Tag Archives: site

[ISN] THOTCON 0x7 Tickets on Sale NOW! – Buy them before its too late

[Moderators note – I’ve attended THOTCON for the last six years (I’ll be attending 0x07) and found THOTCON to have a very high signal to noise ratio, the networking can’t be beat, and if you’re not from Chicago proper, we have epic food, beverages and nightlife that I feel everyone should try! http://thotcon.org/ – WK] *************************************************************************** ***BEGIN THOTCON TRANSMISSION********************************************** d8b d8P ?88 d8P d888888P 88b d888888P ?88′ 888888b d8888b ?88′ d8888b d8888b 88bd88b 88P 88P `?8bd8P’ ?88 88P d8P’ `Pd8P’ ?88 88P’ ?8b 88b d88 88P88b d88 88b 88b 88b d88 d88 88P `?8b d88′ 88b`?8888P’ `?8b `?888P’`?8888P’d88′ 88b What: THOTCON 0x7 – Chicago’s Hacking Conference When: May 5th & 6th, 2016 Where: TOP_SECRET / совершенно секретно / 絕密 Tickets: On Sale NOW! Call For Papers: Is NOW Open! Hacker Brew Contest: Opens January 1, 2016 Subscribe to our mailing list Email Address Subscribe B3 S0c14l: LinkedIn * Twitter * IRC/freenode/#THOTCON *************************************************************************** THOTCON (pronounced ˈthȯt and taken from THree – One – Two) is a small venue hacking conference based in Chicago IL, USA. This is a non-profit, non-commercial event looking to provide the best conference possible on a very limited budget. Once you attend a THOTCON event, you will have experienced one of the best information security conference experiences combined with a uniquely casual and social experience. THOTCON 0x7 is the seventh incarnation of this event and will be held on Thursday and Friday May 5th and 6th, 2016. It will be held at a location only to be disclosed to attendees and speakers during the week before the event. For more information, explore this site or contact us at info@thotcon.org. Выпить все бухло, взломать все вещи! ***END THOTCON TRANSMISSION************************************************ ***************************************************************************

Tags: , , , , ,

[ISN] Healthcare sector 340% more prone to IT security threats

http://www.computerweekly.com/news/4500254005/Healthcare-sector-340-more-prone-to-IT-security-threats By Bryan Glick Editor in Chief ComputerWeekly.com 23 Sep 2015 Healthcare organisations are 340% more likely to be hit by an IT security incident than the average across all sectors, and 200% more likely to experience data theft, according to research. Medical information sells for 10 times more than other data on the black market, making it a key target for cyber criminals, according to the study from supplier Raytheon|Websense. The figures come from analysing telemetry feeds from healthcare organisations all over the world, as part of the five billion daily security events identified by the firm’s threat intelligence network. Hackers are much more likely to use certain forms of malware to target healthcare organisations: They are 450% more likely than average to be hit by the Cryptowall ransomware, a Trojan that encrypts files on a user’s device and asks for payment to release the data. The Dyre “man in the middle” malware turns up 300% more often in healthcare – a phishing attack that directs users to fake banking websites to steal their login details. And Dropper, which leaves malware to open up backdoors onto systems, appears 376% more in healthcare – in the first half of this year, 83% of all Dropper incidents worldwide took place in the sector, according to the Websense survey. […]

Tags: , , , , , , , , , , , , , , , ,

[ISN] Hackers threaten to take down websites of Hong Kong banks unless they pay bitcoin ransoms

http://www.scmp.com/tech/enterprises/article/1859117/hackers-threaten-take-down-websites-hong-kong-banks-unless-they-pay By James Griffiths scmp.com 18 September, 2015 Hackers have targeted banking institutions in Hong Kong with server-disabling attacks, threatening to take down their services unless they receive ransom payments, experts said on Thursday. According to web security and performance firm Akamai, a group of cybercriminals known as DD4BC have been targeting websites in Asia and around the world with more than 100 distributed denial-of-service (DDoS) attacks since at least September 2014. The attackers then demanded payment in the untraceable cryptocurrency bitcoin to stop the DDoS attacks, which can take down servers and cost businesses thousands of dollars per hour to fight against. “DD4BC has been using the threat of DDoS attacks to secure bitcoin payments from its victims for protection against future attacks,” said Akamai senior vice president Stuart Scholly. “The latest attacks – focused primarily on the financial service industry – involved new strategies and tactics intended to harass, extort and ultimately embarass the victim publicly.” […]

Tags: , , , , , , , , , , , , , , ,

[ISN] Hackers gain entry to 10 million Excellus insurance records

http://www.zdnet.com/article/hackers-gain-entry-to-10-million-excellus-insurance-records/ By John Fontana Identity Matters ZDNet News September 10, 2015 Hackers infiltrated the systems of Excellus BlueCross Blue Shield gaining access to some 10 million healthcare records some of which included medical history, the company announced Wednesday. The Rochester, N.Y.-based insurer said the breach began nearly two years ago and was first discovered last month. The company said it has not determined if data was actually taken off its servers, but the hackers did have access to records that included personal information such as birth dates, Social Security numbers and addresses along with claims and payment information. “The investigation has not determined that any such data was removed from our systems,” Excellus CEO Christopher Booth said in a memo on the company’s website. “We also have no evidence to date that such data has been used inappropriately.” As in many recent breaches across vertical industry, the company issued a statement classifying the breach as “a very sophisticated cyberattack.” In addition, the breach fits recent profiles that show hackers are spending multiple years weaving their way through computer systems. […]

Tags: , , , , , , , , , , , , , , ,

[ISN] The Hacked Data Broker? Be Very Afraid

http://www.wsj.com/articles/the-hacked-data-broker-be-very-afraid-1441684860 By CHRISTOPHER MIMS The Wall Street Journal Sept. 8, 2015 Many security and privacy researchers expect a cyber-breach event that will make the hack of infidelity site Ashley Madison look like a footnote by comparison. It could affect not just people seeking extramarital affairs, but everyone in America. Even more daunting, it could be under way already, and we don’t even know it, say computer security experts. It’s difficult to pick the worst-case scenario for this breach, as each could be devastating in a different way. It might involve the revealing of everything from shopping habits to the complete Web browsing histories of many Americans. It could put national security in jeopardy by giving hackers the ability to create spear-phishing attacks—in which people are tricked into compromising their computers via emails from businesses that look legitimate—containing so much personal detail that even the most paranoid of government employees or contractors could be fooled. These security experts say we have unwittingly built the most perfect online surveillance system ever contemplated—for bad guys. […]

Tags: , , , , , , , , , , , ,

[ISN] Credentials stored in Ashley Madison’s source code might have helped attackers

http://www.computerworld.com/article/2981553/security/credentials-stored-in-ashley-madisons-source-code-might-have-helped-attackers.html By Lucian Constantin IDG News Service Sept 8, 2015 If you’re a company that makes its own websites and applications, make sure your developers don’t do what the Ashley Madison coders did: store sensitive credentials like database passwords, API secrets, authentication tokens or SSL private keys in source code repositories. Judging by the massive amount of data leaked last month by Impact Team from AshleyMadison.com’s owner Avid Life Media (ALM), the hackers gained extensive access to the Canadian company’s IT infrastructure. The ALM data dumps contained customer records and transaction details from the Ashley Madison infidelity website, but also the email database of the company’s now-former CEO and the source code for the company’s other online dating websites including CougarLife.com and EstablishedMen.com. A London-based security consultant named Gabor Szathmari has found evidence that ALM’s developers were careless with sensitive credentials, which might have helped attackers once they gained a foothold on the company’s network. […]

Tags: , , , , , , , , ,

[ISN] Trial Date Set For Traders Accused Of $100 Million Hacking Scheme

http://www.marketwatch.com/story/trial-date-set-for-traders-accused-of-100-million-hacking-scheme-2015-09-03-9461837 By Wayne Duggan Marketwatch.com Sept 3, 2015 Arkadiy Dubovoy, a man who is accused of hiring hackers to infiltrate the databases of news networks to gain inside information prior to the public release of documents pleaded not guilty on Wednesday, and a judge set his trial date for November 4. The Russian trader’s son Igor has also been charged in the case. The Story Dubovoy is one of 32 traders that are accused of being involved in a massive hacking scheme that took place over a five-year period and involved more than 150,000 documents. The traders allegedly gave hackers “shopping lists” of documents that they wished to acquire prior to their public release. The reported victims of the scheme include news sites PR Newswire, Marketwired and Berkshire Hathaway Inc BRK.A, +0.15% BRK.B, -0.05% ’s Business Wire. […]

Tags: , , , , , , ,

[ISN] Russian-speaking hackers breach 97 websites, many of them dating ones

http://www.networkworld.com/article/2977448/russian-speaking-hackers-breach-97-websites-many-of-them-dating-ones.html By Jeremy Kirk IDG News Service Aug 30, 2015 Russian-speaking hackers have breached 97 websites, mostly dating-related, and stolen login credentials, putting hundreds of thousands of users at risk. Many of the websites are niche dating ones similar to Ashley Madison, according to a list compiled by Hold Security, a Wisconsin-based company that specializes in analyzing data breaches. A few are job-related sites. Batches of stolen information were found on a server by the company’s analysts, said Alex Holden, Hold Security’s founder and CTO. The server, for some reason, was not password protected, allowing analysis of its contents, he said. None of the dating sites are nearly as prominent as Ashley Madison, which saw sensitive company information, emails, internal documents and details of 30 million registered users released in a devastating data breach. Holden said this Russian-speaking group is not related to Impact Team, which claimed credit for the intrusion into Ashley Madison. […]

Tags: , , , , , , , , , ,