Windows 7 & 8 are phoning home just like Windows 10 does, weaponized drones are now legal in the USA, and Agora, the site for selling narcotics, takes a vacation.   Links: http://arstechnica.com/information-technology/2015/08/microsoft-accused-of-adding-spy-features-to-windows-7-8/ https://thehackernews.com/2015/08/windows-spying-on-you.html https://support.microsoft.com/en-us/kb/3022345   http://readwrite.com/2015/08/26/drone-law-north-dakota-weaponizing http://www.thedailybeast.com/articles/2015/08/26/first-state-legalizes-armed-drones-for-cops-thanks-to-a-lobbyist.html   http://www.wired.com/2015/08/agora-dark-webs-biggest-drug-market-going-offline/   Thumbnail credit: https://upload.wikimedia.org/wikipedia/commons/d/d0/Luftwaffe_99-01_RQ-4B_EuroHawk_ILA_2012_1.jpg

Read more

The White House is backing the new cybersecurity bill, the FTC can now sue companies for getting hacked, and robocalls are being blocked by a robokiller! All that coming up now on Threat Wire.   Links:   https://threatpost.com/white-house-support-for-cisa-worries-privacy-advocates/114383 http://thehill.com/policy/cybersecurity/250241-white-house-endorses-senate-cyber-bill   http://www.wired.com/2015/08/court-says-ftc-can-slap-companies-getting-hacked/ http://www2.ca3.uscourts.gov/opinarch/143514p.pdf   http://arstechnica.com/information-technology/2015/08/robokiller-wins-ftc-prize-by-annihilating-robo-calls/ https://www.kickstarter.com/projects/485600868/robokiller-app-stop-telemarketing-robocalls-foreve/description   Thumbnail credit: https://upload.wikimedia.org/wikipedia/commons/e/e1/White_House_Washington.JPG

Read more

Suicides, extortion, and a $500,000 bounty for Impact Team… it’s gotten ugly at Ashley Madison.com. Amazon’s dropping Flash ads in September. China’s arrested 15,000 that “jeopardized Internet security” tho that does not mean what you think it means. Patch WordPress, there’s some nasty exploits. Some Android browsers have Zero Day flaws, and will Microsoft ever […]

Read more

Checking out Kali Linux 2.0 and cracking the Hack Across America challenge coin, this time on Hak5!   Download HD  |   Download MP4   — Kali Linux 2.0 —   BackTrack’s successor was Kali Linux (which we reviewed on episode 1408), an excellent tool for pentesters since forever. It’s been updated as of a few […]

Read more

BitTorrents are all the rage for DOS attacks, the IRS announces new breach numbers, and Microsoft is on a disabling rampage. All that coming up now on ThreatWire. Links: http://arstechnica.com/security/2015/08/how-bittorrent-could-let-lone-ddos-attackers-bring-down-big-sites/ https://www.usenix.org/system/files/conference/woot15/woot15-paper-adamsky.pdf   http://www.cnet.com/news/hackers-might-have-stolen-irs-data-on-more-than-300000-households/ http://arstechnica.com/security/2015/08/irs-estimate-of-tax-records-stolen-by-fraudsters-soars-to-over-300000/   http://www.alphr.com/microsoft/microsoft-windows-10/1001360/microsoft-can-disable-your-pirated-games-and-illegal-hardware https://www.microsoft.com/en-us/servicesagreement/   http://www.wired.com/2015/08/happened-hackers-posted-stolen-ashley-madison-data/   http://arstechnica.com/tech-policy/2015/08/company-pays-fcc-750000-for-blocking-wi-fi-hotspots-at-conventions/   http://www.wsj.com/article_email/target-reaches-settlement-with-visa-over-2013-data-breach-1439912013-lMyQjAxMTI1MDE1ODkxMjgzWj   Youtube Thumbnail credit: https://www.flickr.com/photos/68751915@N05/6757821397

Read more

This week Darren has a conversation with Chad Rikansrud about Mainframe vulnerabilities and Shannon gets to details on an amazing talk about using the USB Rubber Ducky while bypassing Enterprise Security. Download HD  |   Download MP4 Links: Mainframe Security – bigendiansmalls.com

Read more

The US Secretary of State is worried about China and Russia hacking his email. OwnStar is expanding to add BMW, Mercedes, and Chrysler virtual keys on iOS, Oracle’s Chief Security Office -and EULA- gets mocked for telling security researchers, “Don’t, Just Don’t,” and the NSA loves AT&T for the “ability to spy on vast quantities […]

Read more

A car hack is silenced in the US, Windows Mount Manager has a vulnerability (it’s been patched), and Square credit card readers are exploitable. All that coming up now on ThreatWire. Links: https://threatpost.com/microsoft-patches-usb-related-flaw-used-in-targeted-attacks/114240 http://arstechnica.com/security/2015/08/attackers-actively-exploit-windows-bug-that-uses-usb-sticks-to-infect-pcs/ https://threatpost.com/researchers-unveil-square-reader-mobile-pos-hacks/114187 http://arstechnica.com/security/2015/08/researchers-reveal-electronic-car-lock-hack-after-2-year-injunction-by-volkswagen/ http://www.cs.ru.nl/~rverdult/Dismantling_Megamos_Crypto_Wirelessly_Lockpicking_a_Vehicle_Immobilizer_Hash.pdf Youtube Thumbnail credit: https://www.flickr.com/photos/nedko/111901487

Read more

Automotive hacking is in its infancy, and already you can see a clear path to failure… just look at how Tesla responsds to hackers compared to Chrysler. Ars Technica calls it: Android updates are a complete failure when it comes to patching security flaws. Ubiquiti Networks makes awesome networking gear… and got taken for $46 […]

Read more

We’re celebrating our 10 year anniversary episode with some of our favorite bloopers! Get your beverages ready.   Download HD  |   Download MP4

Read more

Don’t click on links in email. Ever. Especially if they claim to be Windows 10 upgrade links, ‘cause CTB Locker Ransomware hurts. Does the latest TOR attack spell DOOM for privacy, or is it overrated and fairly easy to spoof? The U.S. Court of Appeals for the Seventh Circuit reversed a lower court decision tossing […]

Read more

A Bind Exploit Causes DOS Attacks, an Android Mediaserver Attack Crashes Phones, and TrackingPoint Sniper Rifles have a Wireless Hack. All that coming up now on ThreatWire. http://arstechnica.com/security/2015/07/major-flaw-could-let-lone-wolf-hacker-bring-down-huge-swath-of-internet/ https://www.isc.org/blogs/cve-2015-5477-an-error-in-handling-tkey-queries-can-cause-named-to-exit-with-a-require-assertion-failure/ http://arstechnica.com/security/2015/07/new-vulnerability-can-put-android-phones-into-permanent-vegetative-state/ http://blog.trendmicro.com/trendlabs-security-intelligence/trend-micro-discovers-vulnerability-that-renders-android-devices-silent/ http://www.wired.com/2015/07/hackers-can-disable-sniper-rifleor-change-target/ Thumbnail credit: https://upload.wikimedia.org/wikipedia/commons/c/c4/Precision_Guided_Firearm_Heads_Up_Display.jpg

Read more

The mother of all Android vulnerabilities, a safe running Windows XP is unsafe, and ZOMG Drones! All that coming up now on ThreatWire.   Android Text Message Hack: Stagefright   http://www.androidcentral.com/stagefright-exploit-what-you-need-know https://www.twilio.com/blog/2015/07/how-to-protect-your-android-device-from-stagefright-exploit.html https://github.com/WhisperSystems/TextSecure/issues/3817   Brink Smart Safe Hacking https://www.youtube.com/watch?v=mzD58OavYVY http://www.bishopfox.com/blog/2015/07/on-the-brink-of-a-robbery/ http://www.bishopfox.com/news/2015/06/def-con-23-hacking-smart-safes-on-the-brink-of-a-robbery/ http://webcache.googleusercontent.com/search?q=cache:Nf-lEGqozmEJ:www.bishopfox.com/news/2015/06/def-con-23-hacking-smart-safes-on-the-brink-of-a-robbery/+&cd=1&hl=en&ct=clnk&gl=us https://www.youtube.com/watch?v=Kq9LwFNM55k   ZOMG Drones http://hackaday.com/2015/07/22/no-mounting-a-gun-to-a-quadcopter-probably-isnt-illegal/ http://www.wsj.com/articles/next-step-for-drones-defending-against-them-1437645600?mod=WSJ_TechWSJD_moreTopStories http://www.computerworld.com/article/2951878/telematics/firewalls-cant-protect-todays-connected-cars.html   Thumbnail credit: Michael Mandiberg: https://www.flickr.com/photos/theredproject/10662464343/in/photostream/

Read more

Introducing the Hak5 LAN Turtle, and a site to site VPN with OpenVPN Access Server. All that and more, this time on Hak5. Download HD  |   Download MP4 Our newest edition to the Hak5 family of pentesting gear is the LAN Turtle, a covert tool for remote access, network scanning, and man-in-the-middle. It is covert […]

Read more

Follow up on our quick and dirty OpenVPN guide from last week with the final setup to getting it online and accessible from outside your LAN. Download HD  |   Download MP4 1. Setup Static IP 2. Configure Xen to start VM automatically 3. Port Forward ==Set Static IP== #SSH Into the Ubuntu OpenVPN Server ssh […]

Read more

The Impact Team says they’ve compromised Avid Life Media, owners of AshleyMadison.com… and they’re gonna expose all the accounts if the site isn’t shut down. The latest Hacking Team data revelation: a backdoor through the Google Play screening process. Worried about all the Hacking Team malware? Rook Security has a free tool, and tips on […]

Read more

Your weekly hacking team update, Flash is patched and dumped all on the same day, and United gives out one million miles for an exploit. All that coming up now on Threat Wire. Links: https://threatpost.com/hacking-team-promises-to-rebuild-controversial-surveillance-software/113743 http://thehackernews.com/2015/07/hacking-uefi-bios-rootkit.html http://arstechnica.com/security/2015/07/hacking-team-broke-bitcoin-secrecy-by-targeting-crucial-wallet-file/   http://arstechnica.com/security/2015/07/once-again-adobe-releases-emergency-flash-patch-for-hacking-team-0-days/ https://addons.mozilla.org/en-us/firefox/blocked/p94 https://twitter.com/alexstamos/status/620306643360706561 https://twitter.com/alexstamos/status/620306791520309248   https://threatpost.com/united-airlines-hands-out-million-mile-bug-bounty/113766   http://w3techs.com/technologies/details/cp-flash/all/all http://httparchive.org/interesting.php https://alternativeto.net/software/flash-player/ https://www.sophos.com/en-us/security-news-trends/security-trends/html5-and-security.aspx http://www.smashbrand.com/articles/html-5-explained-quickly/ https://www.owasp.org/index.php/HTML5_Security_Cheat_Sheet http://www.sitepoint.com/security-risks-html5-apps/   Youtube Thumbnail […]

Read more

VPNs are great for protecting your Internet traffic when on untrusted networks – like Public WiFi. So many times it’s thrown around as advice “just get a VPN” – but where should you get a VPN? When you sign up for a $10/month VPN service in “the cloud” you’re basically handing over both money *and* […]

Read more

Yet another Flash exploit has been found… expect a patch, but we’d rather you removed Adobe’s Flash. RhinoSecurity has cancelled the super cool ProxyHam, and the DefCon talk, Patent Trolls are getting worse, and the first new zero day Java attack in two years! We’ll explain it all in today’s edition of ThreatWire Links: Another […]

Read more

Adobe Flash 0-Day Vulnerability, No More Private Registration?!, T-Mobile Transparency Report Released. All that coming up now on Threat Wire. Links: http://arstechnica.com/security/2015/07/hacking-team-leak-releases-potent-flash-0day-into-the-wild/ http://www.wired.com/2015/07/fbi-spent-775k-hacking-teams-spy-tools-since-2011/ http://www.wired.com/2015/07/unassuming-web-proposal-make-harassment-easier/ https://gnso.icann.org/en/issues/raa/ppsai-initial-05may15-en.pdf http://www.cnet.com/news/t-mobiles-transparency-report-reveals-352000-customer-data-requests/ http://newsroom.t-mobile.com/content/1020/files/NewTransparencyReport.pdf https://plus.google.com/u/0/b/105419513438843979262/communities/108468376385294386339   Youtube Thumbnail credit: https://www.flickr.com/photos/maxkiesler/8114167283

Read more

Sniffing Packets on Android with tPacketCapture and Xen Orchestra, a free open source web-based management system for XenServers. Download HD  |   Download MP4 Links: https://xen-orchestra.com https://play.google.com/store/apps/details?id=jp.co.taosoftware.android.packetcapture&hl=en https://www.kismetwireless.net/android-pcap/

Read more

Was Hacking Team knowingly selling their “lawful interception tools” to foreign governments with less than stellar human rights records? Plex and Harvard have suffered breaches, Trump might have a credit card problem, and right now would be a good time to update Mozilla Firefox. Yo! Links: Hacking Team Hacked: http://www.securityweek.com/surveillance-software-firm-hacking-team-suffers-data-breach Hacking Team Responds: http://www.csoonline.com/article/2944333/data-breach/hacking-team-responds-to-data-breach-issues-public-threats-and-denials.html Plex […]

Read more

NSA data collection is a thing, at least til November, ‘Dino’ malware was found in Iran, and OPM makes the news, yet again. All that coming up now on ThreatWire. Links: http://www.cnet.com/news/nsa-can-track-everyones-phone-calls-again-for-a-while/ https://s3.amazonaws.com/s3.documentcloud.org/documents/2124483/br-15-75-misc-15-01-opinion-and-order.pdf http://arstechnica.com/security/2015/06/researchers-expose-dino-espionage-malware-with-a-french-connection/ http://www.welivesecurity.com/2015/06/30/dino-spying-malware-analyzed/ http://arstechnica.com/tech-policy/2015/06/opm-shuts-down-background-investigation-portal-because-of-vulnerability/ http://www.opm.gov/news/releases/2015/06/opm-notifies-agencies-of-temporary-suspension-of-e-qip-system/ Youtube Thumbnail credit: https://c2.staticflickr.com/6/5577/14731380678_ef5314e065_b.jpg

Read more

Today on Hak5, we’re continue our experiments with the home lab virtual server with open source OpenXenManager for Linux. Download HD  |   Download MP4 Links: Open Xen Manager – http://sourceforge.net/projects/openxenmanager/

Read more

Fourth of July terror warning? It’s an annual thing. If you run Cisco Security Appliances, heads up, there’s a vulnerability that could give root user level access, it looks like private MAC addresses are coming, which is GREAT for privacy, and, yes, official fingers are pointing at China for the OPM data theft. Links: MAC […]

Read more

Update Flash -and your Chrome browser- NOW, ’cause there’s a nasty bug that’s being exploited in the wild. Watch Out WiFi Pineappple, here comes PITA Wireless Password Theft… seriously, researchers are wirelessly grabbing passwords! Blackshades Leader Gets 57 Months for RAT… and the FBI has great info on how to figure out if your machine […]

Read more