security news bytes june 2014 bangalore
DESCRIPTION
null Bangalore Chapter - June 2014 MeetTRANSCRIPT
SECURITY NEWS BYTES
Nishanth Kumar
n|u Bangalore chapter Lead
N | U M O N T H LY M E E T
14 Jun 2014
!!!! DISCLAIMER !!!!
• The information contained in this presentation does
not break any intellectual property, nor does it
provide detailed information that may be in conflict
with any laws (hopefully...) :)
• Registered brands belong to their legitimate owners.
• The opinion here represented are my personal ones
and do not necessary reflect my employers views.
14 Jun 2014
HEADLINES
• GameOver Zeus & CryptoLocker malware
• Iraq Blocks Social Media Amid Militant Drive
• “Absolute Software” Names New Chief Executive Officer
• Cybercriminals Ramp Up Activity Ahead of 2014 World
Cup
• Former Microsoft Worker Sent to Prison for Theft of Trade
Secrets
14 Jun 2014
CONTINUED …
• P.F. Chang's ( Restaurant chain ) confirms theft of customer card data.
December 2013 , 100 million customers data is hacked as per the news .
• LulzSec hacker helps FBI stop over 300 cyber attacks
• Austrian computer student: I accidentally hacked Twitter with a heart symbol
• Chinese government hackers are coming for your cloud.
14 Jun 2014
CONTINUED
• Schools Kids hacked BMO ATM using Operators
manual found online
just a random guess of the password
• New Svpeng Trojan Targets US Mobile Users
• Spotify latest to be hit by hack on users
14 Jun 2014
?...?
• Netflix passwords leaked again?
• Most common passwords registered
• w4gw4g
• Poosty72
• Moshimoshi
• 500 usernames ‘n’ passwords leaked
14 Jun 2014
EXPLOIT DB – STATS ( JUNE 2014 )
• Remote exploit - 6
• Local exploit – 2
• Web application – 7
• DOS - 2
• Papers - 6
14 Jun 2014
INTERESTING TRICK
• Loophole in PayPal Terms Allows Anyone to Double
their PayPal Money Endlessly
three separate PayPal account
• one real
• Virtual Credit Card (VCC)
• Virtual Bank Account (VBA)
Link : http://thehackernews.com/2014/06/loophole-in-
paypal-terms-allows-anyone.html
14 Jun 2014
14 Jun 2014
NEWS FROM GIANTS
14 Jun 2014
MICROSOFT
• Microsoft helps FBI in GameOver Zeus botnet
cleanup
• Microsoft Running Out Of IPv4 Address Space In The
US To Use For Azure VMs
14 Jun 2014
SYMANTEC
• TrueCrypt Migration to Symantec Encryption
Desktop
14 Jun 2014
T O O L S W A T C H . O R G R E A D E R S
2013 TOP SECURITY TOOLS
14 Jun 2014
OWASP ZAP – ZED ATTACK PROXY PROJECT
• tool for finding vulnerabilities in web applications.
• ZAP provides automated scanners as well as a set
of tools that allow you to find security vulnerabilities
manually.
Link :
https://www.owasp.org/index.php/OWASP_Zed_Atta
ck_Proxy_Project
14 Jun 2014
BEEF – THE BROWSER EXPLOITATION FRAMEWORK PROJECT
• Penetration testing tool that focuses on the web
browser.
Link : http://beefproject.com/
14 Jun 2014
BURP SUITE
• Performing security testing of web applications and
Proxy Server
Link : http://portswigger.net/burp/
14 Jun 2014
PE STUDIO
• Free tool performing the static investigation of any
Windows executable binary.
Note : A file being analysed with PeStudio is never
launched
Link : www.winitor.com
14 Jun 2014
OWASP XENOTIX
• Advanced Cross Site Scripting (XSS) vulnerability
detection and exploitation framework
• It provides Zero False Positive scan results with its
unique Triple Browser Engine (Trident, WebKit, and
Gecko) embedded scanner.
Link : http://opensecurity.in/owasp-xenotix-xss-exploit-
framework-v4-5-relesed/
14 Jun 2014
LYNIS THE HARDENING UNIX TOOL
• Tool to audit and harden Unix and Linux based
systems.
Link : http://cisofy.com/lynis/
14 Jun 2014
14 Jun 2014
THANK YOU
14 Jun 2014