🔐 How to install the SIPp testing tool on Ubuntu Server 18.04 🔐
📖 Read
via "Security on TechRepublic".
If you need to stress test your VOIP (or other SIP telephone systems) installation, there's an open source tool for that—SIPp.📖 Read
via "Security on TechRepublic".
TechRepublic
How to install the SIPp testing tool on Ubuntu Server 18.04
If you need to stress test your VOIP (or other SIP telephone systems) installation, there's an open source tool for that—SIPp.
🕴 Guilty Plea Made in Massive International Cell Phone Fraud Case 🕴
📖 Read
via "Dark Reading: ".
A former West Palm Beach resident is the fifth defendant to plead guilty in a case involving thousands of victims.📖 Read
via "Dark Reading: ".
Dark Reading
Guilty Plea Made in Massive International Cell Phone Fraud Case
A former West Palm Beach resident is the fifth defendant to plead guilty in a case involving thousands of victims.
🕴 What You Should Know About Grayware (and What to Do About It) 🕴
📖 Read
via "Dark Reading: ".
Grayware is a tricky security problem, but there are steps you can take to defend your organization when you recognize the risk.📖 Read
via "Dark Reading: ".
Darkreading
What You Should Know About Grayware (and What to Do About It)
Grayware is a tricky security problem, but there are steps you can take to defend your organization when you recognize the risk.
🕴 Dropbox Teams with Israeli Security Firm Coronet 🕴
📖 Read
via "Dark Reading: ".
The partnership is expected to improve threat detection for Dropbox while growing Coronet's user base.📖 Read
via "Dark Reading: ".
Dark Reading
Dropbox Teams with Israeli Security Firm Coronet
The partnership is expected to improve threat detection for Dropbox while growing Coronet's user base.
<b>⌨ Bug Bounty Hunter Ran ISP Doxing Service ⌨</b>
<code>A Connecticut man who’s earned bug bounty rewards and public recognition from top telecom companies for finding and reporting security holes in their Web sites secretly operated a service that leveraged these same flaws to sell their customers’ personal data, KrebsOnSecurity has learned.</code><code>In May 2018, ZDNet ran a story about the discovery of a glaring vulnerability in the Web site for wireless provider T-Mobile that let anyone look up customer home addresses and account PINs. The story noted that T-Mobile disabled the feature in early April after being alerted by a 22-year-old “security researcher” named Ryan Stevenson, and that the mobile giant had awarded Stevenson $1,000 for reporting the discovery under its bug bounty program.</code><code>Media</code><code>The Twitter account @phobia, a.k.a. Ryan Stevenson. The term “plug” referenced next to his Twitch profile name is hacker slang for employees at mobile phone stores who can be tricked or bribed into helping with SIM swap attacks.</code><code>Likewise, AT&T has recognized Stevenson for reporting security holes in its services. AT&T’s bug bounty site lets contributors share a social media account or Web address where they can be contacted, and in Stevenson’s case he gave the now-defunct Twitter handle “@Phoobia.”</code><code>Stevenson’s Linkedin profile — named “Phobias” — says he specializes in finding exploits in numerous Web sites, including hotmail.com, yahoo.com, aol.com, paypal.com and ebay.com. Under the “contact info” tab of Stevenson’s profile it lists the youtube.com account of “Ryan” and the Facebook account “Phobia” (also now deleted).</code><code>Coincidentally, I came across multiple variations on this Phobia nickname as I was researching a story published this week on the epidemic of fraudulent SIM swaps, a complex form of mobile phone fraud that is being used to steal millions of dollars in cryptocurrencies.</code><code>Unauthorized SIM swaps also are often used to hijack so-called “OG” user accounts — usually short usernames on top social network and gaming Web sites that are highly prized by many hackers because they can make the account holder appear to have been a savvy, early adopter of the service before it became popular and before all of the short usernames were taken. Some OG usernames can be sold for thousands of dollars in underground markets.</code><code>This week’s SIM swapping story quoted one recent victim who lost $100,000 after his mobile phone number was briefly stolen in a fraudulent SIM swap. The victim said he was told by investigators in Santa Clara, Calif. that the perpetrators of his attack were able to access his T-Mobile account information using a specialized piece of software that gave them backdoor access to T-Mobile’s customer database.</code><code>Both the Santa Clara investigators and T-Mobile declined to confirm or deny the existence of this software. But their non-denials prompted me to start looking for it on my own. So naturally I began searching at ogusers-dot-com, a forum dedicated to the hacking, trading and sale of OG accounts. Unsurprisingly, ogusers-dot-net also has traditionally been the main stomping grounds for many individuals involved in SIM swapping attacks.</code><code>It didn’t take long to discover an account on ogusers-dot-com named “Ryan,” who for much of 2018 has advertised a number of different “doxing” services — specifically those aimed at finding the personal information of customers at major broadband and telecom companies.</code><code>In some of Ryan’s sales threads, fellow forum members refer to him as “Phob” or “Phobs.” In a post on May 27, Ryan says he’s willing to pay or trade for OG accounts under the name “Ryan,” “Ryans”, “RS,” “RMS” or “Stevenson” on any decent sized popular Web site. “hmu [hit me up] in a pm [private message] to talk,” Ryan urged fellow forum members.</code><code>Media</code><code>The OG User forum…
<code>A Connecticut man who’s earned bug bounty rewards and public recognition from top telecom companies for finding and reporting security holes in their Web sites secretly operated a service that leveraged these same flaws to sell their customers’ personal data, KrebsOnSecurity has learned.</code><code>In May 2018, ZDNet ran a story about the discovery of a glaring vulnerability in the Web site for wireless provider T-Mobile that let anyone look up customer home addresses and account PINs. The story noted that T-Mobile disabled the feature in early April after being alerted by a 22-year-old “security researcher” named Ryan Stevenson, and that the mobile giant had awarded Stevenson $1,000 for reporting the discovery under its bug bounty program.</code><code>Media</code><code>The Twitter account @phobia, a.k.a. Ryan Stevenson. The term “plug” referenced next to his Twitch profile name is hacker slang for employees at mobile phone stores who can be tricked or bribed into helping with SIM swap attacks.</code><code>Likewise, AT&T has recognized Stevenson for reporting security holes in its services. AT&T’s bug bounty site lets contributors share a social media account or Web address where they can be contacted, and in Stevenson’s case he gave the now-defunct Twitter handle “@Phoobia.”</code><code>Stevenson’s Linkedin profile — named “Phobias” — says he specializes in finding exploits in numerous Web sites, including hotmail.com, yahoo.com, aol.com, paypal.com and ebay.com. Under the “contact info” tab of Stevenson’s profile it lists the youtube.com account of “Ryan” and the Facebook account “Phobia” (also now deleted).</code><code>Coincidentally, I came across multiple variations on this Phobia nickname as I was researching a story published this week on the epidemic of fraudulent SIM swaps, a complex form of mobile phone fraud that is being used to steal millions of dollars in cryptocurrencies.</code><code>Unauthorized SIM swaps also are often used to hijack so-called “OG” user accounts — usually short usernames on top social network and gaming Web sites that are highly prized by many hackers because they can make the account holder appear to have been a savvy, early adopter of the service before it became popular and before all of the short usernames were taken. Some OG usernames can be sold for thousands of dollars in underground markets.</code><code>This week’s SIM swapping story quoted one recent victim who lost $100,000 after his mobile phone number was briefly stolen in a fraudulent SIM swap. The victim said he was told by investigators in Santa Clara, Calif. that the perpetrators of his attack were able to access his T-Mobile account information using a specialized piece of software that gave them backdoor access to T-Mobile’s customer database.</code><code>Both the Santa Clara investigators and T-Mobile declined to confirm or deny the existence of this software. But their non-denials prompted me to start looking for it on my own. So naturally I began searching at ogusers-dot-com, a forum dedicated to the hacking, trading and sale of OG accounts. Unsurprisingly, ogusers-dot-net also has traditionally been the main stomping grounds for many individuals involved in SIM swapping attacks.</code><code>It didn’t take long to discover an account on ogusers-dot-com named “Ryan,” who for much of 2018 has advertised a number of different “doxing” services — specifically those aimed at finding the personal information of customers at major broadband and telecom companies.</code><code>In some of Ryan’s sales threads, fellow forum members refer to him as “Phob” or “Phobs.” In a post on May 27, Ryan says he’s willing to pay or trade for OG accounts under the name “Ryan,” “Ryans”, “RS,” “RMS” or “Stevenson” on any decent sized popular Web site. “hmu [hit me up] in a pm [private message] to talk,” Ryan urged fellow forum members.</code><code>Media</code><code>The OG User forum…
🕴 Inside CSAW, a Massive Student-Led Cybersecurity Competition 🕴
📖 Read
via "Dark Reading: ".
Nearly 400 high school, undergraduate, and graduate students advance to the final round of New York University's CSAW games.📖 Read
via "Dark Reading: ".
Dark Reading
Inside CSAW, a Massive Student-Led Cybersecurity Competition
Nearly 400 high school, undergraduate, and graduate students advance to the final round of New York University's CSAW games.
❌ Recently-Patched Adobe ColdFusion Flaw Exploited By APT ❌
📖 Read
via "Threatpost | The first stop for security news".
The critical vulnerability, which was patched earlier in September, has put ColdFusion servers at risk.📖 Read
via "Threatpost | The first stop for security news".
Threat Post
Recently-Patched Adobe ColdFusion Flaw Exploited By APT
The critical vulnerability, which was patched earlier in September, has put ColdFusion servers at risk.
❌ Lawsuits Aim Billions in Fines at Equifax and Ad-Targeting Companies ❌
📖 Read
via "Threatpost | The first stop for security news".
The results could start a wave of major damages for companies that collect and sell consumer information.📖 Read
via "Threatpost | The first stop for security news".
Threat Post
Lawsuits Aim Billions in Fines at Equifax and Ad-Targeting Companies
The results could start a wave of major damages for companies that collect and sell consumer information.
ATENTION‼ New - CVE-2017-17550
📖 Read
via "National Vulnerability Database".
ZyXEL ZyWALL USG 2.12 AQQ.2 and 3.30 AQQ.7 devices are affected by a CSRF vulnerability via a cgi-bin/zysh-cgi cmd action to add a user account. This account's access could, for example, subsequently be used for stored XSS.📖 Read
via "National Vulnerability Database".
🔐 Eight reasons more CEOs will be fired over cybersecurity breaches 🔐
📖 Read
via "Security on TechRepublic".
Security is everyone's problem, but CEOs should make sure their organisation doesn't block its success. Gartner offers eight situations for CEOs to avoid if a breach occurs within their organisation.📖 Read
via "Security on TechRepublic".
TechRepublic
Eight reasons more CEOs will be fired over cybersecurity breaches
Security is everyone's problem, but CEOs should make sure their organisation doesn't block its success. Gartner offers eight situations for CEOs to avoid if a breach occurs within their organisation.
⚠ Monday review – the hot 21 stories of the week ⚠
📖 Read
via "Naked Security".
From the 'Martinelli' WhatsApp hoax to Facebook wanting to give your name to the weirdo next to you, and everything in between. Catch up with this and everything we wrote in the last seven days - it's weekly roundup time!📖 Read
via "Naked Security".
Naked Security
Monday review – the hot 21 stories of the week
From the ‘Martinelli’ WhatsApp hoax to Facebook wanting to give your name to the weirdo next to you, and everything in between. Catch up with this and everything we wrote in the last se…
⚠ Microsoft mistake leaves Windows 10 users fuming ⚠
📖 Read
via "Naked Security".
Microsoft Windows 10 users were livid late last week after Microsoft mistakenly told them that their licenses were invalid.📖 Read
via "Naked Security".
⚠ Terrorists told to hijack social media accounts to spread propaganda ⚠
📖 Read
via "Naked Security".
Facebook has removed 14 million pieces of content dubbed likely to come from terrorists, as determined by new machine learning technology📖 Read
via "Naked Security".
Naked Security
Terrorists told to hijack social media accounts to spread propaganda
Facebook has removed 14 million pieces of content dubbed likely to come from terrorists, as determined by new machine learning technology
⚠ Botnet pwns 100,000 routers using ancient security flaw ⚠
📖 Read
via "Naked Security".
Researchers have stumbled on another large botnet that’s been hijacking home routers while nobody was paying attention.📖 Read
via "Naked Security".
Naked Security
Botnet pwns 100,000 routers using ancient security flaw
Researchers have stumbled on another large botnet that’s been hijacking home routers while nobody was paying attention.
⚠ Headmaster fired over cryptocoin mining on the school’s dime ⚠
📖 Read
via "Naked Security".
O, that constant whirring noise? And the sky-high electricity bill? Why, it's those darn air conditioners and heaters!📖 Read
via "Naked Security".
Naked Security
Headmaster fired over cryptocoin mining on the school’s dime
O, that constant whirring noise? And the sky-high electricity bill? Why, it’s those darn air conditioners and heaters!
🕴 'CARTA': A New Tool in the Breach Prevention Toolbox 🕴
📖 Read
via "Dark Reading: ".
Gartner's continuous adaptive risk and trust assessment for averting a data breach addresses the shortcomings of static security programs.📖 Read
via "Dark Reading: ".
Darkreading
'CARTA': A New Tool in the Breach Prevention Toolbox
Gartner's continuous adaptive risk and trust assessment for averting a data breach addresses the shortcomings of static security programs.
❌ New Boom in Facial Recognition Tech Prompts Privacy Alarms ❌
📖 Read
via "Threatpost | The first stop for security news".
Tech advances are accelerating the use of facial recognition as a reliable and ubiquitous mass surveillance tool, privacy advocates warn.📖 Read
via "Threatpost | The first stop for security news".
Threat Post
New Boom in Facial Recognition Tech Prompts Privacy Alarms
Tech advances are accelerating the use of facial recognition as a reliable and ubiquitous mass surveillance tool, privacy advocates warn.
❌ Malware-Laced App Lurked on Google Play For a Year ❌
📖 Read
via "Threatpost | The first stop for security news".
Google Play’s policy prohibits apps or SDKs that download executable code, such as dex files or native code, from a source other than Google Play📖 Read
via "Threatpost | The first stop for security news".
Threat Post
Malware-Laced App Lurked on Google Play For a Year
Google Play’s policy prohibits apps or SDKs that download executable code, such as dex files or native code, from a source other than Google Play
⚠ How to fit all of Shakespeare in one tweet (and why not to do it!) ⚠
📖 Read
via "Naked Security".
A security researcher squoze 1,299,999 words into a single tweet, thanks to image metadata that Twitter doesn't remove.📖 Read
via "Naked Security".
Naked Security
How to fit all of Shakespeare in one tweet (and why not to do it!)
A security researcher squoze 1,299,999 words into a single tweet, thanks to image metadata that Twitter doesn’t remove.
❌ U.S. Chip Cards Are Being Compromised in the Millions ❌
📖 Read
via "Threatpost | The first stop for security news".
A full 60 million U.S. cards were compromised in the past 12 months. While 93 percent of those were EMV chip-enabled, merchants continued to use mag stripes.📖 Read
via "Threatpost | The first stop for security news".
Threat Post
U.S. Chip Cards Are Being Compromised in the Millions
A full 60 million U.S. cards were compromised in the past 12 months. Of those, 93 percent were EMV chip-enabled — but merchants continue to use mag stripes.
🔐 How CIOs can manage blockchain security: 4 tips 🔐
📖 Read
via "Security on TechRepublic".
By 2020, an exploited vulnerability will disrupt a major blockchain platform, causing significant damage, Gartner predicts. Here's how to protect your blockchain efforts.📖 Read
via "Security on TechRepublic".
TechRepublic
How CIOs can manage blockchain security: 4 tips
By 2020, an exploited vulnerability will disrupt a major blockchain platform, causing significant damage, Gartner predicts. Here's how to protect your blockchain efforts.