exploits

now browsing by tag

 
 

Exploits Released for As-Yet Unpatched Critical …

Source: National Cyber Security – Produced By Gregory Evans Organizations need to apply mitigations for vulnerability in Citrix Application Delivery Controller and Citrix Gateway ASAP, security researchers say. Organizations that have not yet applied recommended mitigations for a recently disclosed remotely exploitable flaw in the Citrix Application Delivery Controller (ADC) and Citrix Gateway products now […] View full post on AmIHackerProof.com

EternalRocks Worm Exploits 7 NSA Hacking Tools

Source: National Cyber Security – Produced By Gregory Evans

EternalRocks Worm Exploits 7 NSA Hacking Tools

Cyber security researchers have identified a potential WannaCry successor WannaCry looks to have a successor born out of the use of seven allegedly leaked NSA SMB (Server Message Block) hacking tools rather than two. Dubbed EternalRocks, the malware in the form of a worm was discovered by Miroslav Stampar, a member of the Coratian Government’s CERT (computer emergency response team), …

The post EternalRocks Worm Exploits 7 NSA Hacking Tools appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

50% malware exploits in India occurred in the last 3 months of 2016: Report

Source: National Cyber Security – Produced By Gregory Evans

50% malware exploits in India occurred in the last 3 months of 2016: Report

Indian firms were highly vulnerable to cyber attacks in the period following demonetisation with close to 50% of the attacks happening in the last three months of 2016, a report published by Fortinet points out. The research report said that the last two weeks in December, 2016 recorded a very high level of threat activity following the push towards a …

The post 50% malware exploits in India occurred in the last 3 months of 2016: Report appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Obama Lets NSA Use Zero-Day Exploits by labeling it as ‘National Security Need’

On Saturday, the Senior Administration Officials cast light on the subject of Internet Security and said President Obama has clearly decided that whenever the U.S. Intelligence agency like NSA discovers major vulnerabilities, in most of the situations the agency should reveal them rather than exploiting for national purpose, according to The New York Times.OBAMA’s POLICY WITH LOOPHOLE FOR NSAYet, there is an exception to the above statement, as Mr. President carved a detailed exception to the policy “Unless there is a clear national security or law enforcement need,” which means that the policy creates a loophole for the spying agencies like NSA to sustain their surveillance programs by exploiting security vulnerabilities to create Cyber Weapons.After three-month review of recommendations [PDF-file], the Final Report of the Review Group on Intelligence and Communications Technologies was submitted to Mr. Obama on last December, out of which one of the recommendation on page no. 37 states that, “In rare instances, US policy may briefly authorize using a Zero Day for high priority intelligence collection, following senior, interagency review involving all appropriate departments.”Obama took this new decision in January this year, but the elements of decision disclosed just one day after the story of HeartBleed OpenSSL Security Bug broke last week and Bloomberg reported that the NSA may have known about the flaw for last two years and using it continuously to gain information instead of disclosing it.The Office of the Director of National Intelligence (ODNI) released a statement on Friday in response to the Bloomberg report saying NSA was not aware of Heartbleed until it was made public.The ODNI report concludes, “In response to the recommendations of the President’s Review Group on Intelligence and Communications Technologies, the White House has reviewed its policies in this area and reinvigorated an interagency process for deciding when to share vulnerabilities. This process is called the Vulnerabilities Equities Process. Unless there is a clear national security or law enforcement need, this process is biased toward responsibly disclosing such vulnerabilities,” that coincides with above stated recommendation.PURCHASED ZERO DAYS, AGAINST ANYONE-ANYTIMEAs we already know, U.S. government is the biggest buyer of cyber weapons and Zero-Day exploits, those NSA and FBI are using from last many years to compromise the Internet for spying on the whole world. In NSA’s exploit archive there could be more than 50 percent of purchased exploits, and without any doubt we can label it as ‘National Security or Law Enforcement Needs’. Thanks for above exceptional recommendation, the use of Zero-day exploits are now enough legal against anyone-anytime.Review Group report also mentions, “US policy should generally move to ensure that Zero Days are quickly blocked, so that the underlying vulnerabilities are patched on US Government and other networks.”

 

In March, Edward Snowden files revealed that the National Security Agency conducted a major offensive cyber operation called “Operation Shotgiant” against the Chinese government and networking company Huawei, in early 2009 and also accused for stealing the source codes for certain products.

Source: http://whogothack.blogspot.co.uk/2014/04/obama-lets-nsa-use-zero-day-exploits-by.html#.VkfBl1UrLIU

The post Obama Lets NSA Use Zero-Day Exploits by labeling it as ‘National Security Need’ appeared first on Am I Hacker Proof.

View full post on Am I Hacker Proof

Cyberspies love exploits from Hacking Team leak

Source: National Cyber Security – Produced By Gregory Evans

The leaked files from surveillance software maker Hacking Team have proven to be a great resource for cyberespionage groups, which have used at least two Flash Player exploits from the company’s arsenal. Last Tuesday, security researchers from security firm FireEye detected targeted attacks against organizations in Japan, with the attackers using an exploit for CVE-2015-5122, a Flash Player vulnerability patched by Adobe Systems that same day. The vulnerability was publicly known before that date because an exploit for it was found in the 400GB data cache recently leaked by a hacker from Milan-based Hacking Team. An unknown hacker broke into the computer network of Hacking Team, a company that sells computer surveillance software and intrusion tools to government agencies worldwide. The attacker released email communications, client lists, files, source code, documentation and previously unknown software exploits. The group of attackers that targeted the Japanese organizations did so through strategic Web compromises, also known as watering hole attacks. The tactic involves compromising websites that are typically visited by organizations from particular industries. Two websites compromised in this case belonged to Japan’s International Hospitality and Conference Service Association (IHCSA) and Cosmetech, a Japanese cosmetics company. Once victims visited those websites, malicious scripts […]

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

The post Cyberspies love exploits from Hacking Team leak appeared first on National Cyber Security.

View full post on National Cyber Security

New free tool detects Hacking Team exploits

Source: National Cyber Security – Produced By Gregory Evans

A security company has released a free tool to users who suspect they may be a victim of Hacking Team’s exploit cache. Hacking Team is a secretive Milan-based firm which specializes in the sale of surveillance tools, malware and exploits to governments, law enforcement and private firms worldwide. The firm hit the spotlight in recent times after becoming the victim of a cyberattack, in which a hacker walked away with over 400 gigabytes in stolen corporate data. The investigation is yet to reveal who is responsible for the data breach — although suspicions have turned toward the possibility of an insider job. Among leaked financial reports, customer lists and service presentations, emails detailing zero-day exploits and proof-of-concept examples are being analyzed as researchers dig through the firm’s stolen data. Software vendors are racing to patch previously unknown vulnerabilities in their systems. Adobe andMicrosoft, among others, have issued security patches to make Hacking Team’s exploits and tools obsolete. In the meantime, users are left to wonder if they have been infected with Hacking Team malware, of which some tools are so virulent they stay on a system even after hard disk wipes and removals. Researchers at Rook Security have decided to […]

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

The post New free tool detects Hacking Team exploits appeared first on National Cyber Security.

View full post on National Cyber Security

Former world’s most wanted hacker Kevin Mitnick now sells zero-day exploits

Former world’s most wanted hacker Kevin Mitnick now sells zero-day exploits

Kevin Mitnick, a famous (former) hacker who is now a security consultant, has ventured into a new business: buying and selling high-end zero-day exploits. Dubbed Absolute Zero Day Exploit Exchange, the six-month-old service sells exclusive unpatched exploits to corporate as […]

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

View full post on National Cyber Security

Bitcoin Malware Attack Exploits Russia-Ukraine Crisis

Source: National Cyber Security – Produced By Gregory Evans

Bitcoin Malware Attack Exploits Russia-Ukraine Crisis

A hacker group is trying to leverage the ongoing conflict between Russia and Ukraine as it distributes malware that is capable of targeting bitcoin wallets. A report by Bitdefender Labs, a cybersecurity firm that focuses on the digital currency market, […]

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

The post Bitcoin Malware Attack Exploits Russia-Ukraine Crisis appeared first on National Cyber Security.

View full post on National Cyber Security