 1, 2015
by l33tdawg

Go online for five minutes. Visit a few webpages. How many pictures do you see?

With the media rich nature of the web, chances are your answer is in the hundreds. It is in this space the future of malicious cyber attacks could be embedded. In a presentation at Hack In The Box in Amsterdam, Net Square security researcher Saumil Shah demonstrated an updated method of his digital steganography project, Stegosploit, which involves embedding executable JavaScript code within an image to trigger a drive by download.

Like routers, most USB modems also vulnerable to drive-by hacking

posted onJune 1, 2015
by l33tdawg

The majority of 3G and 4G USB modems offered by mobile operators to their customers have vulnerabilities in their Web-based management interfaces that could be exploited remotely when users visit compromised websites.

The flaws could allow attackers to steal or manipulate text messages, contacts, Wi-Fi settings or the DNS (Domain Name System) configuration of affected modems, but also to execute arbitrary commands on their underlying operating systems. In some cases, the devices can be turned into malware delivery platforms, infecting any computers they're plugged into.

How Evil Hackers Can Cause Chaos At Horribly Vulnerable Car Parks

posted onMay 15, 2015
by l33tdawg

There’s been growing interest in car hacking in recent years, inspired by researchers showing off exploits in real vehicles, tinkering with Teslas, and uncovering glaring vulnerabilities in third party kit. But criminal hackers could vex drivers in other ways, such as compromising internet-connected, easily hackable parking management systems, according to Spanish researcher Jose Guasch.