The document provides a summary of recent hacking and cybersecurity news. It discusses hacks of the NSA and a Ukrainian government customs database that stole classified data. It also mentions the rise of ransomware attacks, a hacking tool called USB Kill that can destroy computers, and issues with the mobile game Pokemon Go accessing locations deemed sacred in some religions. The document provides links to additional information on these and other topics like exploited Linux vulnerabilities and tips for secure Python coding.
2. About Me:-
1)Blogger on www.deltaheads.com
2)Information Security Enthusiast
3)Computer Networking Geek
4) Sad but True I am an Engineer.
Follow me on twitter @JaskaranNarula
3. Major Hacks of the Month
● NSA Got HAcked --- What When how Who and why??.
● PIL Filed Against Pokemon Go In India for hurting relegious
sentiments.
● USB KILL to destory pc in Secounds.
● ’Alarming' rise in Ransomwares Attacks.
● Customs Services of Ukraine Government Hacked By Anonymous,
1 GB of Classified Data Stolen.
4. NSA Got Hacked !! What? When?How?Who
and Why??
The Shadow brokers Demanded for around 1Million Bitcoins nearly
around $568Million dollars.
Although news over the web is the hack was never proven actually,
Files were realised on "Github" but were down in a mater of time
because of the company policies, which says they can keep "Stealed"
products on the platform.
5. Exploits by Shadow Brokers
Here are some latest Exploits by this hacking group, moreover this group
has released the tools on “Github” after the NSA Hacking case happened.
Here is the link to view there exploits in details
https://www.exploit-db.com/author/?a=8712
6. PIL Filed Against Pokemon Go In India
for hurting Relegious Sentiments.
A Gujarat resident, Alay Anil Dave
has recently filed a Public Interest
Litigation (PIL) in the Gujarat High
Court against Niantic, developers of
Pokémon Go, over allegations that the
game is hurting religious sentiments of
Hindus and Jains by showing virtual
eggs in places of worship of different
religious groups.
This game is reported to have almost as many daily active users on Twitter.
And Due to this ban on Pokemon many Third Party Apps are Released which resemble
to the game but are actually for the purpose for Hacking your Cell phone
Popularly Know as “Pokemon Go Ransomware”.
7. USB KILL to Destroy Computers in
“Seconds”.
● As the company explains, when plugged in, the USB Kill 2.0 stick
rapidly charges its capacitors via the USB power supply, and then
discharges – all in a matter of seconds.
● The USB stick discharges 200 volts DC power over the data lines of
the host machine and this charge-and-discharge cycle is repeated
several numbers of times in just one second, until the USB Kill stick is
removed.
8. ‘Alarming’ rise in Ransomwares
Attacks
A Canadian university has paid
hackers to restore access to data
they had turned into the digital
equivalent of gibberish.
The University of Calgary transferred
20,000 Canadian dollars-worth of
bitcoins ($15,780; £10,840) after it was
unable to unwind damage caused by a
type of attack known as
ransomware.The malware caused
emails and other files to become
encrypted.
9. Customs Services of Ukraine Government Hacked
By Anonymous, 1 GB of Classified Data Stolen.
● Anonymous Hacker Group now Targeted Ukraine Government, hacked
there "DataBase" and Stole of Over 1GB of Classified Data from There
Severs.
● During this round of cyber attack the main target was the Customs
department of Ukraine. In their press release Anonymous took
responsibility of performing onerous attack on CUSTOMS.GOV.UA
also.
● In This Cyber Attack many Gov Documents were hacked from the
server and were made public of the Ukraine, All these paper revealed
the scams of corruption cases running internally in the gov. Said by
Anonymous.
10. Interesting Bits
● Brazzers.com got Hacked Exposes 800,000 email IDs and Password.
After Brazzers got hacked, AshleyMadison.com, a Canadian dating website, was also
hacked by a vigilante hacking group. During that attack, more than 37 million user
accounts’ details were leaked.
https://www.hackread.com/brazzers-hacked-80k-accounts-leaked/
● Luabot Malware Turning Linux Based IoT Devices into DDoS Botnet.
The IT security researchers at MalwareMustDie have discovered a malware that is
capable of infecting Linux-based Internet of Things (IoT) devices and web servers to
launch DDoS (Distributed Denial of Service) attacks.
https://www.hackread.com/luabot-malware-ddos-linux-iot-devices/
11. Power Shell on Linux -Open Source
To Read more about and find the refered links this Blogpost can help you,
This post containes all the important links listed as in,
http://www.hanselman.com/blog/AnnouncingPowerShellOnLinuxPowerShe
llIsOpenSource.aspx
This Project is posted in Github as well:-
https://github.com/PowerShell/PowerShell
Official Page for Power Shell.
http://microsoft.com/powershell
12. Python tips and tricks :
what not to do when writing secure python code:-
1) https://access.redhat.com/blogs/766093/posts/2592591
2) https://pythontips.com/
Bits for Coders and Programmers:-
Interesting Password Reset Exploit :-
OpenCFP is an open source conference talk submission system written in PHP. It is
used by lots of conferences, including for example Immunity’s Infiltrate conference and
others. This is a short write-up of a bug that I found while auditing OpenCFP, although
the issue actually resides in a third-party auth framework used by OpenCFP called
Sentry which is developed by Cartalyst. Despite being deprecated, Sentry appears to be
quite popular so this bug is very likely to affect a number of other applications too.
http://haxx.ml/post/149975211631/how-i-hacked-your-cfp-and-probably-some-other
13. Most Important - Tips About Working in #Infosec
There Is this one common problem that is being faced by the beginners that :
1) From Where to Start ?
2) How to Start ?
3) With what to start with ?
4)What all things are needed to start ?
5) Are Certification important to start with ?
6) Do we need “Money” to start ?
In Short that most of us have searched on Google this thing..
“ How to Become a HACKER ? ”
So for this problem we have a simple solution to practice with.
Here, are some Blogs that might help you to understand in more depth about the issue that
you are facing and what best solution you can get from these blogposts or from
Null_Meet_up as well.
● https://lcamtuf.blogspot.in/2016/08/so-you-want-to-work-in-security-but-are.html
● https://medium.freecodecamp.com/so-you-want-to-work-in-security-bc6c10157d23