Expert insights. Personalized for you.
I had the pleasure of being on the Brakeing Down Security podcast. We had a great conversation around Darknet and investigations. Check out the awesome podcast in the links below! Direct Link: [link] iTunes: https://itunes.apple.com/us/podcast/2016-045-aamir-lakhani-discusses/id799131292?i=1000377812439&mt=2 i=1000377812439&mt=2 YouTube: https://www.youtube.com/watch?v=b7Gto0VAf5E MORE
162 
OpNoDAPL was launched by certain hacktivist groups and other unidentified threat actors in late August of 2016. The groups were opposed to the construction of the Dakota Access Pipeline (DAPL), which will be used to transport light crude from the North Dakota Bakken region, through South Dakota and Iowa, to other parts of the United […]. Hacking cyber crime government hacking MORE
On 26 January, Yuval Steinitz, the Israeli Minister of Infrastructure, Energy and Water Resources, announced to the 2016 CyberTech Conference. The post “Largest cyber attack” on Israel lacks power first appeared on Digital Shadows. Cybercrime and Dark Web Research Israeli Electric Authority MORE
Cisco’s research team Talos posted a interesting article on their recently work with GoDaddy to take down large malvertising campaign. The original post can be found HERE. This article includes a fantastic explanation of exploit kits and gates. Exploit kits are a class of threat that indiscriminately aims to compromise all users. Talos has continued […]. Cyber exploit malware MORE
Written by Hilary Smith While the web is a useful tool, it can be very dangerous as well, particularly for our kids. However, not all sites are bad. The Internet can be a learning tool, for your children to visit educational websites. We have dreaded the online predator: who could act like a child and […]. InfoSec infosec MORE
I spent a weekend (September 24th 2016) in the wonderful city of Louisville, Kentucky. If you have not visited Louisville, KY, you will be in for a treat. The city’s 4th street is vibrantly popping with life, music, and the best bourbon the bars have to offer. Oktoberfest celebrations had started that weekend as well, […]. Cyber InfoSec hacking infosec networking MORE
The Team Viewer attack appears to be an organized and sophisticated attack. And worth a whole lot of money to those that pulled it off. Note: This is strictly an opinion. As of writing, no official confirmation of breach has been reported In recent years there has been a steady increase in financial and time […]. Data Breach MORE
116 On April 22, 2007 Google launched the professional package of Google Apps for Enterprise. Since then, more than 6 million companies around the world are using Google Apps for managing their business. So what has been the secret of Google’s success? In my opinion, it’s as a result of ongoing service & security improvements, along with enhanced capabilities that require only a nominal amount of additional IT resources. MORE
This is a really cool research by Mubix found at room362 (HERE). The concept is you can use a Hak5 LAN Turtle or USB Armory stick to run responder to steal user credentials while the Windows system is locked. I used the LAN Turtle and found it pretty straight forward. Below is how I setup […]. Tools hacking tools MORE
News sites recently reported the possibility of compromised Twitter accounts. Twitter denied the claim that they had been compromised or breached. If you do a search on the topic, things read a little differently than the official company stance. Let me simply say it is not really rare or uncommon for malware to spread throughout […]. Cyber Data Breach DarkNet Deep Web Invisible Web TOR MORE
Written by Mike Oliver LinkedIn: https://www.linkedin.com/in/mikeolivero4bo Website: [link] Take it or leave it, but often EA is often referred to as a lengthy initiative with very unclear and practically not very applicable results. Like a set of reference architectures, which in practice turn to be 80% different from architectures of previously deployed solutions or a […]. InfoSec infosec MORE
written by Aamir Lakhani September 30th, 2016 Every college student will tell you textbooks are expensive. If they don’t, their parents certainly will. Textbook prices have been steadily rising through the years, which is expected. What is not usual, however, is the rate of increase. One recent estimate stating they have increased a whopping 1,041% […]. Cyber MORE
130 
Overview A vulnerability and a separate logic error exist in the gstreamer 0.10.x player for NSF music files. Combined, they allow for very reliable exploitation and the bypass of 64-bit ASLR, DEP, etc. The reliability is provided by the presence of a turing complete “scripting” inside a music player. NSF files are music files from the Nintendo Entertainment System. Curious? Read on. Demonstration, and affected distributions Here is a screenshot of the exploit triggering. MORE
CBS-affiliated KIRO-TV in Seattle reports that it caught stationery supply giant Office Depot’s employees at certain locations pushing unnecessary computer repairs on customers. The channel said that it took in brand-new laptops into Office Depot stores for free PC health checks – the company claims it does about 6,000 of these each week – and […]. Media news MORE
A Exploit kit is collection of redirection pages, landing pages, exploits and payloads designed to automatically infect users for a revenue stream. Exploit kits are typically not using targeted attacks meaning they try to get any system on the internet that is vulnerable to access their website and usually deliver ransomware. Examples of exploit […]. Hacking exploit hacking malware MORE
Joseph Muniz, aka the security blogger wrote a great article on PosionTap. The original article can be found here. Samy Kamkar posted his a very cool attack script that turns a Raspberry Pi Zero as well as other smaller tools such as the Lanturtle into a backdoor injecting tool that can breached screen locked computers […]. Hacking Tools hacking tools MORE
Protection of communications: key for the security of all protocols In industrial control systems, communications play a key role in an environment where millions of packages are exchanged daily, including often critical information on the status of processes and devices. This is why preserving the integrity of information in transit and ensuring it reaches its […]. InfoSec IoT scada MORE
Last month, Fortinet researcher Honggang Ren discovered a heap overflow vulnerability in Windows Journal and reported it to Microsoft. This month, Microsoft released update KB3161102 and removed the Journal component from all versions of Windows because the file format used by Journal has been demonstrated to be susceptible to a number of security exploits. Microsoft […]. InfoSec infosec MORE
In response to recent malicious botnet attacks that crippled tech giants and a French internet service provider, an engineer released a proof-of-concept of a worm that would automatically change default passwords of insecure IoT devices. The code, released on GitHub by Leo Linsky, a software engineer at network security firm PacketSled, could be used to […]. MORE
The Hacker News posted about a new ransomware called Popcorn time that has taken a new twist to the ransomware game. They offer two options to get your files back. You can pay the ransomware OR infect two other systems. The original post can be found HERE. It is crazy what they are coming up […]. Malware ransomware MORE
Written by Aamir Lakhani and Keith Rayle Ransomware may potentially be the biggest threat in 2016. Criminal organizations are making big money from ransomware. According to a Geek.com article by Lee Mathews, Cryptowall, a ransomware application, generated over $30 million USD for criminals. People simply pay to get their data back, a system operational again, or prevent […]. Cyber InfoSec MORE
Written by Mike Oliver LinkedIn: https://www.linkedin.com/in/mikeolivero4bo Website: [link] So what does Security, Cyber Crimes, Denial of Service, and other Security Concerns have to do with a Service Oriented Architecture? Does having a Service Oriented Architecture translate into having a more secure enterprise? Maybe yes and maybe no. Certainly having an Enterprise Architecture can translate into better security […]. InfoSec infosec MORE
By David Brumley. In 2008 I started as a new assistant professor at CMU. I sat down, thought hard about what I had learned from graduate school, and tried to figure out what to do next. My advisor in graduate school was Dawn Song , one of the top scholars in computer security. She would go on to win a MacArthur "Genius" Award in 2010. She's a hard act to follow. I was constantly reminded of this because, by some weird twist of fate, I was given her office when she moved from CMU to Berkeley. MORE
Less than a month ago, hackers took control of an ocean of unsecured connected home devices, then essentially crashed the entire internet by using them to flood the web’s largest internet management company with bogus traffic. Now, the makers of smart gadgets that communicate using Z-Wave are ratcheting up their security standards to help reassure […]. MORE
Joseph Muniz, aka the security blogger wrote a great article on OAuth 2.0 vulnerabilities. The original article can be found here. Threatpost.com posted a write up on very scary research on OAuth 2.0 vulnerabilities from the recent Blackhat Europe 2016 conference. The original post can be found HERE. Third-party applications that allow single sign-on […]. Wireless mobile wireless MORE
Written by Hilary Smith While the web is a useful tool, it can be very dangerous as well, particularly for our kids. However, not all sites are bad. The Internet can be a learning tool, for your children to visit educational websites. We have dreaded the online predator: who could act like a child and […]. InfoSec infosec MORE
Image credit: Bill Anders, Apollo 8 , launched this day, Dec 21, 1968. space exploration Uncategorized MORE
130 Here we are in one of the most bizarre elections in the history of our republic. Initial accusations of rigged elections, threats of recounts, fighting recounts, and a few rogue Electoral College members consciously voting against apparent voter desires in the great expanse that is the middle of America…I guess this was inevitable given the […]. Cyber cyber crime FedTech government GovTech MORE
148 Researchers from Invincea have identified serious vulnerabilities in Belkin WeMo home automation devices and their associated Android application. The vendor has fixed the mobile app and will soon release firmware updates to patch the device flaws. Belkin WeMo products are designed to allow users to control their home electronics from anywhere. The product line includes […]. IoT mobile MORE
Fortinet has developed a talented group of security experts and veterans that work together to design, execute, and administer every conceivable type of networking and security infrastructure. These infrastructures serve the largest enterprises, university campuses, and industry conferences, to small and mid-sized businesses, inter-connected retail locations, and even storm-battered cargo ships. Designing and building any […]. InfoSec hacking infosec tools MORE
Well it is finally here … a MAC malware being coined as Backdoor.MAC.Elanor. This malware is embedded into a fake file converter application. Once infected they can steal data, control your camera and so on. The original post can be foundHERE. After the first ever example of Mac ransomware was found in the wild earlier […]. Malware Apple MacOS malware MORE
Law enforcement has trained special dogs to find hidden thumb drives and cell phones that human investigators routinely miss, and it's foiling predators, terrorists, and other criminals MORE
129 
Attackers, hackers, and account crackers are continuously looking for new markets to leverage for showcasing their services or products. In the past we have talked a lot about the DarkNet and how it is used as a marketplace for illegal activities, commodities and services. These individuals asctually use sites such as eBay, Craigslist, and other […]. Hacking DarkNet Deep Web MORE
As a result of our continuous monitoring of the Locky ransomeware we discovered a new Locky variant. This variant now appends a “.odin” odin” extension to its encrypted files. This is now the third time that the extension has been changed. Aside from this, in this report we will also examine some of its other minor […]. Malware malware ransomware MORE
To address security compromises like lifting encryption codes, ransomware, and other risks facing Internet-of-Things technologies, I made a graphic which I attached below that shows smartphone applications as an attack point. Focusing on the process of hacking other systems in connected cars as well, we made extensive updates to our page on automotive IoT security […]. InfoSec IoT MORE
Today, Treasury Secretary Jacob J. Lew and Assistant to the President for Homeland Security and Counterterrorism Lisa Monaco co-hosted a meeting with financial services executives, financial regulators, and Administration officials to discuss cybersecurity and the financial stability implications of a significant cyber incident. Meeting participants noted the importance of coordinating potential response activities to a […]. Cyber MORE
Doctor Chaos
OCTOBER 23, 2016
Written by Mike Oliver LinkedIn: https://www.linkedin.com/in/mikeolivero4bo Website: [link] Take it or leave it, but often EA is often referred to as a lengthy initiative with very unclear and practically not very applicable results. Like a set of reference architectures, which in practice turn to be 80% different from architectures of previously deployed solutions or a […]. InfoSec infosec
Adam Shostack
DECEMBER 21, 2016
Image credit: Bill Anders, Apollo 8 , launched this day, Dec 21, 1968. space exploration Uncategorized
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Scary Beasts Security
NOVEMBER 14, 2016
Overview A vulnerability and a separate logic error exist in the gstreamer 0.10.x player for NSF music files. Combined, they allow for very reliable exploitation and the bypass of 64-bit ASLR, DEP, etc. The reliability is provided by the presence of a turing complete “scripting” inside a music player. NSF files are music files from the Nintendo Entertainment System. Curious? Read on. Demonstration, and affected distributions Here is a screenshot of the exploit triggering.
Tech Republic Security
DECEMBER 9, 2016
Law enforcement has trained special dogs to find hidden thumb drives and cell phones that human investigators routinely miss, and it's foiling predators, terrorists, and other criminals
Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association
In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization. They’ll share how to grow your business faster and minimize costs for both security and compliance
ForAllSecure
JULY 26, 2016
By David Brumley. In 2008 I started as a new assistant professor at CMU. I sat down, thought hard about what I had learned from graduate school, and tried to figure out what to do next. My advisor in graduate school was Dawn Song , one of the top scholars in computer security. She would go on to win a MacArthur "Genius" Award in 2010. She's a hard act to follow. I was constantly reminded of this because, by some weird twist of fate, I was given her office when she moved from CMU to Berkeley.
Spinone
DECEMBER 28, 2016
On April 22, 2007 Google launched the professional package of Google Apps for Enterprise. Since then, more than 6 million companies around the world are using Google Apps for managing their business. So what has been the secret of Google’s success? In my opinion, it’s as a result of ongoing service & security improvements, along with enhanced capabilities that require only a nominal amount of additional IT resources.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Doctor Chaos
NOVEMBER 15, 2016
I had the pleasure of being on the Brakeing Down Security podcast. We had a great conversation around Darknet and investigations. Check out the awesome podcast in the links below! Direct Link: [link] iTunes: https://itunes.apple.com/us/podcast/2016-045-aamir-lakhani-discusses/id799131292?i=1000377812439&mt=2 i=1000377812439&mt=2 YouTube: https://www.youtube.com/watch?v=b7Gto0VAf5E
Doctor Chaos
DECEMBER 6, 2016
Here we are in one of the most bizarre elections in the history of our republic. Initial accusations of rigged elections, threats of recounts, fighting recounts, and a few rogue Electoral College members consciously voting against apparent voter desires in the great expanse that is the middle of America…I guess this was inevitable given the […]. Cyber cyber crime FedTech government GovTech
Doctor Chaos
JUNE 24, 2016
Written by Hilary Smith While the web is a useful tool, it can be very dangerous as well, particularly for our kids. However, not all sites are bad. The Internet can be a learning tool, for your children to visit educational websites. We have dreaded the online predator: who could act like a child and […]. InfoSec infosec
Doctor Chaos
SEPTEMBER 24, 2016
This is a really cool research by Mubix found at room362 (HERE). The concept is you can use a Hak5 LAN Turtle or USB Armory stick to run responder to steal user credentials while the Windows system is locked. I used the LAN Turtle and found it pretty straight forward. Below is how I setup […]. Tools hacking tools
Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies
Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.
Doctor Chaos
OCTOBER 3, 2016
I spent a weekend (September 24th 2016) in the wonderful city of Louisville, Kentucky. If you have not visited Louisville, KY, you will be in for a treat. The city’s 4th street is vibrantly popping with life, music, and the best bourbon the bars have to offer. Oktoberfest celebrations had started that weekend as well, […]. Cyber InfoSec hacking infosec networking
Doctor Chaos
JULY 11, 2016
News sites recently reported the possibility of compromised Twitter accounts. Twitter denied the claim that they had been compromised or breached. If you do a search on the topic, things read a little differently than the official company stance. Let me simply say it is not really rare or uncommon for malware to spread throughout […]. Cyber Data Breach DarkNet Deep Web Invisible Web TOR
Doctor Chaos
JUNE 24, 2016
Written by Hilary Smith While the web is a useful tool, it can be very dangerous as well, particularly for our kids. However, not all sites are bad. The Internet can be a learning tool, for your children to visit educational websites. We have dreaded the online predator: who could act like a child and […]. InfoSec infosec
Doctor Chaos
NOVEMBER 17, 2016
CBS-affiliated KIRO-TV in Seattle reports that it caught stationery supply giant Office Depot’s employees at certain locations pushing unnecessary computer repairs on customers. The channel said that it took in brand-new laptops into Office Depot stores for free PC health checks – the company claims it does about 6,000 of these each week – and […]. Media news
Doctor Chaos
OCTOBER 11, 2016
To address security compromises like lifting encryption codes, ransomware, and other risks facing Internet-of-Things technologies, I made a graphic which I attached below that shows smartphone applications as an attack point. Focusing on the process of hacking other systems in connected cars as well, we made extensive updates to our page on automotive IoT security […]. InfoSec IoT
Doctor Chaos
OCTOBER 25, 2016
Today, Treasury Secretary Jacob J. Lew and Assistant to the President for Homeland Security and Counterterrorism Lisa Monaco co-hosted a meeting with financial services executives, financial regulators, and Administration officials to discuss cybersecurity and the financial stability implications of a significant cyber incident. Meeting participants noted the importance of coordinating potential response activities to a […]. Cyber
Doctor Chaos
OCTOBER 5, 2016
Fortinet has developed a talented group of security experts and veterans that work together to design, execute, and administer every conceivable type of networking and security infrastructure. These infrastructures serve the largest enterprises, university campuses, and industry conferences, to small and mid-sized businesses, inter-connected retail locations, and even storm-battered cargo ships. Designing and building any […]. InfoSec hacking infosec tools
Doctor Chaos
SEPTEMBER 30, 2016
written by Aamir Lakhani September 30th, 2016 Every college student will tell you textbooks are expensive. If they don’t, their parents certainly will. Textbook prices have been steadily rising through the years, which is expected. What is not usual, however, is the rate of increase. One recent estimate stating they have increased a whopping 1,041% […]. Cyber
Doctor Chaos
JULY 15, 2016
Well it is finally here … a MAC malware being coined as Backdoor.MAC.Elanor. This malware is embedded into a fake file converter application. Once infected they can steal data, control your camera and so on. The original post can be foundHERE. After the first ever example of Mac ransomware was found in the wild earlier […]. Malware Apple MacOS malware
Doctor Chaos
MAY 13, 2016
Written by Aamir Lakhani and Keith Rayle Ransomware may potentially be the biggest threat in 2016. Criminal organizations are making big money from ransomware. According to a Geek.com article by Lee Mathews, Cryptowall, a ransomware application, generated over $30 million USD for criminals. People simply pay to get their data back, a system operational again, or prevent […]. Cyber InfoSec
Doctor Chaos
NOVEMBER 4, 2016
OpNoDAPL was launched by certain hacktivist groups and other unidentified threat actors in late August of 2016. The groups were opposed to the construction of the Dakota Access Pipeline (DAPL), which will be used to transport light crude from the North Dakota Bakken region, through South Dakota and Iowa, to other parts of the United […]. Hacking cyber crime government hacking
Doctor Chaos
NOVEMBER 21, 2016
Written by Mike Oliver LinkedIn: https://www.linkedin.com/in/mikeolivero4bo Website: [link] So what does Security, Cyber Crimes, Denial of Service, and other Security Concerns have to do with a Service Oriented Architecture? Does having a Service Oriented Architecture translate into having a more secure enterprise? Maybe yes and maybe no. Certainly having an Enterprise Architecture can translate into better security […]. InfoSec infosec
Doctor Chaos
NOVEMBER 18, 2016
Joseph Muniz, aka the security blogger wrote a great article on OAuth 2.0 vulnerabilities. The original article can be found here. Threatpost.com posted a write up on very scary research on OAuth 2.0 vulnerabilities from the recent Blackhat Europe 2016 conference. The original post can be found HERE. Third-party applications that allow single sign-on […]. Wireless mobile wireless
Doctor Chaos
NOVEMBER 17, 2016
Joseph Muniz, aka the security blogger wrote a great article on PosionTap. The original article can be found here. Samy Kamkar posted his a very cool attack script that turns a Raspberry Pi Zero as well as other smaller tools such as the Lanturtle into a backdoor injecting tool that can breached screen locked computers […]. Hacking Tools hacking tools
Doctor Chaos
NOVEMBER 7, 2016
Attackers, hackers, and account crackers are continuously looking for new markets to leverage for showcasing their services or products. In the past we have talked a lot about the DarkNet and how it is used as a marketplace for illegal activities, commodities and services. These individuals asctually use sites such as eBay, Craigslist, and other […]. Hacking DarkNet Deep Web
Doctor Chaos
MARCH 21, 2016
A Exploit kit is collection of redirection pages, landing pages, exploits and payloads designed to automatically infect users for a revenue stream. Exploit kits are typically not using targeted attacks meaning they try to get any system on the internet that is vulnerable to access their website and usually deliver ransomware. Examples of exploit […]. Hacking exploit hacking malware
Doctor Chaos
NOVEMBER 20, 2016
Less than a month ago, hackers took control of an ocean of unsecured connected home devices, then essentially crashed the entire internet by using them to flood the web’s largest internet management company with bogus traffic. Now, the makers of smart gadgets that communicate using Z-Wave are ratcheting up their security standards to help reassure […].
Doctor Chaos
NOVEMBER 3, 2016
In response to recent malicious botnet attacks that crippled tech giants and a French internet service provider, an engineer released a proof-of-concept of a worm that would automatically change default passwords of insecure IoT devices. The code, released on GitHub by Leo Linsky, a software engineer at network security firm PacketSled, could be used to […].
Doctor Chaos
OCTOBER 4, 2016
As a result of our continuous monitoring of the Locky ransomeware we discovered a new Locky variant. This variant now appends a “.odin” odin” extension to its encrypted files. This is now the third time that the extension has been changed. Aside from this, in this report we will also examine some of its other minor […]. Malware malware ransomware
Doctor Chaos
SEPTEMBER 29, 2016
Last month, Fortinet researcher Honggang Ren discovered a heap overflow vulnerability in Windows Journal and reported it to Microsoft. This month, Microsoft released update KB3161102 and removed the Journal component from all versions of Windows because the file format used by Journal has been demonstrated to be susceptible to a number of security exploits. Microsoft […]. InfoSec infosec
Doctor Chaos
SEPTEMBER 27, 2016
Cisco’s research team Talos posted a interesting article on their recently work with GoDaddy to take down large malvertising campaign. The original post can be found HERE. This article includes a fantastic explanation of exploit kits and gates. Exploit kits are a class of threat that indiscriminately aims to compromise all users. Talos has continued […]. Cyber exploit malware
Doctor Chaos
JUNE 2, 2016
The Team Viewer attack appears to be an organized and sophisticated attack. And worth a whole lot of money to those that pulled it off. Note: This is strictly an opinion. As of writing, no official confirmation of breach has been reported In recent years there has been a steady increase in financial and time […]. Data Breach
Doctor Chaos
DECEMBER 19, 2016
Protection of communications: key for the security of all protocols In industrial control systems, communications play a key role in an environment where millions of packages are exchanged daily, including often critical information on the status of processes and devices. This is why preserving the integrity of information in transit and ensuring it reaches its […]. InfoSec IoT scada
Doctor Chaos
DECEMBER 15, 2016
The Hacker News posted about a new ransomware called Popcorn time that has taken a new twist to the ransomware game. They offer two options to get your files back. You can pay the ransomware OR infect two other systems. The original post can be found HERE. It is crazy what they are coming up […]. Malware ransomware
Doctor Chaos
NOVEMBER 4, 2016
Researchers from Invincea have identified serious vulnerabilities in Belkin WeMo home automation devices and their associated Android application. The vendor has fixed the mobile app and will soon release firmware updates to patch the device flaws. Belkin WeMo products are designed to allow users to control their home electronics from anywhere. The product line includes […]. IoT mobile
Let's personalize your content