News & Updates

Enlarge (credit: Peter Bright)

I didn’t really know what to make of the Surface Studio when Microsoft first announced it.

Before its New York event, I expected the company to announce an all-in-one. Rumors pointed toward something modular or upgradable. I thought Microsoft would attempt to turn the all-in-one concept on its head in much the same way that the Surface Pro subverted the norms of tablet computing to (after a couple of iterations) carve out a well-defined productivity tablet niche or that the Surface Book pushed the state-of-the-art of hybrid laptop/tablets.

Those products are both more or less mainstream, and both serve a significant role in stimulating Microsoft’s all-important OEM partners into producing better, cleverer, more versatile systems. We’ve seen a number of high-quality Surface Pro competitors, and I’d hope that in time we’ll see the same for Surface Book.

Read 69 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

A Turkish hacker is advertising into the hacking underground a new DDoS platform, dubbed Surface Defense (Translation to English).

According to the security firm Forcepoint the hacker started prompting the DDoS platform in Turkey. He was offering a tool known as Balyoz, the Turkish word for Sledgehammer, that can be exploited by hackers to launch powerful DDoS attacks against a select number of websites.

The hacker rewards with a point its customers for every ten minutes they hit a website. These prizes include a more powerful DDoS attacking tool, access to bots designed to generate revenue from

These hacker is offering interesting prizes for the users of its Sledgehammer platform. they include a more powerful DDoS attacking tool, a malicious code that can be used to scare the victim with sounds and images, and the access to a click fraud botnet that could allow them to earn money.

The researchers discovered that DDoS platform has been advertised on Turkish hacking forums, but Forcepoint has no idea about the number of participants recruited with this gamification of DDoS attacks.

The list of websites targeted by the tool is composed of 24 political websites having a specific position with regards of Turkey.

“Most, if not all, of the targets identified on the target list were chosen because of their political position with regards to Turkey. Kurdistan was prominent, with organizations such as the Kurdistan Workers Party (PKK)2 and its military wing the People’s Defense Force (HPG)3 being targeted. But the German Christian Democratic Party (CDU) was also among the targets, as was the Armenian Genocide archive run by the Armenian National Institute in Washington DC” continues the report.

Surface Defense DDoS platform

Users can also suggest new websites to include in the list of targets, the platform displays live scoreboard for participants in the attacks.

The author of the DDoS platform has implemented a series of rules to optimize the use and the access to the Surface Defense, for example, the participants can run the tool only on a single machine, a measure necessary to ensure fairness during the competition.

But Forcepoint noticed that the DDoS attack tool given to the participants also contains a backdoor that will secretly install a Trojan on the computer.

Forcepoint discovered also the presence of a backdoor in the software executed by the participant to the DDoS platform. This backdoor is triggered if a participant has been banned from the competition.

“When we began to reverse engineer the software, taking it apart in order to analyze what it did, we discovered a backdoor. Whoever wrote this software gave themselves the opportunity to compromise the computers of those participating in the “game”.” continues the report. “What we know about the author is that they have already produced a number of “malicious” tools written in C#/.NET, which they describe on a YouTube channel. However, the evidence in the author’s videos combined with other data points collated during the investigation, led us to hypothesize that it is a realistic possibility this author may work for a Turkish defense contractor which supplies, amongst other things, signals intelligence (SIGINT) systems”

Who is the hacker behind the Surface Defense platform?

Experts believe he is a hacker using the online moniker “Mehmet,” based in the city of Eskisehir (Turkey).

Enjoy the Surface Defense!

medianet_width=’300′; medianet_height= ‘250’; medianet_crid=’762221962′;

Pierluigi Paganini

(Security Affairs – Surface Defense, DDoS platform)

The post Surface Defense DDoS platform – Gamification of attacks appeared first on Security Affairs.

Source: Security affairs

Enjoy the interview with Gabriel Bergel  (@gbergel), one of the most talented hackers in the wild.

Gabriel is an Infosec Rockstar and Viking-Cyborg (he loves Vikings and has had 2 chips inserted in his hands). He is the Founder & organizer of @8dot8, He’s CSO and owner of ‪@hacking4def, He’s CSA of‪ @ElevenPaths, He’s coordinator of ‪@info_CCI and supporter of @colocolo.

Gabriel Bergel

You are one of the world’s most talented cyber security experts, Could you tell me which his your technical background and when you started hacking?

Thank you very much for your opinion, I think I’m just another hacker but I’m very enthusiastic, passionate and hyperkinetic. My approach to technology began as a child, mainly because I liked very much game consoles. The 1st console, I had, was the Atari 2600, then the Atari 800 XL, and when I was older in 1990, I had a 286 Laptop with black and white screen, and that was when I really started to feel a passion for computers. I first studied Electrical Engineering but I didn’t like it, and I decided to study Systems Engineering. I was never very good at programming, and I think that was the reason why I liked information security. Generally, all the people studying Systems Engineering come out with profile as programmer, which is why I started to be interested in data networks, routing, switching by the time I was finishing my studies, and it was then I started “to play” with devices and discover “things” in the networks and on the web. It must have been around 2000 I took my first steps in Hacking.

What was your greatest hacking challenge?

I have had several technical challenges, but I think my biggest challenge wasn’t technical. It was when I created the 8.8 Computer Security Conference (www.8dot8.org), the 1st Hacking conference in Chile (which also takes place in La Paz, Bolivia and next year in Lima, Peru too). This technical conference was something many people yearned for. But until 2011 when it took place for the first time, there was nothing similar and the questions were many; starting with if we could get a place to host the conference, if any brand would support us, if the police would agree, if the public would attend, if we could get speakers, if it was good idea or not to serve free beer, etc., etc. We first felt the sensation of getting access to something prohibited or when we get root privileges when 400 people arrived, the press arrived, we went on TV during prime time, people hugged us and asked us to do the conference again next year.

What are the 4 tools that cannot be missed in the hacker’s arsenal and why?

  1. The mind and brain: Fundamentally, there are many tools and they are becoming more accessible all the time. A hacker’s mind and his gray matter are essential, since his philosophy, strategy, perseverance, attitude, ethics, etc. depend mainly on that. And these are the main characteristics that every hacker should have, and for that reason I am convinced that those soft skills are more important than any tool and technique, since they both can be learned.
  1. Nmap, for me, I don’t know if I am very old school ;), but it is still a fundamental tool, it is the scanner par excellence. For me to do a port scan is fundamental in every field, in fact OSSTMM thinks so too. Furthermore it includes many options, scripts, it is flexible, powerful, portable, easy to use, free, good documentation, etc.
  1. Kali Linux, the Swiss knife in my opinion, has more than 600 tools, it is free, has a secure development environment, packages and repositories signed with GPG, supports several languages, fully customizable and effective.
  1. Spiderfoot, to make OSINT, there are many tools of this type, but this is the one I like the most. It is open source, free, it works on Linux and Windows, it is easy to use, modular (made in Python), and it is full configurable. In my opinion it performs very well the automation of the process of gathering intelligence for a target, makes good data extraction, good visualizations, etc. I recommend it!

Which are the most interesting hacking communities on the web today?

There are 3 most interesting in my opinion, and they are all in Spanish, starting with the blog “Un informático en el lado del mal” (http://www.elladodelmal.com) by Chema Alonso (friend and boss). I have been following him for a long time. The blog has a lot of information, free books, videos, news, conferences, competitions, articles, and very interesting posts about information security and hacking. It is very varied and dynamic. Chema never rests, so everyday there is something new to read. The other community I like very much and follow is Dragonjar (http://www.dragonjar.org). He is another friend called Jaime Restrepo. It is the largest security community in Latin America, and as the previous one, it has a lot of quality information, news, articles, research, contests, and even a conference, the “DragonjarCon”. The third is SBD (http://www.securitybydefault.com), which really is very similar to the other two and another friend and Chilean, Lorenzo Martínez,  is part of it.  What I mainly want to emphasize about  the 3 is that they are technical communities, with quality information, they are dynamic and have contributed to knowledge, and it is where new professionals in the hacker community are born.

Which is the industry (healthcare, automotive, telecommunication, banking, and so on) most exposed to cyber attacks and why? What scares you more on the internet and why?

Today the main driver of cybercriminals is money. So when they attack the most important attribute is “the easiness” to complete the attack.The banking and financial industry is obviously the source to get money, but it has been the most attacked and also the most regulated, so it is the one that invests the most in technology, processes, and information security advice. However, the industries related to this sector were not the most attacked nor the ones who invested the most in security, and therefore the industries or sectors most exposed are those who got relaxed for a time thinking that they were not nor would be the target of attack, such as Retail, Hotels, Rent a Car, Call Centers. They all, just like the banking sector, share the payment means and use of credit cards and that has been the reason why they are being the targets of the most attacks and apparently will remain so …

What scares me the most about the Internet is the anonymity, despite all the efforts we make, awareness, tools, etc., paranoia, we will never know who the person on the other side of the cable is, and unfortunately the cases of Pedophilia, Cyberbullying and Grooming that affects children through the internet are becoming more common. The real scare is what my daughters (2.5 and 5 years) will live in the future if this does not change.

We often hear about cyber weapons and cyber attacks against critical infrastructure. Do you believe it is real the risk of a major and lethal cyber attack against a critical infrastructure? 

Yes, every day we see more attacks on critical infrastructure (CI): To me it is very clear that sooner or later there will be fatal consequences caused by a cyber attack, and the CIs are precisely the infrastructures that could cause this fatal impact due to a cyber attack. All the time we learn more about attacks on CI; there are new types of malware, new studies, new breaches are discovered, etc. To make it worse, and the reason why I think it is a real risk, is that this type of industry and infrastructures are more related to Industrial Physical Operations or Operations Technology  (OT) than to computer science or IT, so the environment is not very aware of cyber attacks. In addition, because they are CI the “availability” vs. security has always been privileged. I mean, it is more feasible not to install a patch on a server despite being critical because this could affect the availability of the server. In Chile, we have a saying that fits this reality perfectly: “if it works, do not touch it”. The only reassurance in this respect is that every time the industry that owns the CI is more aware of the risks, and the governments are also developing and implementing policies and regulations, but in this industry things happen very slowly …

medianet_width=’300′; medianet_height= ‘250’; medianet_crid=’762221962′;

Pierluigi Paganini

(Security Affairs –  Hacker, Gabriel Berger)

The post Hacker Interviews – Gabriel Bergel appeared first on Security Affairs.

Source: Security affairs

Alleged Asian hackers have targeted the German heavy industry giant ThyssenKrupp to steal company secrets.

Hackers from Southeast Asia targeted the German heavy industry giant ThyssenKrupp in the attempt of obtaining “technological know-how and research results.”

The news was announced on Thursday by a company spokesman that confirmed a report in the Wirschaftswoche weekly and added that the company as successfully repelled the attack.

The cyber attack was discovered by the IT security office, which spotted the hacking activities while they were ongoing and blocked them.

“The attack is over and had been repelled,” said the company spokesman.

The investigators speculate the attack was carried out by a group of professional hacked from Southeast Asia that is interested in the technological know-how and research activities of the company.

At the time I was writing there are no further details on the cyber attack neither the exact nature of the attackers (i.e. nation-state actors, cybercriminals).

The hackers launched a “massive cyber attack” against the divisions dealing with orders planning of industrial plants, the conglomerate’s Industrial Solutions, and Steel Europe business divisions.

Critical IT systems at the ThyssenKrupp such as the Marine Systems business unit and blast furnaces and power plants in Duisburg, were not affected

The ThyssenKrupp Marine should be a privileged target for hackers because it is the division that builds warships, including submarines for the German and Israeli navies.

The company excluded any sabotage or manipulation of data or applications, but it was unable to estimate if a limited portion of data, “data fragments,” had been stolen by the hackers.

“Experts say that in the complex IT landscapes of large companies, it is currently virtually impossible to provide viable protection against organized, highly professional hacking attacks,” the company added.

Stay tuned.

medianet_width=’300′; medianet_height= ‘250’; medianet_crid=’762221962′;

Pierluigi Paganini

(Security Affairs – ThyssenKrupp, hacking)

The post Hackers targeted the heavy industry ThyssenKrupp and stole industrial secrets appeared first on Security Affairs.

Source: Security affairs

By Waqas

The Internet giant Yahoo has fixed a highly critical cross-site scripting (XSS) security flaw in its users’ email system that allowed any attacker to read any email conversation at any time. The security flaw was discovered and reported by a Finland-based security researcher Jouko Pynnonen who earned $10,000 in return as part of Yahoo’s bug bounty program […]

This is a post from HackRead.com Read the original post: Yahoo patches critical vulnerability that allowed hackers to read any email

Source: https://www.hackread.com/feed/

Enlarge (credit: KOMUnews)

Leading hospital groups teamed up to warn President-elect Trump this week that repealing the Affordable Care Act could spark an “unprecedented public health crisis,” and cost the hospital industry billions of dollars.

The two hospital trade groups—the American Hospital Association (AHA) and the Federation of American Hospitals (FAH)—even commissioned a study by an outside economics consulting firm to put real numbers to the losses. Their study, conducted by the Dobson | DaVanzo firm, modeled what would happen if the government enacted the ACA-demolishing legislation introduced by Trump’s nominee for Secretary of Health and Human Services, Tom Price (R-Ga.); the legislation was vetoed by President Obama in January.

The study’s verdict: 22 million people would lose insurance by 2026, which would cost hospitals $165.8 billion. And, because the legislation wouldn’t undo certain payment cuts created by the ACA, hospitals would lose an additional $102.9 billion.

Read 6 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

The Finnish security expert Jouko Pynnönen discovered a vulnerability in the Yahoo email service that allowed hackers to read anyone messages.

A vulnerability in the Yahoo email service allowed hackers to read anyone messages. The giant IT has recently patched the flaw that was discovered by Jouko Pynnönen, a Finnish Security researcher from security firm Klikki Oy.

Pynnönen discovered a DOM based persistent Cross-Site Scripting in Yahoo mail, an attacker could have exploited it to send emails embedded with malicious code.

“A security vulnerability in Yahoo Mail was fixed last week. The flaw allowed an attacker to read a victim’s email or create a virus infecting Yahoo Mail accounts, among other things.” states a blog post published by the Klikki Oy company.

“The attack required the victim to view an email sent by the attacker. No further interaction (such as clicking on a link or opening an attachment) was required.”

The blog post details how to exploit the flaw in Yahoo email, a malicious attacker could have sent the victim’s inbox to an external site, and created a malicious code is sent as an attachment to all outgoing emails. The dirty job could be done by a malicious script that is secretly added to message signatures, this means that the malicious code is embedded in the message’s body.

Yahoo email

Once the victim will receive the emails, the code will be executed while he opens the message. The malicious script will covertly submit victim’s inbox content to an external website controlled by the attacker.

The experts explained that the Yahoo Mail failed to properly filter malicious code embedded in the HTML emails.

“However in the email composing view I noticed various attachment options to which I didn’t give much attention last year. I composed an email containing different kinds of attachments and sent it to an external mailbox. This way I could inspect the “raw” HTML this kind of email contains.” states the post.

“It would be possible to embed a number of HTML attributes that are passed through Yahoo’s HTML filter and treated specially,” 

Composing different email messages with different attachments, the researchers analyzed the HTML code generated by the Yahoo Email service.

He noticed that not all the HTML attributes are properly validated, he also discovered that some of them could be used to store application-specific data typically for JavaScript use., it seemed there was a new potential attack vector here. It would be possible to embed a number of HTML attributes that are passed through Yahoo’s HTML filter and treated specially.

He then realized that it is possible some attributes as an attack vector.

“What caught my eye were the data-* HTML attributes. First, I realized my last year’s effort to enumerate HTML attributes allowed by Yahoo’s filter didn’t catch all of them. Second, since data-* HTML attributes are used to store application-specific data typically for JavaScript use, it seemed there was a new potential attack vector here. It would be possible to embed a number of HTML attributes that are passed through Yahoo’s HTML filter and treated specially.”

As a proof of concept Pynnönen supplied Yahoo Security with an email that, when viewed, would use AJAX to read the user’s inbox contents and send it to the attacker’s server.

Pynnönen privately disclosed the flaw to Yahoo under its bug bounty program that operated by HackerOne. He was awarded a $10,000 bounty.

This isn’t the first time that the expert reported a flaw to Yahoo, he discovered a similar vulnerability in the web version of the Yahoo! Mail service earlier this year, when he was awarded a $10,000 bounty too.

medianet_width=’300′; medianet_height= ‘250’; medianet_crid=’762221962′;

Pierluigi Paganini

(Security Affairs – Yahoo email Service, hacking)

The post A flaw in the Yahoo Email service allowed hackers to access target’s emails appeared first on Security Affairs.

Source: Security affairs

On Tuesday night, a group of unknown hackers took control of the Israeli TV broadcast Channel 2 and played Muslim call to prayer.

On Tuesday night, a group of hackers took control of an Israeli news Channel 2 and played Muslim call to prayer. The hackers want to protest a controversial bill that limits the volume of the call to prayer from mosques.

The hackers broke into the Israeli TV broadcast and disrupted the transmissions after gained access to TV satellites.

According to Israeli media, the hacker appeared to be from Saudi Arabia

In November, the representatives of the Knesset have given their approval to the “muezzin bill” that bans religious leaders from using loudspeakers that call the worshippers for prayers.

The Israeli Government’s bill aims to protect its citizens from noise.

“While the bill is primarily targeted at curbing noise pollution, critics have noted the proposed law contains a clause which says that “freedom of religion should not be harmful to quality of life nor used to convey religious or nationalist messages, and sometimes even words of incitement”, which they say is targeted at Muslims.” states the Independent.

The hackers are protesting of a the bill, they spread messages written in the Hebrew language warning of “punishment from God” and said that “the fire burned hearts”.

“The fire burned hearts” and “To for big great God [is] war from God (the fire burns you).” states the other messages.

“Residents in northern Israel viewing Channel 2 via satellite TV reported that during the evening broadcast someone took over central control of the broadcast and played the voice of the muezzin,” reported the Tribune. 

The Arab politicians Ahmad Tibi and Taleb Abu Arar staged a Muslim call to prayer, the ‘Azan,’ in the  parliament in protest against the bill.

The bill has received the Israeli Prime Minister Benjamin Netanyahu’s support.

“I cannot count the times – they are simply too numerous – that citizens have turned to me from all parts of Israeli society, from all religions, with complaints about the noise and suffering caused them by the excessive noise coming to them from the public address systems of houses of prayer,” Mr Netanyahu told a cabinet meeting.

medianet_width=’300′; medianet_height= ‘250’; medianet_crid=’762221962′;

Pierluigi Paganini

(Security Affairs – Israeli TV, Hacking)

The post Israeli TV broadcast hacked, attackers played Muslim call to prayer appeared first on Security Affairs.

Source: Security affairs

NASA

John Glenn, the first American to fly into orbit around the planet Earth and later a US senator for 24 years, died Thursday at a cancer hospital in Columbus, Ohio. He was 95 and the last of the living Mercury Seven astronauts.

Although he made history as an astronaut, that did not define Glenn as an American. Before joining NASA, he was a marine fighter pilot and decorated hero during World War II and the Korean War. After NASA he served four terms as a US senator, often focusing on issues not related to spaceflight, such as the non-proliferation of nuclear weapons. “Overall, I think his legacy is one of public service,” said John Logsdon, a space historian.

Read 13 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

By Waqas

Kagoya, a famous hosting service provider in Japan has suffered a security breach in which personal and financial data of its customers has been stolen. In an email to their customers, Kagoya stated that the hack attack was discovered this month after an in-house screening which revealed that customers who used their credit cards between April 1, 2015, […]

This is a post from HackRead.com Read the original post: Japanese hosting company Kagoya hacked; credit card data stolen

Source: https://www.hackread.com/feed/