News & Updates

Own an Android smartphone? Beware, as just an innocuous-looking image on social media or messaging app could compromise your smartphone.

Along with the dangerous Quadrooter vulnerabilities that affected 900 Million devices and other previously disclosed issues, Google has patched a previously-unknown critical bug that could let attackers deliver their hack hidden inside an innocent looking


The security expert and blogger Rob Fuller demonstrated how sniff credentials from a laptop via Ethernet adapter on USB, even if the PC is locked.

The security expert and blogger Rob Fuller demonstrated how to exploit a USB SoC-based device to sniff credentials from a locked laptop. The expert has modified the device in a way that once it is plugged into an Ethernet adapter, it acts as a network gateway, a DNS server, and WPAD (Web proxy autodiscovery protocol) server for the targeted machine.

“If I plug in a device that masquerades as a USB Ethernet adapter and has a computer on the other end, can I capture credentials from a system, even when locked out (yes, logged in, just locked). (..or do even more, but we’ll save that for another time, this post is already too long)” wrote Fuller in a blog post.

Fuller explained that with this technique he is able to trick the machine that in the process of trying to install a harmless Ethernet adapter, it will send it the credentials over the spoofed network.

The expert tested two USB SoC-based devices for the attack, the USB Armory ($155) and the Hak5 Turtle ($49.99).

Fuller explained that the Ethernet adapter needs to be set up to sniff the traffic and capture the credentials sent by the target machine when it will trying to connect to the network through the adapter.

The attack leverages on Laurent Gaffié’s Responder to capture the credentials, the Hak5 Turtle already has a module for it, for the USB Armory it is possible to either use SCP, Internet Connection Sharing, the USB host/client adapter.

“Basically the capturing is done with Laurent Gaffié’s Responder so you need to find a way to get Responder onto the device. The Hak5 Turtle already has a module for it” explained Fuller. “You do have to “Enable” the module for the first time (plugged into Internet access) to get it to actually download all of dependencies and package itself.As for the USB Armory is you can either use SCP, Internet Connection Sharing, the USB host/client adapter.”

Sniff credentials Ethernet adapter


He added that on average the retrieval time was 13 seconds.

With this attack, it is possible to steal every kind of information stored on the target machine.

Be careful, the attacks could fail against some machine, anyway, the expert tested it on Windows up to Windows 10 Enterprise and Home (except Windows 8), on OS X El Capitan and it works!

For example, when a target machine sees both a wireless and wired network, it’ll try to connect to the faster one, a circumstance that could result in the failure of the attack.

Of course, in order to launch the attack, it is necessary the physical access to the target.

Below a video PoC of the attack that demonstrates how to sniff credentials from a locked laptop running Windows 10 via Ethernet adapter on USB

“What you see in the video is the Windows 10 lock screen (Full screened fresh install VM). When the LED goes solid white the Armory has fully shutdown because of the watch script, creds achieved!.!

medianet_width=’300′; medianet_height= ‘250’; medianet_crid=’762221962′;

Pierluigi Paganini

(Security Affairs – Ethernet adapter, sniff credentials)

The post How to sniff credentials from locked laptops via Ethernet adapter on USB appeared first on Security Affairs.

Source: Security affairs

Today I’ll present you  @h0t_p0ppy, a skilled online hacktivist that participated in the major hacking campaigns, including, , #OpKillingBay, and ,

Enjoy the Interview.


You are a popular talented hacker that has already participated in several hacking campaigns, could you tell me more about.

I have participated in campaigns against animal abuses. There are many ops for animals that don’t get enough attention or recognition. The first big one was #OpFunKill then #OpKillingBay which inspired me to create #OpSeaWorld, #OpKillingBay-EU and #OpWhales.

All these campaigns focus on either the slaughter or confinement of cetaceans. Few people were aware about the impact of cetacean slaughter on our environment.

As Paul Watson said “If the oceans die, we die” With these ops the public can learn about whale slaughter which is still happening today and the truth behind SeaWorld and marine prisons. Its not easy keeping all these ops up to date with relevant information. It take a lot of my spare time but if it makes a difference, it’s worth it.

Could you tell me which his your technical background and when you started hacking?

I was inspired by the anonymous movement to believe that every single person has the ability to make a change. I went from office to hacktivism. I have picked up skills, taught myself and relied on team members to teach me new skills. The team as a whole have a varied skill base from researching to dd0s and hacking. Each and everyone of us is equally important to the success of the ops.

Which are your motivations?

Simply to bring awareness to the public about the crimes against cetaceans at the hands of humans. I also want to see an end to whaling.

What was your greatest hacking challenge?

The greatest challenge isn’t hacking, it’s keeping the momentum and interest in the ops. #OpKillingBay for instance is in year 4 now and still as important as the day it launched. All our work is a team effort. Action taken for #OpWhales has brought Iceland’s commercial hunt of fin whales (an endangered animal) into the spotlight. Sites were brought down including the prime minister’s official website and that of the environment and interior ministries. This brought worldwide media attention to the plight of these whales.

Which was your latest hack? Can you describe me it?

The guys at Powerful Greek Army have been getting involved with ops hitting SeaWorld with a huge dd0s attack in the last few days. Also a few other Animal Rights Hacktivists have had a few whale meat sellers sites de-hosted. (Many thanks to all)

What are the 4 tools that cannot be missed in the hacker’s arsenal and why?

A range of vulnerability scanners, patience, determination and most importantly a trust worthy team.

Which are the most interesting hacking communities on the web today, why?

The guys at Anon Rising are doing a great job building up an IRC and support Base for anons and Ops.

How do you choose your targets?

Targets are connected to the whaling industry ~ the sale and transport of whale meat and governments that approve whaling. Also any company connected with the trade in dolphins and their incarceration.

We often hear about cyber weapons and cyber attacks against critical infrastructure. Do you believe it is real the risk of a major and lethal cyber attack against a critical infrastructure

Yes,  it is just a matter of time.

medianet_width=’300′; medianet_height= ‘250’; medianet_crid=’762221962′;

Pierluigi Paganini

(Security Affairs –  Hacker, @h0t_p0ppy)

The post Hacker Interviews – @h0t_p0ppy, the hacktivist appeared first on Security Affairs.

Source: Security affairs

CSTO ransomware it is able to query the Google Maps API to discover the victim’s location and connects to the C&C via UDP.

Ransomware is considered by the security experts one of the most dangerous threats to Internet users and organizations across the world.

Malware authors are developing new malicious codes that implement new features to improve evasion and spreading abilities.

Security researchers at BleepingComputer have reported a new ransomware dubbed Cry or CSTO because it pretends to come from the inexistent organization Central Security Treatment Organization.

The CSTO ransomware was first spotted by the malware researcher MalwareHunterTeam.

Once infected a machine the CSTO ransomware encrypts files and append the .cry extension to them. Like the Cerber ransomware, also the CSTO sends information to its command and control server via UDP.

After infecting a computer, the CSTO ransomware collects information on the host (Windows version, installed service pack, OS version, username, computer name, and CPU type) that sends via UDP to 4096 different IP addresses, but only one of them is the C&C server.

The Vxers have chosen the UDP protocol in an attempt to hide the location of the C&C server.

The threat requests the payment of a 1.1 Bitcoins (more than $600) ransom in order to decrypt the files.

The CSTO ransomware implements a singular feature, it leverages websites such as and to host information about victims, it is able to query the Google Maps API to discover the victim’s location using SSIDs of nearby wireless networks .

The ransomware uses the WlanGetNetworkBssList function to get the nearby SSIDs, in this way it is able to determine the victim’s location, but it is not clear how the malware uses this information.

“Furthermore, it will also use public sites such as and to host information about each of the victims. Last, but not least, it will query the Google Maps API to determine the victim’s location using nearby wireless SSIDs.” reported

CSTO ransomware

The threat encrypts the file, it uploads host information along with a list of encrypted files to by compiling all details in a fake PNG image file and sending it to a certain album.

Imgur, in turn, assigns a unique name for the image file and notifies it to the CSTO ransomware and then broadcasts the filename over UDP to inform the C&C server.

Similar to other ransomware, the Cry ransomware deletes the Shadow Volume Copies using the command vssadmin delete shadows /all /quiet. In this way it prevents victims from restoring the encrypted files.

The threat gains the persistency by creating a randomly named scheduled task that is triggered every time the user logs into Windows. The task also drops ransom notes on the desktop of the infected machine.

The ransom note includes instructions on how to access the Tor network to reach the payment site used by the authors.

“The ransom notes created by the Central Security Treatment Organization Ransomware contain links to a TOR payment site that has a Window title of User Cabinet. When a user visits this site, they will be prompted to login using the personal code from their ransom note.” continues

The payment site includes a support page and offers victims the possibility to decryption just one file for free as proof that it is possible to decrypt all the locked files.

The researchers tested the free decryption feature, but it failed, another good reason to avoid paying the ransom.

medianet_width=’300′; medianet_height= ‘250’; medianet_crid=’762221962′;

Pierluigi Paganini

(Security Affairs – CSTO ransomware, cybercrime)

The post CSTO Ransomware, a malware that uses UDP and Google Maps appeared first on Security Affairs.

Source: Security affairs

NEW YORK—Today LG took the wraps off its second flagship for 2016: the LG V20. The device is a sequel to last year’s LG V10 and follows much of the same formula. The V20 is a high-end 5.7-inch smartphone with a secondary “ticker” screen just above the main screen.

The specs are about what you would expect for a 2016 flagship: a Snapdragon 820, 4GB of RAM, a 3200mAh battery, and a 5.7-inch, 2560×1440 IPS LCD. The V20’s big eyecatcher is the always-on second screen, a small area above the main screen that can display a series of mini apps—power controls, app shortcuts, calendar events, music controls, or a text string.

We weren’t enamored by LG’s earlier 2016 flagship, the LG G5. But LG has made great strides with the V20 and seems to have solved most of the issues we had with the previous flagship. The G5’s modular system is no more, along with the build-quality problems that it caused. Gone are the uneven seams and sharp edges, while the V20 keeps the removable battery and MicroSD slot by going with a more traditional removable back plate design.

Read 10 remaining paragraphs | Comments


Enlarge / Kirk and Spock wear nifty outfits in order to contemplate the concept of the Prime Directive, which was first introduced in the episode “Return of the Archons.” (credit: Paramount)

Asking lawyers about Star Trek is a bit like asking bike mechanics what their favorite beer is. Even if it’s not their area of professional expertise, they have lots of clear, well thought-out opinions on the subject. One day last month, I put out a quick call for Trek-minded attorneys, and they flooded in. Within minutes, this actual e-mail message landed in my inbox.


I suddenly had five people e-mailing me saying I had to chat with you! I aver that I am a lawyer who defines himself first and foremost as a Starfleet officer. May I help?

Christian W. Waugh
Waugh Law, P.A.

Sent from my Starfleet Communicator

I should add that this guy goes by the handle @AdmiralWaugh on Twitter. I knew I had hit on something great.

As a Trek fan—I’m a child of the 1980s, TNG was my first foray into the universe—and someone who reports frequently about legal issues, I wanted to honor the 50th anniversary of the series with a look at the legal issues at play across Star Trek. Sure, entire books have already been written on this subject, but this was boldly going into terra nullis for yours truly.

Read 21 remaining paragraphs | Comments


The carbon fiber-reinforced plastic gets built up. (credit: Local Motors)

On Tuesday, General Electric announced that it would spend $1.4 billion (~£1 billion) to acquire two European 3D printing companies—Arcam AB from Sweden and SLM Solutions Group from Germany. According to the Associated Press, GE spent $1.5 billion (~£1.1 billion) on 3D printing investments since 2010, meaning the acquisitions will double what the company has invested in the last five years.

In a press release, GE noted that Arcam “invented the electron beam melting machine for metal-based additive manufacturing and also produces advanced metal powders.” SLM Solutions, on the other hand, “produces laser machines for metal-based additive manufacturing.” Both companies have histories of doing business in the aerospace and healthcare industries, and SLM Solutions also has customers in the energy and automotive industries.

Speaking to The Wall Street Journal, GE’s CEO of Aviation David Joyce said that GE’s jet engine business has been the primary outlet for so-called additive manufacturing at the company, but it plans to use 3D printing more frequently in its power turbine and medical equipment businesses.

Read 2 remaining paragraphs | Comments


The meme that launched a veritable fleet of investigations. (credit: Kevin Lamarque / Getty Images)

Last Friday, the Federal Bureau of Investigations published a 58-page redacted memorandum on the investigation of the mishandling of classified information by former Secretary of State Hillary Clinton. The memo includes details from Clinton’s interview with the FBI and a summary of other interviews the FBI conducted during the yearlong investigation.

During her three-and-a-half-hour interview with FBI investigators, Hillary Clinton said that she had used a personal e-mail account “out of convenience” because she only wanted to carry a single mobile device—and the State Department would not allow her to connect a work device to her personal e-mail. She said she had no recollection of anyone voicing concerns over the arrangement. But the FBI investigation found records of an exchange with former Secretary of State Colin Powell on the topic, where he warned her of the risks and told her how he had “gotten around it.”

The FBI report shows that Clinton generally allowed others to make decisions about how to support her Blackberry habit and that the private mail server she used was run largely at the direction of former President Bill Clinton’s staff. And while the FBI did not find that Clinton did anything criminal, the investigation revealed a generally lax approach to security overall by the State Department, Clinton’s staff, and Clinton herself.

Read 11 remaining paragraphs | Comments