Hacker Archives - IT Security Guru

British MPs Pledge Support for Lauri Love

The Gurus — Tue, 21 Nov 2017 12:03:25 +0000

More than 70 MPs in the UK have pledged their support for alleged hacker, Lauri Love, who is facing extradition to the US.
Read Full Story
ORIGINAL SOURCE: IB Times

The post British MPs Pledge Support for Lauri Love appeared first on IT Security Guru.

Hacker Whose Tools Were Used in DNC Hack Steps Forward

The Gurus — Thu, 17 Aug 2017 09:29:31 +0000

A Ukranian hacker called “Profexer” who built one of the tools used to penetrate the Democratic National Committee servers last year has turned himself in to authorities. According to a report today in the New York Times, the man, who first contacted Ukranian police earlier this year, claims he wrote a piece of software called the PAS Web shell, which the Department of Homeland Security has identified as malware used in the hack.
View Full Story
ORIGINAL SOURCE: Technology Review

The post Hacker Whose Tools Were Used in DNC Hack Steps Forward appeared first on IT Security Guru.

A suspected Russian hacker in the Czech Republic is one step closer to being extradited to the US — but Russia wants him back, too

The Gurus — Wed, 31 May 2017 09:39:10 +0000

A Russian suspected hacker has moved a step closer to being sent to the US as a Czech judge gave tentative approval for an extradition to go ahead, during a court hearing held inside a high-security prison in Prague.
View Full Story
ORIGINAL SOURCE: Business Insider

The post A suspected Russian hacker in the Czech Republic is one step closer to being extradited to the US — but Russia wants him back, too appeared first on IT Security Guru.

Passwords have finally evolved into something hackers will hate

The Gurus — Wed, 05 Apr 2017 08:49:07 +0000

The use of patterns or shapes in place of passwords is set to displace the hacker’s favourite – the old-fashioned vulnerable fixed ID code which can so easily be captured and re-used – according to the two British inventors behind Shayype^TM.

Shayype is many times more secure than passwords, gives users new hacker-resistant login codes every time, yet is far easier to recall and use than passwords.

Already one UK firm – leading insurance quotation site 3XD – has announced plans to trial Shayype as soon as possible to protect customers and its own website from hacking. CEO David Fulluck said: “Urgent action is required across the financial technology sector in the wake of the alarming number of hacks and data breaches currently happening. But until now, the big question has been – how? What’s so interesting about Shayype is that it takes vulnerable static passwords out of the equation completely, but is easier to use.”

Another businessman, Alan Bentley, managing director of Peterborough-based IPM Global Mobility added: “”I have long been concerned about protecting IPM’s systems from Cyber-attack. I am also concerned that many IT specialists have taken a laisse faire attitude that however you try to protect your systems from attack it remains a question of when, not if.”

Now electronics engineer Jon Beal and journalist Jonathan Craymer who came up with the new system aim to launch a crowdfunding campaign to support vital usability testing on thousands of people.

Mr Craymer said: “Arguably cyber-crime is the biggest fixable threat the world faces right now. Anything connected to the rest of the world can be hacked so easily, simply because fixed passwords or ID codes are still the attackers’ favourite way in. The answer is to change the code you enter every time, without increasing complexity or forcing people to carry devices.

“We’re hoping we’ve managed to do something the tech giants failed to do – find a simple replacement for passwords, PINs, door-codes etc. But Shayype is far more than this. We hope it will give back ordinary people the control they deserve over identity, privacy and help to re-build trust in the online world.”

The post Passwords have finally evolved into something hackers will hate appeared first on IT Security Guru.

How to Protect Yourself or Organization from Malware

The Gurus — Mon, 01 Aug 2016 08:55:59 +0000

Ransomware is one of the most infuriating kinds of cyber attack that’s cropped up over recent years, with hackers raking it in from hapless comouter users who just want their files back.
Whilst we all hope for a perfect online community where such things wouldn’t happen, it’s evident that future is a long way away. So the team at AppRiver have got several tips on how to prepare for the ransomware threat and adjust your security posture so that the hackers don’t get the best of you or your business using this triend and tested attack method. Check out the video above and keep an eye on the Guru website for more from their team of world-renowned experts.
For more, follow AppRiver on Twitter or check out their YouTube channel.

The post How to Protect Yourself or Organization from Malware appeared first on IT Security Guru.

Hacker Steals 45 Million Records From 1,100 Home, Sports and Tech Support Forums

The Gurus — Wed, 15 Jun 2016 09:41:40 +0000

VerticalScope.com, a company that runs multiple support forums on various topics, has suffered a massive data breach in February 2016 when a hacker managed to steal over 45 million user records from its database.

The records, which data breach indexing site LeakedSource has managed to acquire and analyze, contain details from over 1,100 tech support portals VerticalScope is running on different domains.

LeakedSource says the biggest data troves are from sites such as Techsupportforum.com, MobileCampsites.com, Pbnation.com, and Motorcycle.com.

Original Source: Softpedia

View the full story here.

The post Hacker Steals 45 Million Records From 1,100 Home, Sports and Tech Support Forums appeared first on IT Security Guru.

The Three Little Pigs and the Big Bad Botnet

The Gurus — Mon, 16 May 2016 08:38:32 +0000

I’ll huff and I’ll puff and I’ll…bring your web application offline!
The possibility of a business being targeted by some huge zombie army, or botnet, is enough to send shivers down the spine of many seasoned security veterans. Modern botnets are of vast size and power, with more sophisticated features and capabilities than ever before. Modern botnet attacks can be very precise and controlled, being pulsed and sent in different ways to make the attackers impossible to trace and the impact that much more damaging. So who is behind these botnets, what can we expect to see in the future and how can organisations put their fears to bed and defend themselves effectively from them?
Botnets have transformed the DDoS landscape. Once, attacks were the preserve of a small, technical elite who had enough coding skills to launch a strike. But now, DDoS-for-hire botnets have significantly lowered the barriers to entry. A quick Google search and a PayPal account makes botnets readily available for just a few dozen dollars, with no coding experience necessary. And they are becoming increasingly popular – DDoS-for-hire botnets are now estimated to be behind as many as 40 per cent of all network layer attacks.
But while the majority of purchasers are likely to be low-level attackers, seeking to cause mischief and settle personal grievances, more powerful botnets-for-hire are also being utilised by state actors and organised crime syndicates. In recent years, DDoS attacks have been getting bigger and bigger. Our Security Operations Centre recorded a dramatic (25%) increase in very large attacks of more than 10Gb per second among our customer base in the second half of last year. And in terms of individual attacks, the strike on the BBC in January was one of the biggest ever reported, at an enormous 600Gb per second. While these attacks clearly cause significant damage, we believe that their primary purpose is often just to demonstrate their attackers’ capabilities so that they can be sold as a service in the future. The kind of gigantic attacks that make headlines aren’t cheap to rent, and would probably cost upwards of $150,000 to engage. As a result, these are only likely to be utilised by criminal or nation state attackers, who have access to a sophisticated infrastructure with money laundering capabilities.
Looking forward, there is really no limit to the potential size and scale of future botnet-driven DDoS attacks, particularly when they harness the full range of smart devices incorporated into our Internet of Things. By using amplification techniques on the millions of very high bandwidth density devices currently accessible, such as baby video monitors and security cameras, DDoS attacks are set to become even more colossal in scale. Terabit -class attacks may be increasingly common and ‘breaking the Internet’ – or at least clogging it in certain regions – could soon become a reality. The bottom line is that attacks of this size can take virtually any company offline, and are a reality that anyone with an online presence must be prepared to defend against..
But it isn’t just the giant attacks that organisations need to worry about. Before botnets are mobilised, hackers need to make sure that their techniques are going to work. This is usually done through the use of small, sub-saturating attacks which most IT teams wouldn’t even recognise as a DDoS attack. Due to their size – the majority are less than five minutes in duration and under 1Gbps – these shorter attacks typically evade detection by most legacy out-of-band DDoS mitigation tools, which are generally configured with detection thresholds that ignore this level of activity. This allows hackers to perfect their methods under the radar, leaving security teams blindsided by subsequent attacks. If these techniques are then deployed at full scale with a botnet, the results can be devastating.
Besides harnessing enormous power, botnets are also notoriously difficult to spot. Once deployed, they utilise sophisticated techniques to hide their tracks. Their command and control infrastructure can be automated or set on autopilot, they can sleep for long periods of time, they can have ubiquitous bandwidth available at any time of day by waking up different regions at different times – they are a complex and vast maze, often operated by some of the brightest minds in cybercrime. But that’s no reason for organisations to resign themselves to eventually getting attacked. So what are the most effective methods of defence?
The old way was to use a cloud-based scrubbing centre, where the security team can divert traffic for analysis and filtering when they see a DDoS attack. But asking a human to monitor the edge of the network and intervene when they think they’ve spotted a DDoS attack is very labour intensive and won’t react fast enough to the automated attacks of today. Furthermore this won’t apprehend the sub-saturation attacks that experiment on your networks undetected, finding vulnerabilities and testing new methods.
So a proper modern method is one that’s always on, deployed in-line and doesn’t require human intervention in order to maintain clean traffic. The technology, whilst relatively new, is available on premises and from upstream prviders, so there are options open to most organisations no matter their size, budget and likelihood of being targeted. It also frees up your manpower to focus on preventing data exfiltration and other malicious activity taking place, making your staff much mroe productive.
So there you have it – maybe the three little pigs don’t need to worry about the big bad botnet after all! There’s methods on offer to help you build your proverbial “house” (security infrastructure) out of bricks and mitigate the most serious botnet-driven DDoS attacks on their networks.
Dave Larson is Chief Operating Officer at Corero Network Security. To find out more about Corero, head over to their website or follow them on twitter.

The post The Three Little Pigs and the Big Bad Botnet appeared first on IT Security Guru.

Phineas Fisher's Account of How He Broke Into Hacking Team Servers

The Gurus — Mon, 18 Apr 2016 09:56:08 +0000

Almost a year after carrying out his attacks, the hacker behind the Hacking Team data breach has published a step-by-step explainer on how he breached the company’s servers and stole all their data.
Known as Phineas Fisher (past moniker FinFisher), the hacker posted a PasteBin over the weekend, in which he reveals how the attack unfolded, the tools he used, and provided a tutorial for h@ckZ0r wannabees who want to enter the world of top-level hacking.
Since the whole exposé is quite a long read, we’re going to provide a summary, but we recommend checking out Phineas Fisher’s post for the finer tips on various hacking techniques and pen-testing tools.

Original Source: Softpedia
View the full story here

The post Phineas Fisher's Account of How He Broke Into Hacking Team Servers appeared first on IT Security Guru.

Russian hacker group Buhtrap targeting largest EU banks

The Gurus — Tue, 12 Apr 2016 09:18:43 +0000

The Russian government has begun working with Russia’s Central Bank to develop a package of measures aimed at fighting Buhtrap, the recently discovered hacker group, which, to date, has stolen around RUB 4 billion (£42 million) from Russian and Western banks, and is reportedly planning further attacks on the EU banking system. An official spokesman of Xenia Yudaeva, the first Deputy Chairman of the Russian Central Bank, told SCMagazineUK.com that the hacker group uses sophisticated cyber-attacks, the most recent of which allowed it to steal about RUB 600 million £6.3 million) from Metallinvestbank, one of Russia’s largest banks.
Original Source: SC Magazine UK
View the full story here

The post Russian hacker group Buhtrap targeting largest EU banks appeared first on IT Security Guru.

Turkey Breach Spills Info on More Than Half Its Citizens

The Gurus — Wed, 06 Apr 2016 10:30:58 +0000

THE NATION OF Turkey has been reeling from terrorist bombings in its biggest cities, a teeming refugee crisis, and a president who wants to rewrite its constitution to give himself more power. Now, in the midst of those calamities, it’s also been hit with what appears to be an enormous data breach, one that affects the majority of the country’s citizens.
In a 1.4GB compressed folder, an unknown hacker posted the details of over 50 million Turkish citizens. The information included all the usual compromising details – names, birthplace, birth dates, and number used in government records. The hacker also left a message that mocked the sloppy data protection practices of the Turkish government.

Original source: WIRED
View the full story here

The post Turkey Breach Spills Info on More Than Half Its Citizens appeared first on IT Security Guru.