2016

Why Companies Do Need Enterprise Architecture at Downturn?

Doctor Chaos

Written by Mike Oliver LinkedIn: https://www.linkedin.com/in/mikeolivero4bo Website: [link] Take it or leave it, but often EA is often referred to as a lengthy initiative with very unclear and practically not very applicable results. Like a set of reference architectures, which in practice turn to be 80% different from architectures of previously deployed solutions or a […]. InfoSec infosec

[0day] [exploit] Compromising a Linux desktop using. 6502 processor opcodes on the NES?!

Scary Beasts Security

Overview A vulnerability and a separate logic error exist in the gstreamer 0.10.x player for NSF music files. Combined, they allow for very reliable exploitation and the bypass of 64-bit ASLR, DEP, etc. The reliability is provided by the presence of a turing complete “scripting” inside a music player. NSF files are music files from the Nintendo Entertainment System. Curious? Read on. Demonstration, and affected distributions Here is a screenshot of the exploit triggering.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Learn cybersecurity basics with these essential YouTube videos

Tech Republic Security

A hand-picked list of must-watch cybersecurity videos to help you learn the fundamentals of encryption, how hackers penetrate systems, and strong cyber-defense tactics for business

Why CGC Matters to Me

ForAllSecure

By David Brumley. In 2008 I started as a new assistant professor at CMU. I sat down, thought hard about what I had learned from graduate school, and tried to figure out what to do next. My advisor in graduate school was Dawn Song , one of the top scholars in computer security. She would go on to win a MacArthur "Genius" Award in 2010. She's a hard act to follow. I was constantly reminded of this because, by some weird twist of fate, I was given her office when she moved from CMU to Berkeley.

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.

How to Upgrade Your Individual Account to Business

Spinone

On April 22, 2007 Google launched the professional package of Google Apps for Enterprise. Since then, more than 6 million companies around the world are using Google Apps for managing their business. So what has been the secret of Google’s success? In my opinion, it’s as a result of ongoing service & security improvements, along with enhanced capabilities that require only a nominal amount of additional IT resources.

“Largest cyber attack” on Israel lacks power

Digital Shadows

On 26 January, Yuval Steinitz, the Israeli Minister of Infrastructure, Energy and Water Resources, announced to the 2016 CyberTech Conference. The post “Largest cyber attack” on Israel lacks power first appeared on Digital Shadows. Cybercrime and Dark Web Research Israeli Electric Authority

More Trending

Elections…Or per Yogi Berra – It Ain’t Over Until It’s Over

Doctor Chaos

Here we are in one of the most bizarre elections in the history of our republic. Initial accusations of rigged elections, threats of recounts, fighting recounts, and a few rogue Electoral College members consciously voting against apparent voter desires in the great expanse that is the middle of America…I guess this was inevitable given the […]. Cyber cyber crime FedTech government GovTech

How To Protect Your Children From Online Predators And Cyberbullying

Doctor Chaos

Written by Hilary Smith While the web is a useful tool, it can be very dangerous as well, particularly for our kids. However, not all sites are bad. The Internet can be a learning tool, for your children to visit educational websites. We have dreaded the online predator: who could act like a child and […]. InfoSec infosec

Snagging Creds From Locked Machines With LAN Turtle Or USB Armory

Doctor Chaos

This is a really cool research by Mubix found at room362 (HERE). The concept is you can use a Hak5 LAN Turtle or USB Armory stick to run responder to steal user credentials while the Windows system is locked. I used the LAN Turtle and found it pretty straight forward. Below is how I setup […]. Tools hacking tools

DerbyCon 6.0 – Feeling ReCharged!

Doctor Chaos

I spent a weekend (September 24th 2016) in the wonderful city of Louisville, Kentucky. If you have not visited Louisville, KY, you will be in for a treat. The city’s 4th street is vibrantly popping with life, music, and the best bourbon the bars have to offer. Oktoberfest celebrations had started that weekend as well, […]. Cyber InfoSec hacking infosec networking

Darknet Social Media Credentials

Doctor Chaos

News sites recently reported the possibility of compromised Twitter accounts. Twitter denied the claim that they had been compromised or breached. If you do a search on the topic, things read a little differently than the official company stance. Let me simply say it is not really rare or uncommon for malware to spread throughout […]. Cyber Data Breach DarkNet Deep Web Invisible Web TOR

Media 136

How To Protect Your Children From Online Predators And Cyberbullying

Doctor Chaos

Written by Hilary Smith While the web is a useful tool, it can be very dangerous as well, particularly for our kids. However, not all sites are bad. The Internet can be a learning tool, for your children to visit educational websites. We have dreaded the online predator: who could act like a child and […]. InfoSec infosec

Office Depot caught recommending costly bogus computer repairs

Doctor Chaos

CBS-affiliated KIRO-TV in Seattle reports that it caught stationery supply giant Office Depot’s employees at certain locations pushing unnecessary computer repairs on customers. The channel said that it took in brand-new laptops into Office Depot stores for free PC health checks – the company claims it does about 6,000 of these each week – and […]. Media news

Media 132

Vulnerabilities of the connected car

Doctor Chaos

To address security compromises like lifting encryption codes, ransomware, and other risks facing Internet-of-Things technologies, I made a graphic which I attached below that shows smartphone applications as an attack point. Focusing on the process of hacking other systems in connected cars as well, we made extensive updates to our page on automotive IoT security […]. InfoSec IoT

Readout from a Treasury Spokesperson of the Administration’s Meeting with Financial Regulators and CEOs on Cybersecurity in the Financial Services Sector

Doctor Chaos

Today, Treasury Secretary Jacob J. Lew and Assistant to the President for Homeland Security and Counterterrorism Lisa Monaco co-hosted a meeting with financial services executives, financial regulators, and Administration officials to discuss cybersecurity and the financial stability implications of a significant cyber incident. Meeting participants noted the importance of coordinating potential response activities to a […]. Cyber

Proactive Hacking to Build Better Security

Doctor Chaos

Fortinet has developed a talented group of security experts and veterans that work together to design, execute, and administer every conceivable type of networking and security infrastructure. These infrastructures serve the largest enterprises, university campuses, and industry conferences, to small and mid-sized businesses, inter-connected retail locations, and even storm-battered cargo ships. Designing and building any […]. InfoSec hacking infosec tools

Retail 130

The spiraling cost of college textbooks

Doctor Chaos

written by Aamir Lakhani September 30th, 2016 Every college student will tell you textbooks are expensive. If they don’t, their parents certainly will. Textbook prices have been steadily rising through the years, which is expected. What is not usual, however, is the rate of increase. One recent estimate stating they have increased a whopping 1,041% […]. Cyber

130
130

Mac Malware Backdoor.MAC.Elanor: Steal Data, Execute Code, Control Webcam

Doctor Chaos

Well it is finally here … a MAC malware being coined as Backdoor.MAC.Elanor. This malware is embedded into a fake file converter application. Once infected they can steal data, control your camera and so on. The original post can be foundHERE. After the first ever example of Mac ransomware was found in the wild earlier […]. Malware Apple MacOS malware

The Art of Ransomware

Doctor Chaos

Written by Aamir Lakhani and Keith Rayle Ransomware may potentially be the biggest threat in 2016. Criminal organizations are making big money from ransomware. According to a Geek.com article by Lee Mathews, Cryptowall, a ransomware application, generated over $30 million USD for criminals. People simply pay to get their data back, a system operational again, or prevent […]. Cyber InfoSec

OpNoDAPL – Pipeline Protests and Doxing

Doctor Chaos

OpNoDAPL was launched by certain hacktivist groups and other unidentified threat actors in late August of 2016. The groups were opposed to the construction of the Dakota Access Pipeline (DAPL), which will be used to transport light crude from the North Dakota Bakken region, through South Dakota and Iowa, to other parts of the United […]. Hacking cyber crime government hacking

Service Oriented Architecture and Security

Doctor Chaos

Written by Mike Oliver LinkedIn: https://www.linkedin.com/in/mikeolivero4bo Website: [link] So what does Security, Cyber Crimes, Denial of Service, and other Security Concerns have to do with a Service Oriented Architecture? Does having a Service Oriented Architecture translate into having a more secure enterprise? Maybe yes and maybe no. Certainly having an Enterprise Architecture can translate into better security […]. InfoSec infosec

OAUTH 2.0 Hack Exposes 1 Billion Mobile APPS To Account Hijacking

Doctor Chaos

Joseph Muniz, aka the security blogger wrote a great article on OAuth 2.0 vulnerabilities. The original article can be found here. Threatpost.com posted a write up on very scary research on OAuth 2.0 vulnerabilities from the recent Blackhat Europe 2016 conference. The original post can be found HERE. Third-party applications that allow single sign-on […]. Wireless mobile wireless

Mobile 122

PoisonTap ($5) Can Hack Your Locked Computer In One Minute

Doctor Chaos

Joseph Muniz, aka the security blogger wrote a great article on PosionTap. The original article can be found here. Samy Kamkar posted his a very cool attack script that turns a Raspberry Pi Zero as well as other smaller tools such as the Lanturtle into a backdoor injecting tool that can breached screen locked computers […]. Hacking Tools hacking tools

DarkNet. vs Internet Sales Sites (or How I Learned to Buy Anything Anywhere)

Doctor Chaos

Attackers, hackers, and account crackers are continuously looking for new markets to leverage for showcasing their services or products. In the past we have talked a lot about the DarkNet and how it is used as a marketplace for illegal activities, commodities and services. These individuals asctually use sites such as eBay, Craigslist, and other […]. Hacking DarkNet Deep Web

Exploit Kits 101 – How A Typical Exploit Kit Functions

Doctor Chaos

A Exploit kit is collection of redirection pages, landing pages, exploits and payloads designed to automatically infect users for a revenue stream. Exploit kits are typically not using targeted attacks meaning they try to get any system on the internet that is vulnerable to access their website and usually deliver ransomware. Examples of exploit […]. Hacking exploit hacking malware

Z-Wave smart-home gadgets announce new IoT security standards

Doctor Chaos

Less than a month ago, hackers took control of an ocean of unsecured connected home devices, then essentially crashed the entire internet by using them to flood the web’s largest internet management company with bogus traffic. Now, the makers of smart gadgets that communicate using Z-Wave are ratcheting up their security standards to help reassure […].

IoT 116

Worm secures vulnerable IoT devices

Doctor Chaos

In response to recent malicious botnet attacks that crippled tech giants and a French internet service provider, an engineer released a proof-of-concept of a worm that would automatically change default passwords of insecure IoT devices. The code, released on GitHub by Leo Linsky, a software engineer at network security firm PacketSled, could be used to […].

IoT 116

The Locky Saga Continues: Now Uses.odin as File Extension

Doctor Chaos

As a result of our continuous monitoring of the Locky ransomeware we discovered a new Locky variant. This variant now appends a “.odin” odin” extension to its encrypted files. This is now the third time that the extension has been changed. Aside from this, in this report we will also examine some of its other minor […]. Malware malware ransomware

Microsoft Removed Journal From Windows Due To Security Issues

Doctor Chaos

Last month, Fortinet researcher Honggang Ren discovered a heap overflow vulnerability in Windows Journal and reported it to Microsoft. This month, Microsoft released update KB3161102 and removed the Journal component from all versions of Windows because the file format used by Journal has been demonstrated to be susceptible to a number of security exploits. Microsoft […]. InfoSec infosec

Talos ShadowGate Take Down: Global Malvertising Campaign Thwarted

Doctor Chaos

Cisco’s research team Talos posted a interesting article on their recently work with GoDaddy to take down large malvertising campaign. The original post can be found HERE. This article includes a fantastic explanation of exploit kits and gates. Exploit kits are a class of threat that indiscriminately aims to compromise all users. Talos has continued […]. Cyber exploit malware

Team Viewer Attack

Doctor Chaos

The Team Viewer attack appears to be an organized and sophisticated attack. And worth a whole lot of money to those that pulled it off. Note: This is strictly an opinion. As of writing, no official confirmation of breach has been reported In recent years there has been a steady increase in financial and time […]. Data Breach

Testing Industrial Protocols with Security Tools

Doctor Chaos

Protection of communications: key for the security of all protocols In industrial control systems, communications play a key role in an environment where millions of packages are exchanged daily, including often critical information on the status of processes and devices. This is why preserving the integrity of information in transit and ensuring it reaches its […]. InfoSec IoT scada

This Ransomware Unlocks Your Files For Free If You Infect Others – Popcorn Time!

Doctor Chaos

The Hacker News posted about a new ransomware called Popcorn time that has taken a new twist to the ransomware game. They offer two options to get your files back. You can pay the ransomware OR infect two other systems. The original post can be found HERE. It is crazy what they are coming up […]. Malware ransomware

Belkin WeMo Devices Expose Smartphones to Attacks

Doctor Chaos

Researchers from Invincea have identified serious vulnerabilities in Belkin WeMo home automation devices and their associated Android application. The vendor has fixed the mobile app and will soon release firmware updates to patch the device flaws. Belkin WeMo products are designed to allow users to control their home electronics from anywhere. The product line includes […]. IoT mobile

Advanced PowerShell Techniques using Magic Unicorn

Doctor Chaos

Magic Unicorn is powerful tool that can be used to generate and bypass commercial antivirus (AV) detection methods. It allows an attacker to implement a PowerShell downgrade attack and inject shellcode directly into memory. It is based on Matthew Graeber’s PowerShell attacks integrated with bypass technique as presented at Defcon 18 by David Kennedy (TrustedSec) […]. Hacking hacking

Dr Chaos Podcast – Dec 26th 2016 – Year in Review

Doctor Chaos

1 – “Peace” Dumps Yahoo User Data on the Dark Web August 1st Well-known cyber criminal Peace listed 200 million records of Yahoo user credentials on for sale on the dark web at the beginning of August. This data included usernames, passwords that were hashed using the md5 algorithm and dates of birth. This […]. Podcast podcast