Inside

THE NETWORK OF EMAIL NEWSLETTERS | Login

Inside Security

Inside Security (Jul 17th, 2017)

David’s Take

If you are new to the Black Hat universe of shows happening next week in Vegas you might want to take a moment to acquaint yourself with the landscape and understand the various different venues happening there. My top story goes into details. Also today are descriptions of numerous attacks, both found in the labs and in the wild, which can potentially harm your networks.

-- David Strom, editor of Inside Security

  • Email gray
  • Permalink gray

Top Story: Black Hat conference recommendations

Next week is the annual Black Hat show in Vegas. It is actually a multitude of events, not all of which are run by the same folks. The main focus includes Arsenal (which is the live demos of various security tools) and the traditional trade show floor (both of which are held at the Mandalay Bay Wednesday and Thursday). There is also a CISO Summit held at the Four Seasons on Tuesday and the DEFCON show which starts on Thursday and runs through the weekend at Caesar’s Palace. And last but not least is B Sides Las Vegas, which is held at the Tuscany Suites Tuesday and Wednesday. This last show partly showcases the local farm team talent but often has some top-notch presentations (such as this one from a Proofpoint researcher on Google Docs vulnerabilities), many of which are available for watching online afterward.

The main keynote will be given by Alex Stamos, who is the Facebook CSO, on Wednesday at 9:00 am. He asks (and hopefully answers) if we can incentivize and celebrate defensive security research in the same way that we applaud the discovery of vulnerabilities. Here are a few other sessions that you might want to attend:

On Wednesday at 10 am there will be a talk on using a tool to determine your SAP security profile that uses PowerShell to probe further if your endpoint has been compromised.

There is a session on Wednesday at 11:30 am about using hacking tools to compromise Android phones, using some specific techniques that promise to be at the high end of the knowledge scale. At the same time, another talk will be on building a honeypot using a Raspberry Pi, and Christopher Hadnagy will discuss how attackers can research their targets and what you can do to stop them.

Wednesday at 1:50 pm, Borislav Chernilovsky, a security researcher at Imperva, will explore the Mirai attacks through the malware source code, including demonstrating the attacks themselves.

On Thursday at 9:00 am, this session shows you how a new exploit called Skype&Type can make use of audio info leaked from your VoIP calls to reconstruct the victim's input from keystroke noise.

Finally, RSA's Percy Tucker and Walter Abeson will discuss on Thursday at 11 am how they defend the show network from attacks and how the NOC team operates.

  • Email gray
  • Permalink gray

Attacks of the week

Kovter malware and its predecessor Poweliks use MSHTA to execute code stored in registry keys and values. To persist between reboots, Kovter uses a Run key value, but with a small twist: the key value name starts with a null character followed by random text. This post analyzes these sneakier kinds of fileless malware operates. -- SPECTEROPS

  • Email gray
  • Permalink gray

Researchers have found the Android backdoor they call GhostCtrl -- named because it can stealthily control many of the infected device’s functions. It has three versions. The first steals information, while the second added more device features to hijack. The third iteration combines the best of the earlier versions’ features—and then some. -- TREND LABS

  • Email gray
  • Permalink gray

Ransomware-as-a-Service is on the rise, and researchers have found two new tools. A new credential stealing malware dubbed Ovidiy Stealer targets primarily web browsers is being marketed at Russian-speaking web forums for as cheap as $7, allowing anyone with even little technical knowledge to hack as many computers as they want. Another RaaS tool is called Hackshit  -- it is a PhaaS platform which attracts new subscribers by offering them free trial accounts to review their limited set of hacking tutorials and tricks to make easy money. -- THE HACKER NEWS

  • Email gray
  • Permalink gray

ZeroFOX found more than 86,262 Twitter accounts were responsible for more than 8.6 million posts on Twitter promoting porn-based sites, many of them promoting domains in a swath of Internet address space owned by Deniro Marketing. The cause is a botnet called Siren, which appears to be run from Eastern European sources. -- KREBS ON SECURITY

  • Email gray
  • Permalink gray

New Mac malware is now pushing the Signal private-messaging app onto victim’s mobile devices as part of a scheme to steal their banking credentials. The threat, which goes by the name OSX/Dok, uses phishing mail laden with a malicious application as its attack vector. -- GRAHAM CLUELY BLOG

  • Email gray
  • Permalink gray

A team of researchers from Fox-IT and Riscure has put together a device using off-the-shelf electronic parts shown here that deduces encryption keys using only electromagnetic emissions coming from a nearby computer. The device exploits a well-known side-channel attack known as "Van Eck phreaking" and was specifically built to recover the encryption key from AES256 algorithms. This link goes into more details. -- BLEEPING COMPUTER

  • Email gray
  • Permalink gray

Just for fun

A man disrupted Federal Reserve chair Janet Yellen’s appearance before the Congressional committee with a sign endorsing bitcoin.The sign said “buy bitcoin” and included a bitcoin address. The image went viral and the address has since accrued 6.325 bitcoins, or $15,000, in contributions. The man was not fully identified but was named as a friend of an 18-year-old cryptocurrency trader. He was asked to leave the conference. – COINDESK

Email x1 untitled
  • Email gray
  • Permalink gray

Subscribe to Inside Security

MORE NEWSLETTERS

Small x2 screen shot 2016 08 26 at 11.01.00 am

Inside Podcasting

Curating the resurgence of the spoken word

TWICE WEEKLY
Small x2 sbs

Inside Podcasting

TWICE WEEKLY

SUBSCRIBED!

Share via

Small x2 fb art

Inside Facebook

Facebook's mission is to connect the world's people. Ours is to keep an eye on them.

TWICE WEEKLY
Small x2 socialnetwork

Inside Facebook

TWICE WEEKLY

SUBSCRIBED!

Share via

Small x2 screen shot 2017 03 29 at 11.18.00 pm

The Jason Calacanis Newsletter

Essays and musings from Inside.com founder Jason Calacanis

WEEKLY
Small x2 a7tmd

The Jason Calacanis Newsletter

WEEKLY

SUBSCRIBED!

Share via

Missing

Inside Social

The biggest and latest apps and platforms, plus trends and insights on the biggest online discussions

DAILY
Missing

Inside Social

DAILY

SUBSCRIBED!

Share via