2. Disclaimer
• The information contained in this presentation does
not break any intellectual property, nor does it
provide detailed information that may be in conflict
with any laws
• Registered brands belong to their legitimate owners
• The opinion here represented are my personal ones
and do not necessary reflect my employer’s views.
• This presentation doesn't teach you how to hack into
any system nor it encourages one to do without prior
permission .
• All the information has been collected from different
Security news sites(public domain).
11/26/2014 2
3. Agenda
• Arrests
• Data Breach
• Hack
• Mobile Security
• General
• Tools
• Acquisitions
• Stats
• Jobs
• Trends
• Hackable devices
• Acquisitions
• New Hardware
11/26/2014 3
5. • WireLurker has been in action in China for
the past six months, first infecting Macs by
inserting Trojan software through
repackaged OS X apps, then moving on to
iOS devices. The firm claims that it is the first
to automate generation of malicious iOS
apps by implementing a binary file
replacement attack.
• So far, 467 OS X apps have been infected
and distributed through China's third-party
Maiyadi App Store, with downloads totaling
over 356,104 possibly impacting "hundreds
of thousands of users.
11/26/2014 5
6. • Fredrik Neij – known online as "TiAMO",
third and the last founder of the popular file
sharing website The Pirate Bay has been
arrested driving across the border of Laos
and Thailand.
• The 36-year-old fugitive Fredrik Neij was
convicted by a Swedish court in 2009 of
aiding copyright infringement and now
he has been arrested under an Interpol
warrant after four years on the run.
• Anyways, the awesome 'The Pirate Bay'
website is of course still alive and Kicking!
11/26/2014 6
7. • The joint operation by authorities of the U.S. Federal
Bureau of Investigation (FBI) and European law
enforcement seized Silk Road 2.0, an alternative to the
notorious online illegal-drug marketplace last week, and
arrested 26-year-old operator Blake Benthal.
• US and European authorities over the weekend
announced the seizure of 27 different websites as part of
a much larger operation called Operation Onymous,
which led to take-down of more than "410 hidden
services" that sell illegal goods and services from drugs
to murder-for-hire assassins by masking their identities
using the Tor encryption network.
• This globally-coordinated take down is the combined
efforts of 17 nations which includes the law enforcement
agencies in the U.S. and 16 member nations of Europol.
The operation led to the arrest of 17 people, operators of
darknet websites and the seizure of $1 million in Bitcoin,
180,000 Euros in cash, drugs, gold and silver.
11/26/2014 7
9. • Home Depot announced that approximately
53 million email addresses were stolen in the
data breach that was confirmed by the
company in early September and, later that
month, was revealed by the retailer to have
put roughly 56 million unique payment cards
at risk.
• The criminals were able to get the malware
onto Home Depot's network by using a third-party
vendor's username and password and
then elevating their rights until they had
access to the retailer's point-of-sale (POS)
devices, the release indicates
11/26/2014 9
10. • Hackers thought to be working for the
Russian government breached the
unclassified White House computer networks
in recent weeks, sources said, resulting in
temporary disruptions to some services while
cybersecurity teams worked to contain the
intrusion
• The FBI, Secret Service and National
Security Agency are all involved in the
investigation. White House officials are not
commenting on who was behind the
intrusion or how much data, if any, was
taken.
11/26/2014 10
11. • The security of card processing systems
relating to food, beverage and retail sales at
the Cape May-Lewes Ferry was
compromised and data from certain credit
and debit cards used from Sept. 20, 2013 to
Aug. 7 may be at risk.
• Roughly 60,000 transactions were impacted
11/26/2014 11
13. Russian Hackers use Windows 0-
Day exploit to hack NATO, Ukraine
• Russian Hackers, dubbed the "sandworm
team", have been found exploiting a
previously unknown vulnerability in
Microsoft's Windows Operating systems,
reports iSight.
• The group has used this zero-day exploit to
hack computers used by NATO, Ukraine
Government, European Telecommunications
firms, Energy sectors and US academic
organization.
• The vulnerability is reportedly affecting all
versions of the windows operating systems
from Vista SP1 to Windows 8.1. It also
affects Windows servers 2008 and 2012.
11/26/2014 13
14. • The U.S. government is reportedly using spy
airplanes equipped with special military-grade
snooping equipment to eavesdrop on cell
phone information from millions of smartphone
users in U.S, according to a new report.
• This little device, nicknamed "Dirtbox", is
being used to mimic mobile phone tower
transmissions from the sky and gather data
from millions of mobile phones, helping the US
Marshals Service track criminals while
recording innocent citizens’ information.
• The purpose of the device is supposedly to
track a specific target, but if active, all mobile
devices in the particular area will respond to
the signal. The Dirtbox causes smartphones to
transmit back the users’ location, registration
information and identity data – uniquely
identifying IMEI numbers stored in every
mobile device, The Wall Street Journal
reported.
11/26/2014 14
15. • Automated attacks began compromising
Drupal 7 websites that were not patched or
updated to Drupal 7.32 within hours of the
announcement of SA-CORE-2014-005 –
Drupal core – SQL injection. You should
proceed under the assumption that every
Drupal 7 website was compromised unless
updated or patched before October 15, 11pm
UTC, that is seven hours after the
announcement," the Drupal security
announcement said.
11/26/2014 15
17. • XDA Developers hacker who go by the name
DJAmol has found a wide open hole in OS
Windows Phone 8.1 which makes the
operating system very easy to hack. The
vulnerability allows attackers to run their
application with other user's privileges and
edit the registry.
• DJAmol realized that simply by replacing the
contents of a trusted OEM app that has been
transferred over to the SD card, the app will
inherit the privileges of the original app.
Once done, an attacker could then delete the
existing directory and create a new directory
with the same name as the original App.
11/26/2014 17
18. • The National Institute of Standards and
Technology (NIST) is warning users of a
newly discovered Zero-Day flaw in the
Samsung Find My Mobile service, which fails
to validate the sender of a lock-code data
received over a network.
• The vulnerability in Samsung’s Find My
Mobile feature was discovered by Mohamed
Abdelbaset Elnoby (@SymbianSyMoh), an
Information Security Evangelist from Egypt.
The flaw is a Cross-Site Request Forgery
(CSRF) that could allow an attacker to
remotely lock or unlock the device and even
make the device rings too.
11/26/2014 18
19. • WhatsApp, most popular messaging app with 600
Million users as of October 2014, has partnered
with Open Whisper Systems to boost its privacy
and security by implementing strong end-to-end
encryption on all text messages.
11/26/2014 19
20. • Users of Android operating system are
warned of a new variant of Android malware
Koler that spreads itself via text message
and holds the victim’s infected mobile phone
hostage until a ransom is paid.
• It locks the victim’s mobile screen and then
demands money from users with fake
notifications from law enforcement agencies.
• Once the device is infected by the Koler
variant, it will first send an SMS message to
all contacts in the device's address book with
a text stating, "Someone made a profile
named -[the contact's name]- and he
uploaded some of your photos! is that you?"
followed by a Bitly link, according to the
security firm.
11/26/2014 20
22. • The "Security Key" feature will currently work
on Chrome and will be free for Google users,
but the company also notes that the Security
Key is supporting the open Universal 2nd
Factor (U2F) protocol from the FIDO
Alliance, which will allow users to log in to
Google Accounts by inserting a USB device
into their systems.
11/26/2014 22
23. • Google's Security Team revealed that the
most widely used web encryption standard
SSL 3.0 has a major security vulnerability
that could be exploited to steal sensitive
data. The flaw affects any product that
follows the Secure layer version 3, including
Chrome, Firefox, and Internet Explorer.
• Researchers dubbed the attack as
"POODLE," stands for Padding Oracle On
Downgraded Legacy Encryption, which
allows an attacker to perform a man-in-the-middle
attack order to decrypt HTTP
cookies. The POODLE attack can force a
connection to “fallback” to SSL 3.0, where it
is then possible to steal cookies, which are
meant to store personal data, website
11/2p6r/2e0f1e4rences or even passwords. 23
24. • The vulnerability (designated as CVE-2014-
6352) is triggered when a user is forced to
open a PowerPoint files containing a
malicious Object Linking and Embedding
(OLE) object. For now on, only PowerPoint
files are used by hackers to carry out
attacks, but all Office file types can also be
used to carry out same attack.
11/26/2014 24
26. • The open source tool, dubbed as Nogotofail,
has been launched by the technology giant in
sake of a number of vulnerabilities discovered
in the implementation of the transport layer
security, from the most critical Heartbleed bug
in OpenSSL to the Apple's gotofail bug to the
recent POODLE bug in SSL version 3.
• Nogotofail tool, written by Android engineers
Chad Brubaker, Alex Klyubin and Geremy
Condra, works on devices running Android,
iOS, Linux, Windows, Chrome OS, OS X, and
“in fact any device you use to connect to the
Internet.” The tool can be deployed on a router,
a Linux machine, or a VPN server.
• https://github.com/google/nogotofail
11/26/2014 26
27. • OpenSOC integrates a variety of open
source big data technologies in order
to offer a centralized tool for security
monitoring and analysis. OpenSOC
provides capabilities for log
aggregation, full packet capture
indexing, storage, advanced
behavioral analytics and data
enrichment, while applying the most
current threat intelligence information
to security telemetry within a single
platform.
11/26/2014 27
28. • Google today released security testing
tool Firing Range, a Java application
that contains a wide range of XSS and
a few other web vulnerabilities. A
deployed version is available on
Google App Engine.
• The company has used Firing Range
itself both as a continuous testing aid
and as a driver for its own
development by “defining as many bug
types as possible, including some that
we cannot detect (yet!).”
11/26/2014 28
38. • Microsoft has bought Israeli cloud security firm
Aorato for an undisclosed sum ($200 Million
???)
• US-based software security firm Cigital has
acquired Bangalore-based iViz Security
• CensorNet, the next generation cloud security
company, has been acquired in a closed deal by
a group of industry veterans, led by new CEO
and chairman, Ed Macnair.
• Raytheon Buys Cyber Security Firm Blackbird
for $420 Million
11/26/2014 38
40. • The anonabox is an embedded linux device
that routes all Internet traffic over the Tor
network. This provides the security,
anonymity and censorship-bypassing power
of the Tor network without having to
download or configure software. This is the
first commercially available router to do this
where all the software is Open Source.
11/26/2014 40
