A new report reveals that current blacklists are failing to identify approximately 90% of suspicious IP addresses. The report , "Two Shady Men Walk Into a Bar: Detecting Suspected Malicious Infrastructure Using Hidden Link Analysis," is the culmination of an effort led by threat intelligence firm Recorded Future to illustrate how mentions of malicious IP addresses on the open and dark web, not to...

During my talk at DEF CON 23 last week, I discussed my experience developing USB based trojans and highlighted the fact that attempts to patch these vulnerabilities have done little to mitigate the risks associated with this attack vector. The revelation of CVE-2015-0096, which is a continuation of CVE-2010-2568, was believed to have been patched by MS10-046. However, it was not completely and we...

I am not one for quotes and ‘Facebook philosophy’ memes but recently, I was reminded of my favourite quote on a certain social media platform: “The only true wisdom is in knowing you know nothing.” – Socrates The pursuit of education can convert a criminal into a solicitor; it can envelop minds and have a plethora of benefits. Dietary education can change the shape of a person, and knowledge of the...

Many see endless possibilities in facial recognition technology, an optimism which has all ready led to a number of applications for this emerging form of identification and verification. For example, local and state police departments, not to mention the Federal Bureau of Investigations , have spent the past few decades incorporating recognition software into surveillance cameras in an effort to...

Today’s VERT Alert addresses 14 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-628 on Wednesday, August 12th. MS15-079 Multiple Memory Corruption Vulnerabilities MULTIPLE Multiple ASLR Bypass Vulnerabilities MULTIPLE Unsafe Command Line Parameter Passing Vulnerability CVE-2015-2423 MS15-080...

Security researchers have uncovered a zero-day deserialization vulnerability that allows for arbitrary code execution in 55% of Android devices. For their presentation at USENIX WOOT '15 , researchers Or Peles and Roee Hay at IBM Security explain that their vulnerability (CVE-2015-3825) can be exploited in the context of many apps and can be used to effect an elevation in privileges. In a research...

Noise is a problem. As information security practitioners, we've been dealing with the problem of the signal-to-noise ratio for a long time. The solution hasn't really changed, but the landscape certainly has. Ultimately, what drives noise down and elevates signal is, context. For his presentation at Black Hat USA, Travis Smith, a fellow Tripwirian, dove into how you can use the open source ELK...

The 18 th annual Black Hat USA conference gathered thousands of professionals, researchers and enthusiasts to discuss not only the industry’s current trends and threats but also what we, as a community, can do to improve the security of ourselves, and of those around us. With over 100 briefings to choose from, this year’s presentations discussed a variety of issues. We saw a particular interest in...

Attackers are exploiting the hack of adulterer website Ashley Madison to disseminate spam and malware across the web. In July, Brian Krebs reported that a group of hackers known as The Impact Team had released some sensitive internal data stolen from Avid Life Media (ALM), a Toronto-based company that owns Ashley Madison as well as other hookup services including Cougar Life and Established Men...

Back in December of 2014, The State of Security first reported on the story of Ercan "Segate" Findikoglu, a 33-year-old Turkish man who is accused of having stolen over $60 million as part of a number of card heists in the United States. At the time of our reporting, Germany had denied Findikoglu's extradition to the United States based upon different laws governing jail time for hackers. The...

A Business Email Compromise (BEC) scam has resulted in a $39.1 million loss for Ubiquiti Networks , an American technology company that manufactures wireless networking products. On August 6th, Ubiquiti Networks issued a press release summarizing the results of its fourth fiscal quarter of 2015, which ended on June 30, 2015. The company reveals in that statement that it was the victim of a BEC...

ICANN, the organisation which oversees the internet's domain name system, regulating web addresses and working with registrars around the world, has revealed that it has fallen victim to a hacker attack during which the details of users who had created profiles on the organisation's public website were exposed. Email addresses (which act as usernames for profiles on the ICANN site) and hashed...

A security firm has released the results of an experiment that used a honeypot script named "GasPot" to determine the security threats facing gas tanks. These results were announced by Trend Micro researcher Kyle Wilhoit and Industrial Control Systems (ICS) expert Stephen Hilt during their presentation for Black Hat 2015, " The Little Pump Gauge that Could: Attacks Against Gas Pump Monitoring...

Today was another successful day at BSides Las Vegas , with more intriguing presentations and an amped up crowd ready to hear from security researchers, engineers, analysts and catalysts alike. Although there were numerous interesting topics to choose from, my time only permitted for about a half-day of sessions. Luckily, many of the presenters noted they would make their slides available online...

Malware is one of the most dangerous classes of computer threats facing users today, and as a risk category, it is growing in sophistication. First, malware is now more difficult to detect. In an effort to stay one step ahead of security researchers, authors of malicious software are integrating evasion techniques, including environmental awareness and obfuscation , into their code. These...

Fiat Chrysler and Harman International, the maker of the Uconnect dashboard computer, have been slammed with a class-action lawsuit after two security researchers successfully exploited a vulnerability in uConnect to hijack a 2014 Jeep. As reported in The State of Security's July 24th security roundup , researchers Chris Valasek and Charlie Miller last month exploited a vulnerability in Uconnect's...

RFID is one of those ubiquitous technologies showing up everywhere from contactless payment cards to the neighborhood swimming pool. Some of these technologies offer appropriate security controls but many applications still use legacy technology that is easily subverted by an attacker. Back in 2013, data from HID Global indicated that 70-80% of physical access control deployments in the US were...

This year’s BSides in sunny Las Vegas, Nevada, is off to an amazing start, with an overwhelming crowd and a great lineup of presentations from some of the industry’s brightest – and most inspiring – professionals. In the biggest BSides LV event yet, hundreds of attendees gathered at the Tuscany bright and early – eagerly waiting to hear from experts in all things “cyber.” Below is a quick-read...

A true zero day, such as the recent vulnerability affecting Apple’s DYLD_PRINT_TO_FILE variable that an adware installer is said to be exploiting in the wild , is called that because it comes without warning, because by the time you know about it, you have already been compromised. They're expensive; they are the domain of nation states and the most advanced of APTs. Chances are, if you have...

A security researcher has found the first known exploit of a zero-day vulnerability affecting Apple's DYLD_PRINT_TO_FILE variable in the wild. The vulnerability, which was first found by researcher Stefan Esser in July, involves the addition of DYLD_PRINT_TO_FILE as a new environment variable to the dynamic linker dyld. As of this writing, this variable does not come with certain safeguards and...