Tag Archives: site

[ISN] Who’s Watching Your WebEx?

FacebookTwitterLinkedInShare

http://krebsonsecurity.com/2014/10/whos-watching-your-webex/ By Brian Krebs Krebs on Security Oct 13, 2014 KrebsOnSecurity spent a good part of the past week working with Cisco to alert more than four dozen companies — many of them household names — about regular corporate WebEx conference meetings that lack passwords and are thus open to anyone who wants to listen in. At issue are recurring video- and audio conference-based meetings that companies make available to their employees via WebEx, a set of online conferencing tools run by Cisco. These services allow customers to password-protect meetings, but it was trivial to find dozens of major companies that do not follow this basic best practice and allow virtually anyone to join daily meetings about apparently internal discussions and planning sessions. Many of the meetings that can be found by a cursory search within an organization’s “Events Center” listing on Webex.com seem to be intended for public viewing, such as product demonstrations and presentations for prospective customers and clients. However, from there it is often easy to discover a host of other, more proprietary WebEx meetings simply by clicking through the daily and weekly meetings listed in each organization’s “Meeting Center” section on the Webex.com site. Some of the more interesting, non-password-protected recurring meetings I found include those from Charles Schwab, CSC, CBS, CVS, The U.S. Department of Energy, Fannie Mae, Jones Day, Orbitz, Paychex Services, and Union Pacific. Some entities even also allowed access to archived event recordings. [...]




Tags: , , , , , , , , , , , , , ,

[ISN] Hackers claim they have stolen nearly 7 million Dropbox passwords (updated)

http://venturebeat.com/2014/10/13/apparent-hackers-claim-they-have-stolen-nearly-7-million-dropbox-passwords/ By Dylan Tweney venturebeat.com October 13, 2014 Hundreds of alleged usernames and passwords for Dropbox have been published on Pastebin, an anonymous information-sharing site. The apparent hackers claim to have nabbed 6,937,081 passwords and today published a “teaser” of 400 username-password pairs. They requested donations in Bitcoin and promised to release more passwords based on how much of the virtual currency they receive. The usernames appeared in alphabetical order starting with benitacran@btinternet.com and ending with bigjoetownsend@hotmail.com. Dropbox, however, says the hack is bogus. The company offered VentureBeat this response to our inquiry: Dropbox has not been hacked. These usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts. We’d previously detected these attacks and the vast majority of the passwords posted have been expired for some time now. All other remaining passwords have been expired as well. Subsequently, two more “teasers” appeared on Pastebin. [...]


Tags: , , , , , , , , , , ,

[ISN] ARRL Probing Web Server Breach by Hackers

http://www.infosecnews.org/arrl-probing-web-server-breach-by-hackers/ By William Knowles @c4i Senior Editor InfoSec News October 10, 2014 Last month a web server at ARRL Headquarters was breached by an unknown party. ARRL IT Manager Mike Keane, said that League members have no reason to be concerned about sensitive personal information being leaked, and assures members that there’s nothing of financial value on the compromised server. Some ARRL servers were taken offline and isolated from the Internet when the hack was discovered. Some web functions were temporarily disabled. The ARRL expects to restore service by close of business, on Wednesday, October 8, 2014 ARRL’s Mike Keane stressed that it is highly unlikely that any sensitive information was compromised. Any information the hacker might have been able to glean from the ARRL server, he said, is already publicly available — data such as names, addresses, and call signs that appear in the FCC database. The hacker may have been able to obtain site usernames and passwords that were established prior to April 2010, and that have not been changed since then. ARRL members who have not changed their ARRL website passwords since early 2010 should do so at this as soon as possible. [...]


Tags: , , , , , , , , , , , ,

[ISN] Accused Russian hacker faces new charges in the US

http://rapsinews.com/judicial_news/20141010/272331353.html Russian Legal Information Agency 10/10/2014 MOSCOW, October 10 (RAPSI) – An additional 11 cyber fraud charges will be brought against Russian national Roman Seleznev on October 16 in Seattle, spokeswoman for Washington’s Western District attorney Emily Langley told RIA Novosti on Friday. A pretrial hearing on Seleznev’s case is scheduled for November 3. Langley could not say how the additional charges might influence the sentence if Seleznev is found guilty. “The potential prison term is impacted by a number of things,” she explained. ” the number of counts or the maximum penalties they carry. The characteristics of the crime and of the individual defendant are factors considered by the judge at sentencing.” She added that at this point Seleznev has not been convicted of anything so it is premature to make assumptions about the sentence. An additional 11 counts were added to the previous 29 counts, the US Department of Justice announced yesterday. Moscow-born Roman Seleznev, 30, the son of Liberal Democratic Party State Duma lawmaker Valery Seleznev, has been charged with hacking into retail cash register systems to install malicious software to steal credit card numbers, and with operating servers and international carding forum websites to facilitate the theft and sale of stolen credit card data. He was arrested in the Maldive Islands and taken to Guam, an unincorporated US territory in the western Pacific. [...]


Tags: , , , , , , , , , , , , , , ,

[ISN] An inside look at Russian cybercriminals

http://www.csoonline.com/article/2692415/data-protection/an-inside-look-at-russian-cybercriminals.html By Antone Gonsalves CSO Oct 8, 2014 A detailed look at Russian cybercriminals focused on accessing online banking accounts reveals an effective hidden system for spreading malware through compromised websites. The criminal operation, described in a report released Tuesday by email security company Proofpoint, has infected 500,000 mostly U.S.-based PCs with malware capable of recording transactions and stealing credentials. Nearly 60 percent of the operation involves accounts at five of the largest U.S. banks. “They are sophisticated when it comes to financially motivated attackers,” Wayne Huang, lead researcher for Proofpoint, said. The criminal group’s steps to remain under the radar of security researchers start at underground forums where the hackers purchase lists of administrator logins for WordPress sites. [...]


Tags: , , , , , , , , , ,

[ISN] The Security Setup – HD Moore

http://www.thesecuritysetup.com/home/2014/10/1/hd-moore [Interesting website I found while following someone else who was profiled earlier, Uri with @redteamsblog, the idea here is 'what setup do folks in security use to attack, defend, build, break, hack, crack, secure, etc.' which should make for some interesting reading. - WK] H D Moore OCTOBER 1, 2014 Who are you, and what do you do? My name is H D Moore (since the day I was born, it doesn’t stand for anything). I am a security researcher and the chief research officer for Rapid7. Some folks may be familiar with my work on Metasploit, but these days I also spend a lot of time scanning the internet as part of Project Sonar. My servers send friendly greetings to your servers at least once a week. Howdy! What hardware & operating systems do you use? Lots. My normal workload involves crunching a billion records at a time, running a dozen different operating systems, and still handling corporate stuff via Outlook and PowerPoint. As of 2009, I finally made the switch to Windows as my primary OS after being a die-hard Linux user since 1995. That doesn’t mean that I use Windows itself all that much, but I find it to be a useful environment to run virtual machines and access the rest of my hardware with SSH and X11. The tipping point was the need to quickly respond to corporate email and edit Office documents without using a dedicated virtual machine or mangling the contents in the process. The second benefit to using Windows is on the laptop front; Suspend, resume, and full hardware support don’t involve weeks of tuning just to have a portable machine. Finally, I tend to play a lot of video games as well, which work best on overspecced Windows hardware. All that said, Windows as productivity platform isn’t great, and almost all of my real work occurs in web browsers (Chrome), virtual machines (VMWare for Intel/AMD64 and QEmu for RISC), and SSH-forwarded XFCE4 tabbed-terminals. The laptop I currently use started life as a banged up ASUS ROG G750 (17″) bought as the display model from a Best Buy. The drives, video card, and memory were swapped out bringing the total specs up to 32Gb RAM, a 512Gb SSD boot disk, a 1Tb backup disk, and a GeForce GTX 770 GPU. This runs the most loathed operating system of all, Windows 8.1 (Update 1) Enterprise, but it has a huge screen, was relatively cheap, and can run my development virtual machines without falling over. It also runs Borderlands2 and Skyrim at maximum settings, critical features for any mobile system. Given that the total cost was under $1,500, it is a great machine for working on the road and blocking automatic weapons fire (as its weighs about 20 Lbs with accessories). I carry this beast around in a converted ammunition bag, sans the grenade pouches. [...]


Tags: , , , , , , , , , , , , , , , , , , , , , , , ,

[ISN] ‘Anonymous’ hacker group declares cyber war on Hong Kong government, police

http://www.scmp.com/news/hong-kong/article/1607579/anonymous-hacker-group-declares-cyber-war-hong-kong By Jeremy Blum scmp.com 02 October, 2014 Hacker group Anonymous has declared war on the Hong Kong government and hacked into a number of Hong Kong websites, citing the treatment of protesters during Occupy Central as the main impetus for the attack. In a video sent to American news portal News2share on Wednesday, Anonymous compares the tear gas and pepper spray used by Hong Kong riot police on Occupy Central protesters to American police tactics used in Ferguson, Missouri earlier this year. The group also threatens to disclose personal information and deface multiple Hong Kong websites over the coming days. Due to the nebulous nature of Anonymous, it is almost impossible to verify the extent of the attacks and the locations and identities of the hackers behind them. [...]


Tags: , , , , , , , ,

[ISN] THOTCON 0x6 – Chicago’s Hacking Conference – Ticket Sales and CFP Opens 10.01.2014

Forwarded from: THOTCON NFP *************************************************************************** ***BEGIN THOTCON TRANSMISSION********************************************** Greetings InfoSec News Readers What: THOTCON 0x6 – Chicago’s Hacking Conference When: 05.14-15.15 Where: TOP_SECRET / совершенно секретно / 絕密 Tickets: Tickets on Sale 10.01.2014 Call For Papers: CFP Opens 10.01.2014 T-Shirt Contest: Open! Hacker Brew Contest: Registration Opens 10.01.2014 B3 S0c14l: LinkedIn http://www.linkedin.com/groups?mostPopular=&gid=3218013 Twitter http://twitter.com/THOTCON IRC/freenode/#THOTCON ************************************************************ THOTCON (pronounced ˈthȯt and taken from THree – One – Two) is a small venue hacking conference based in Chicago IL, USA. This is a non-profit, non-commercial event looking to provide the best conference possible on a very limited budget. Once you attend a THOTCON event, you will have experienced one of the best information security conference experiences combined with a uniquely casual and social experience. THOTCON 0x6 is the sixth incarnation of this event and will be held on Thursday and Friday May 14-15, 2015. It will be held at a location only to be disclosed to attendees and speakers during the week before the event. For more information, explore this site or contact us at info (at) thotcon.org. http://thotcon.org/ ***END THOTCON TRANSMISSION************************************************ ***************************************************************************


Tags: , , , , ,