Reboot It! Episode 59 with Bill Gardner and Benny Karnes

Upcoming Conferences

 

DerbyCon 6

When: September 21-25, 2016

Where: Louisville, KY
http://derbycon.com


 

BSides DC

When: October 21-23, 2016

Where: Washington, DC

http://www.bsidesdc.org/

 

SecureWV/Hack3rCon

When: November 18-20

Where: Charleston, WV

http://securewv.com/

CFP is Open!

http://securewv.com/cfp.html

Tickets are on sale!

http://securewv.com/registration.html

Looking for Sponsors!

http://securewv.com/sponsorship.html

CTF Page - Watch for more information!

 

Announcements

Book Give-Away - “Masters of Deception: The Gang That Ruled Cyberspace”


 

Stories

 

The Dropbox hack is real

https://www.troyhunt.com/the-dropbox-hack-is-real/

 

How to I enable two-step verification for Dropbox

https://www.dropbox.com/en/help/363

 

FTC Releases Alert on Securing Personal Information When Using Rental Vehicles

https://www.us-cert.gov/ncas/current-activity/2016/08/30/FTC-Releases-Alert-Securing-Personal-Information-When-Using-Rental

 

Revamped L0phtCrack 7 Audits Windows and Unix Passwords Up to 500 Times Faster

http://www.l0phtcrack.com/2016/08/646/

 

Feds warn first responders of dangerous hacking tool: Google Search

http://arstechnica.com/security/2014/08/feds-warn-first-responders-of-dangerous-hacking-tool-google-search/

 

FBI says foreign hackers penetrated state election systems

https://www.yahoo.com/news/fbi-says-foreign-hackers-penetrated-000000175.html?soc_src=social-sh&soc_trk=tw

 

Homeland eyes special declaration to take charge of elections

http://www.washingtonexaminer.com/homeland-eyes-special-declaration-to-take-charge-of-elections/article/2600592

 

Stealing login credentials from a locked PC or Mac just got easier

http://arstechnica.com/security/2016/09/stealing-login-credentials-from-a-locked-pc-or-mac-just-got-easier/

Mubix’s (Rob Fuller) Blog post:

https://room362.com/post/2016/snagging-creds-from-locked-machines/

Reboot It! Episode 58 with Bill Gardner, Amanda Berlin, and Blair Gardner - Back to School

Upcoming Conferences

 

DerbyCon 6

When: September 21-25, 2016

Where: Louisville, KY
http://derbycon.com


 

BSides DC

When: October 21-23, 2016

Where: Washington, DC

http://www.bsidesdc.org/

 

SecureWV/Hack3rCon

When: November 18-20

Where: Charleston, WV

http://securewv.com/

CFP is Open!

http://securewv.com/cfp.html

Tickets are on sale!

http://securewv.com/registration.html

Looking for Sponsors!

http://securewv.com/sponsorship.html

CTF Page - Watch for more information!

 

Announcements

Book Give-Away - “Masters of Deception: The Gang That Ruled Cyberspace”


 

Stories

 

Proof-of-concept exploit code for CVE-2016-5696

https://github.com/jduck/challack

 

The Million Dollar Dissident: NSO Group’s iPhone Zero-Days used against a UAE Human Rights Defender

https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/

 

Bake your own EXTRABACON

https://blog.silentsignal.eu/2016/08/25/bake-your-own-extrabacon/

 

Ashley Madison Blasted Over Fake Security Award as Lawsuit Moves Forward

http://fortune.com/2016/08/25/ashley-madison-report/

United Airlines Sets Minimum Bar on Security

https://krebsonsecurity.com/2016/08/united-airlines-sets-minimum-bar-on-security/

 

Mylan Reacts to EpiPen Backlash

http://www.wsj.com/articles/mylans-epipen-price-increases-highlight-its-grip-on-the-market-1472154769

 

Reboot It! Episode 57 with Bill Gardner and Rick Hayes - Shadow Brokers

Upcoming Conferences

 

DerbyCon 6

When: September 21-25, 2016

Where: Louisville, KY
http://derbycon.com


 

BSides DC

When: October 21-23, 2016

Where: Washington, DC

http://www.bsidesdc.org/

 

SecureWV/Hack3rCon

When: November 18-20

Where: Charleston, WV

http://securewv.com/

CFP is Open!

http://securewv.com/cfp.html

Tickets are on sale!

http://securewv.com/registration.html

Looking for Sponsors!

http://securewv.com/sponsorship.html

CTF Page - Watch for more information!

 

Announcements

Book Give-Away - “Masters of Deception: The Gang That Ruled Cyberspace”


 

Stories

 

The Long Journey to the US!

http://www.hackersforcharity.org/long-journey/the-long-journey-to-the-us/

 

Katana 4.0

https://sourceforge.net/projects/katana-usb/files/v4.0/

http://www.hackfromacave.net/katana/install.html

 

The Shadow Brokers hack is starting to look like Russia vs. NSA

http://www.theverge.com/2016/8/17/12519804/shadow-brokers-russia-nsa-hack-equation-group

 

Cisco and Fortinet say vulnerabilities disclosed in ‘NSA hack’ are legit

https://techcrunch.com/2016/08/17/cisco-and-fortinet-say-vulnerabilities-disclosed-in-nsa-hack-are-legit/

Edward Snowden Points to Russia on Alleged NSA Hack

http://fortune.com/2016/08/16/edward-snowden-nsa-hack-russia/?xid=soc_socialflow_facebook_FORTUNE

 

Former NSA Staffers: Rogue Insider Could Be Behind NSA Data Dump

http://motherboard.vice.com/read/former-nsa-staffers-rogue-insider-shadow-brokers-theory

 

Cisco Shares Fall After CRN Report of as Many as 14,000 Job Cuts

http://www.bloomberg.com/news/articles/2016-08-17/cisco-plans-to-cut-up-to-14-000-jobs-in-coming-weeks-crn-says

 

NIST’s new password rules – what you need to know

https://nakedsecurity.sophos.com/2016/08/18/nists-new-password-rules-what-you-need-to-know/

 

Microsoft PowerShell goes open source, lands on Linux and Mac

http://www.pcworld.com/article/3109176/open-source-tools/microsoft-powershell-goes-open-source-and-lands-on-linux-and-mac.html

 

Uber’s First Self-Driving Fleet Arrives in Pittsburgh This Month

http://www.bloomberg.com/news/features/2016-08-18/uber-s-first-self-driving-fleet-arrives-in-pittsburgh-this-month-is06r7on

 

PayPal patches 2FA portal bug

http://www.theregister.co.uk/2016/08/18/paypal_patches_2fa_portal_bug/

 

Reboot It! Episode 56 with Bill Gardner and Benny Karnes - Hacker Summer Camp

Upcoming Conferences

 

DerbyCon 6

When: September 21-25, 2016

Where: Louisville, KY
http://derbycon.com


 

BSides DC

When: October 21-23, 2016

Where: Washington, DC

http://www.bsidesdc.org/

 

SecureWV/Hack3rCon

When: November 18-20

Where: Charleston, WV

http://securewv.com/

CFP is Open!

http://securewv.com/cfp.html

Tickets are on sale!

http://securewv.com/registration.html

Looking for Sponsors!

http://securewv.com/sponsorship.html

CTF Page - Watch for more information!

 

Announcements

Book Give-Away - “Masters of Deception: The Gang That Ruled Cyberspace” - Submit a talk to SecureWV/Hack3rcon and be entered to win.

Stories

Delta Warns of Chaos After Power Outage, Worldwide System Failure

http://www.nbcnews.com/news/us-news/delta-system-outage-triggers-delays-worldwide-n625141

 

Hackers Make the First-Ever Ransomware for Smart Thermostats

http://motherboard.vice.com/read/internet-of-things-ransomware-smart-thermostat?utm_source=mbtwitter

 

Data Breach At Oracle’s MICROS Point-of-Sale Division

http://krebsonsecurity.com/2016/08/data-breach-at-oracles-micros-point-of-sale-division/

 

Breach Forces Password Change on Oracle MICROS PoS Customers

https://threatpost.com/breach-forces-password-change-on-oracle-micros-pos-customers/119754/

 

Why Hackers Are Getting 'All Political' This Election Year

http://www.darkreading.com/why-hackers-are-getting-all-political-this-election-year/d/d-id/1326551?_mc=RSS_DR_EDT

 

A New Wireless Hack Can Unlock 100 Million Volkswagens

https://www.wired.com/2016/08/oh-good-new-hack-can-unlock-100-million-volkswagens/

 

Reboot It! Episode 55- with Bill Gardner, @0bikao, and Kyle Stone (@essobi) - Russia Did it … Maybe

Upcoming Conferences

 

DerbyCon 6

When: September 21-25, 2016

Where: Louisville, KY
http://derbycon.com

CFP is Open!

 

BSides DC

When: October 21-23, 2016

Where: Washington, DC

http://www.bsidesdc.org/

 

SecureWV/Hack3rCon

When: November 18-20

Where: Charleston, WV

http://securewv.com/

CFP is Open!

Tickets are on sale!

Looking for Sponsors!

CTF Page - Watch for more information!

 

 

Stories

Police get dead man's finger 3D-printed to unlock his phone

https://www.engadget.com/2016/07/21/police-get-dead-man-s-finger-3d-printed-to-unlock-his-phone/?sr_source=Facebook

 

Feds shut down tech support scammers, freeze assets

http://www.computerworld.com/article/3097576/malware-vulnerabilities/feds-shut-down-tech-support-scammers-freeze-assets.html

 

GUCCIFER 2.0 DNC’S SERVERS HACKED BY A LONE HACKER

https://guccifer2.wordpress.com/2016/06/15/dnc/

 

Exploring Russian ties to the men lurking behind Trump

http://thehill.com/blogs/pundits-blog/presidential-campaign/289047-exploring-russian-ties-to-the-men-lurking-behind#.V5YcgRotBKs.facebook

 

In a major cyber-hack, whom do you call? The White House spells it out.

https://www.washingtonpost.com/world/national-security/in-a-major-cyber-hack-who-do-you-call-the-white-house-spells-it-out/2016/07/26/08b3287e-52db-11e6-bbf5-957ad17b4385_story.html

 

If Russian Intelligence Did Hack the DNC, the NSA Would Know, Snowden Says

https://theintercept.com/2016/07/26/russian-intelligence-hack-dnc-nsa-know-snowden-says/

 

New evidence suggests DNC hackers penetrated deeper than previously thought

http://arstechnica.com/security/2016/07/new-evidence-suggests-dnc-hackers-penetrated-deeper-than-previously-thought/

 

Presidential Policy Directive -- United States Cyber Incident Coordination

https://www.whitehouse.gov/the-press-office/2016/07/26/presidential-policy-directive-united-states-cyber-incident

 

What's next for Flickr after Yahoo's sale?

https://www.theguardian.com/technology/2016/jul/25/yahoo-moves-next-for-flickr

 

NIST declares the age of SMS-based 2-factor authentication over

https://techcrunch.com/2016/07/25/nist-declares-the-age-of-sms-based-2-factor-authentication-over/

 

New attack bypasses HTTPS protection on Macs, Windows, and Linux

http://arstechnica.com/security/2016/07/new-attack-that-cripples-https-crypto-works-on-macs-windows-and-linux/

 

Zero-day hole can pwn millions of LastPass users, all that's needed is a malicious site

http://www.theregister.co.uk/2016/07/27/zero_day_hole_can_pwn_millions_of_lastpass_users_who_visit_a_site/



 

Reboot It! Episode 54 - with Bill Gardner, Benny Karnes, and Mark Boltz-Robinson - Defcon is canceled...again

Upcoming Conferences

 

DerbyCon 6

When: September 21-25, 2016

Where: Louisville, KY
http://derbycon.com

CFP is Open!

 

BSides DC

When: October 21-23, 2016

Where: Washington, DC

http://www.bsidesdc.org/

 

SecureWV/Hack3rCon

When: November 18-20

Where: Charleston, WV

http://securewv.com/

CFP is Open!

Tickets are on sale!

Looking for Sponsors!

CTF Page - Watch for more information!

 

 

Stories

 

Pokemon Go down: Hacking group claims responsibility for bringing down game's servers 'with DDOS attack'

http://www.independent.co.uk/life-style/gadgets-and-tech/gaming/pokemon-go-down-servers-ddos-attack-hackers-poodlecorp-game-unavailable-a7140811.html

 

Hacker faces longer sentence than rapist

http://www.techworm.net/2016/07/hacker-faces-longer-sentence-rapist-exposing-via-web-hack.html

 

How the Real Hackers Behind Mr. Robot Get It So Right

https://www.wired.com/2016/07/real-hackers-behind-mr-robot-get-right

 

Ubuntu Linux Forum Hacked...Again

http://thehackernews.com/2016/07/ubuntu-hacked.html

 

Two Million Passwords Breached in Ubuntu Hack

https://threatpost.com/two-million-passwords-breached-in-ubuntu-hack/119335/


 

HIPAA Guidance on Reporting Ransomware

http://www.scmagazine.com/hhs-healthcare-groups-must-report-all-ransomware-attacks/article/509630/

 

FIAT Chrysler Launches Detroit's First 'Bug Bounty' for Hackers

https://www.wired.com/2016/07/chrysler-launches-detroits-first-bug-bounty-hackers/

 

Inside the diabolical Ukrainian hack that put the U.S. grid on high alert

http://www.eenews.net/stories/1060040399

 

ATM broken into with just a smartphone

http://securityphresh.com/security-news-display.php?newsid=71416&utm_source=dlvr.it&utm_medium=twitter

 

OpenSSH has user enumeration bug

http://www.theregister.co.uk/2016/07/17/openssh_has_user_enumeration_bug/?mt=1468849929557

 

Cici’s Pizza: Card Breach at 130+ Locations

http://krebsonsecurity.com/2016/07/cicis-pizza-card-breach-at-130-locations/

 

Reboot It! Episode 53 - with Bill Gardner and Benny Karnes - Go Pokémon Go

Upcoming Conferences

 

DerbyCon 6

When: September 21-25, 2016

Where: Louisville, KY
http://derbycon.com

CFP is Open!

 

BSides DC

When: October 21-23, 2016

Where: Washington, DC

http://www.bsidesdc.org/

 

SecureWV/Hack3rCon

When: November 18-20

Where: Charleston, WV

http://securewv.com/

CFP is Open!

Tickets are on sale!

Looking for Sponsors!

 

Announcements:

304 Geeks Flood Disaster Free Data Recovery Service

For more information Email us at wvfloodrecovery@securewv.org

Or call us and leave a message at 304-389-3828

 

Computers and successfully recovered data can be picked up from 9 a.m. to 4 p.m. July 23.


 

Stories

Pokémon Go poses a huge privacy and security threat

http://adamreeve.tumblr.com/post/147120922009/pokemon-go-is-a-huge-security-risk


 

DroidJack Uses Side-Load…It's Super Effective! Backdoored Pokemon GO Android App Found

https://www.proofpoint.com/us/threat-insight/post/droidjack-uses-side-load-backdoored-pokemon-go-android-app

 

Armed muggers use Pokémon Go to find victims

http://arstechnica.com/gaming/2016/07/armed-muggers-use-pokemon-go-to-find-victims/

 

Niantic’s Statement on Permissions

http://support.pokemongo.nianticlabs.com/hc/en-us/articles/222648408-Permissions-update

 

First Business Associate HIPAA Penalty Announced

http://www.databreachtoday.com/first-business-associate-hipaa-penalty-announced-a-9238?rf=2016-07-09-edbt&mkt_tok=eyJpIjoiTWpneU9XUmxOV05rT0dZNCIsInQiOiJqOTI5MnZzZitodEgwN1pkcVBGSjgyZm0zeEI5M1MxQlRmT3Q2RVd1V3laQ1Nuamd0NXp6WTJqTEpnSFlWRVMyb2VLdFpnQ1JmU05aZ1RXWUlNRkRcL2Npd0xlc3BiSXBWR0pRV0RFT3N6T3M9In0%3D

 

Symantec - the popular computer protector - may actually help hackers, feds warn

http://money.cnn.com/2016/07/07/technology/symantec-unsafe/

 

Amazon Kindle Servers Breached, 80,000 Amazon Users’ Passwords and Personal Information Leaked

http://www.techworm.net/2016/07/amazon-kindle-servers-breached-80000-amazon-users-passwords-personal-information-leaked.html

 

Oklahoma DPS and Bank Security Exposure

https://mackeeper.com/blog/post/245-oklahoma-dps-and-bank-security-exposure

 

China hacked the FDIC - and US officials covered it up, report says

http://money.cnn.com/2016/07/13/technology/china-fdic-hack/index.html

 

Reboot It! Episode 50 - with Bill Gardner, Benny Karnes, Alex Hamerstone, David Lauer, Amanda Berlin, and Mark Boltz-Robinson

Upcoming Conferences

 

Bsides Cleveland

This weekend

 

Converge & Bsides Detroit

When: July 14-15 & 16

Where: Detroit, MI

http://www.convergeconference.org/main/

 

DerbyCon 6

When: September 21-25, 2016

Where: Louisville, KY
http://derbycon.com

CFP is Open!


 

SecureWV/Hack3rCon

When: November 18-20

Where: Charleston, WV

http://securewv.com/

CFP is Open!

Tickets are on sale!

Looking for Sponsors!

 

 

BSides DC

When: October 21-23, 2016

Where: Washington, DC

CFP ends June 30th!

http://www.bsidesdc.org/


 

Marshall University Digital Forensic Cyber Camp (June 28-30)

http://epay.wvsto.com/MarshallContinuingEducation/Digital-Forensic-Cyber-Camp-June-28-30-P1.aspx

Marshall University Digital Forensic Cyber Camp (July 12-14) http://epay.wvsto.com/MarshallContinuingEducation/Digital-Forensic-Cyber-Camp-July-12-14-P3.aspx

 

Python Coding Camp kicks off July 6 - The Robert C. Byrd Institute for Advanced Flexible Manufacturing (RCBI) Huntington

Learn to solve puzzles and create games!

 

The Robert C. Byrd Institute for Advanced Flexible Manufacturing (RCBI) is presenting a three-day camp for middle school and  high school students who are interested in learning computer coding. Join us July 6 – 8 from 1:30 to 4:30 p.m. daily as we introduce campers to Python (programming language). Campers will use it to create games and solve puzzles under the guidance of Bill Gardner, an Assistant Professor in the Digital Forensics and Information Assurance Program at Marshall University.

 

The cost is $60 for each camper and includes a copy of Python for Kids: A Playful Introduction to Programming.

 

Register here: http://www.rcbi.org/index.php/component/chronoforms5/?chronoform=Python%20Coding%20Camp

Or call 800.469.7224 for more information.



 

Stories

Pentagon wants more people to hack its websites and networks: And it will even pay them to do it.

https://www.engadget.com/2016/06/18/hack-the-pentagon-expansion/

The Department of Defense's Hack the Pentagon program was apparently so successful, the agency has decided to extend and develop new initiatives for it. Similar to Facebook's, Twitter's and Google's bug bounty projects, Hack the Pentagon paid white hackers for the vulnerabilities they discovered on the department's websites. It ran from April 18th until May 12th, 2016 and doled out over $70,000 in rewards. However, the initial run only covered five public-facing online properties -- defense.gov, dodlive.mil, dvidshub.net, myafn.net and dimoc.mil. The department believes that the concept will also "be successful when applied to many or all of DoD's other security challenges."

 

Starting this month, the agency will develop a new disclosure process and policy. It will anyone to report the flaws they find not only on DoD's websites, but also its systems, networks and applications without fear of repercussion. The department will expand the program to cover the services it offers and will offer incentives to contractors who open their systems for testing, as well.

 

The department's network was hacked more than once last year, with one instance leading to the temporary shutdown of its email system. All those instances might have compelled the agency to beef up its digital security in several way. Besides expanding its bug bounty program, the Pentagon has also hired Matt Cutts, the head of Google's Webspam team, to be part of its Defense Digital Service.

 

Home Depot sues Visa, MasterCard as PIN battle looms

http://www.zdnet.com/article/home-depot-sues-visa-mastercard-as-pin-battle-looms/

 

Among a bevy of grievances, the do-it-yourself retailer posits that Visa and MasterCard sought to block the adoption of chip-and-PIN on credit card transactions.

 

Home Depot filed an antitrust lawsuit in federal court this week against credit card giants Visa and MasterCard.

 

Among a bevy of grievances, the do-it-yourself retailer posits that Visa and MasterCard sought to block the adoption of chip-and-PIN on credit card transactions following the migration to EMV payment security standards last October. Additionally, the retailer argues that chip-and-signature is simply less secure than its chip-and-PIN counterpart.

 

"Visa and MasterCard know perfectly well that a signature alone, without the additional step of requiring a PIN, provides virtually no protection against many types of payment card fraud," Home Depot said in the lawsuit filed Monday in U.S. District Court for the northern district of Georgia.

 

Home Depot also contends that Visa and MasterCard chose to enforce the less-secure chip-and-signature standard because the networks collect higher merchant fees for routing signature-based card transactions as opposed to PIN.

 

Air, land, sea, cyber: NATO adds cyber to operation areas

http://bigstory.ap.org/article/b7a8330df0114498a1611257d4cb5d58/air-land-sea-cyber-nato-adds-cyber-operation-areas

 

BRUSSELS (AP) — NATO agreed Tuesday to make cyber operations part of its war domain, along with air, sea and land operations, and to beef up the defense of its computer networks.

 

NATO Secretary-General Jens Stoltenberg said the decision to formally consider cyber operations a military domain is not aimed at any one country. He says the allies need to be able to better defend themselves and respond to attacks on their computer networks.

 

The decision has been long in coming, particularly amid rising tensions with Russia, which has proven its willingness to launch computer-based attacks against other nations.

 

Russian hackers have been blamed for a breach into an unclassified Pentagon computer network and for a breach of NATO's computer network two years ago.

 

Stoltenberg was speaking at the meeting of NATO defense ministers.

 

About a year ago, U.S. Defense Secretary Ash Carter told NATO that it must improve its ability to protect itself before it builds its cyberwar capabilities. And he pledged that the U.S. would use its expertise to help allies assess their vulnerabilities and reduce the risk to their critical infrastructure.

 

In 2014, after years of debate, NATO finally agreed that a cyberattack could rise to the level of a military assault and could trigger the Article 5 protections, which allow the alliance to go to the collective defense of another member that has been attacked.

 

On Tuesday, Stoltenberg said that cyber must be a war domain, much like air, land and sea. He said the decision means that NATO will coordinate and organize efforts to protect against cyberattacks in a more efficient way.

 

And he noted that any hybrid military attack would include cyber operations as a key dimension.

 

GoToMyPC hit with hack attack; users need to reset passwords

http://www.pcworld.com/article/3085434/security/gotomypc-hit-with-hack-attack-users-need-to-reset-passwords.html

Citrix's remote access service got hit by a "sophisticated" attack over the weekend, prompting password resets for all GoToMyPC users.

If you use Citrix’s GoToMyPC remote desktop access service, you need to change your password. According to a post published to GoToMyPC’s system status page, the service experienced a hack attack this weekend, and it’s now requiring all users to reset their passwords before logging in to the service.

 

“Unfortunately, the GoToMYPC service has been targeted by a very sophisticated password attack,” the update reads. “To protect you, the security team recommended that we reset all customer passwords immediately.”

 

According to GoToMyPC, it wasn’t immediately clear that it was experiencing an attack: On Saturday, users reported being unable to log into their accounts, and were being forced to reset their password. Several hours later, GoToMyPC warned users of the attack.

 

Before you next use GoToMyPC, you’ll have to  reset your password. GoToMyPC recommends that you use a complex password that isn’t just a word straight out of the dictionary. It also suggests using two-step verification to help prevent attackers from accessing your account. For tips on how to create strong but memorable passwords…



Reboot It! Episode 49 - with Bill Gardner and Benny Karnes - Russia Did It (Not China This Time)

Upcoming Conferences

SecureWV/Hack3rCon
When: November 18-20
Where: Charleston, WV
http://securewv.com/ 
CFP is Open!
Tickets are on sale!
Looking for Sponsors!

DerbyCon 6
When: September 21-25, 2016
Where: Louisville, KY
http://derbycon.com
CFP is Open!

Marshall University Digital Forensic Cyber Camp (June 28-30)
http://epay.wvsto.com/MarshallContinuingEducation/Digital-Forensic-Cyber-Camp-June-28-30-P1.aspx
Marshall University Digital Forensic Cyber Camp (July 12-14) http://epay.wvsto.com/MarshallContinuingEducation/Digital-Forensic-Cyber-Camp-July-12-14-P3.aspx

Python Coding Camp kicks off July 6 - The Robert C. Byrd Institute for Advanced Flexible Manufacturing (RCBI) Huntington
Learn to solve puzzles and create games!

The Robert C. Byrd Institute for Advanced Flexible Manufacturing (RCBI) is presenting a three-day camp for middle school and  high school students who are interested in learning computer coding. Join us July 6 – 8 from 1:30 to 4:30 p.m. daily as we introduce campers to Python (programming language). Campers will use it to create games and solve puzzles under the guidance of Bill Gardner, an Assistant Professor in the Digital Forensics and Information Assurance Program at Marshall University.

The cost is $60 for each camper and includes a copy of Python for Kids: A Playful Introduction to Programming.

Register here: http://www.rcbi.org/index.php/component/chronoforms5/?chronoform=Python%20Coding%20Camp
Or call 800.469.7224 for more information. 

 

Stories
Microsoft creates its own FreeBSD VM Image for Azure Cloud Computing Platform
http://thehackernews.com/2016/06/microsoft-azure-freebsd.html

This year, Microsoft impressed the world with 'Microsoft loves Linux' announcements, like developing a custom Linux-based OS for running Azure Cloud Switch, selecting Ubuntu as the operating system for its Cloud-based Big Data services and bringing the popular Bash shell to Windows 10.

Now, the next big news for open-source community:
Microsoft has released its own custom distribution of FreeBSD 10.3 as a "ready-made" Virtual Machine image in order to make the operating system available directly from the Azure Marketplace.

Microsoft to acquire LinkedIn for $26.2 billion in cash
http://www.reuters.com/article/us-linkedin-m-a-microsoft-idUSKCN0YZ1FP?feedType=RSS&feedName=topNews&utm_source=twitter&utm_medium=Social

Microsoft Corp (MSFT.O) said in a blog post it agreed to buy LinkedIn Corp (LNKD.N) for $26.2 billion in cash.

By connecting widely used software like Microsoft Word and PowerPoint with LinkedIn's network of 433 million professionals, the combination could enable Microsoft to add a suite of sales, marketing and recruiting services to its core business products and potentially challenge cloud software rivals such as Salesforce.com Inc..

"LinkedIn and Microsoft really share a mission" of helping people work more efficiently, said Microsoft CEO Nadella in a conference call with analysts. "There is no better way to realize that mission than to connect the world's professionals."

The offer of $196 per share represents a premium of 49.5 percent to LinkedIn's Friday closing price.

Microsoft and LinkedIn: Together Changing the Way the World Works
https://blog.linkedin.com/2016/06/13/microsoft-and-linkedin

Today we are excited to share that LinkedIn has entered into an agreement to be acquired by Microsoft. We are joining forces with Microsoft to realize a common mission to empower people and organizations. LinkedIn’s vision – to create economic opportunity for every member of the global workforce – is not changing and our members still come first.

Our companies are the world’s leading professional cloud and network. This deal will allow us to keep growing, investing in and innovating on LinkedIn to drive value for our members and our customers. Our members will continue to develop their skills, find a job and be great at that job, using our platform. We will continue to help our customers hire top talent, market their brand, and sell to their customers.


Jigsaw ransomware uses live chat to relay payment instructions
https://www.grahamcluley.com/2016/06/jigsaw-ransomware-uses-live-chat-relay-payment-instructions/

Some new variants of Jigsaw ransomware are now relaying payment instructions to their victims via a live chat feature.

Back in mid-April, researchers first came across Jigsaw. Variants of this ransomware family target 240 different file extensions, encrypt all relevant files with AES encryption, and append a .FUN, .KKK, .GWS, or .BTC extension to them.

Jigsaw demands $150 in exchange for the ransom key.

But this crypto-ransomware is not a passive captor of affected users' files.

The malware displays two things to a user once it has successfully infected a machine: a ransom message and a countdown timer starting at 60:00.

Fortunately, researchers were able to develop a free decryption tool for users affected by Jigsaw. The ransomware authors tried to circumvent that utility by rebranding Jigsaw as CryptoHitman, adding a new lockscreen, and appending .PORNO to all encrypted files. But they didn't fool researchers. They simply updated their decryptor.

Morgan Stanley Agrees to Pay $1 Million for Failure to Protect Client Data
http://www.metacompliance.com/blog/morgan-stanley-agrees-to-pay-1-million-for-failure-to-protect-client-data/

The global financial services firm Morgan Stanley has agreed to pay one million dollars for its failure to protect approximately 730,000 of its clients' information.

As reported by SecurityWeek, the Securities and Exchange Commission (SEC) said on Wednesday that Morgan Stanley "failed to adopt written policies and procedures reasonably designed to protect customer data," an oversight which allowed an employee of the bank to steal customer data.

The former employee, Galen Marsh, joined Morgan Stanley back in 2008. Three years later, he realised he could exploit a programming flaw that enabled him to run reports on all Morgan Stanley customers.

The Wall Street Journal writes that Marsh ran approximately 6,000 searches on bank customers, about a third of which were unauthorised, through 2014. The former employee then decided to transfer the information of about 730,000 customers through a personal website to a personally owned server, which was ultimately hacked by a third-party.

"Given the dangers and impact of cyber breaches, data security is a critically important aspect of investor protection. We expect SEC registrants of all sizes to have policies and procedures that are reasonably designed to protect customer information," said Andrew Ceresney, director of the SEC Enforcement Division, as quoted by USA Today.

Marsh pleaded guilty to obtaining unauthorised access to a computer. In December of 2015, he was sentenced to 36 months of probation and a $600,000 restitution fine.

The SEC said Morgan Stanley violated Rule 30(a) of Regulation S-P by failing to conduct a recent audit of its authorisation systems, which it claims would "likely have revealed the deficiencies." It went on to say that the bank did not monitor or analyse employee access to portals containing sensitive data.

 

Symantec grabs Blue Coat Systems for $4.65 billion
http://techcrunch.com/2016/06/13/symantec-grabs-blue-coat-systems-for-4-65-billion/

Symantec announced over night it had purchased Blue Coat Systems for $4.65 billion with the hopes of creating an enterprise security juggernaut.

As part of the deal, Blue Coat CEO Greg Clark will take over the same role at Symantec. The company has been operating since April without one when Michael A. Brown stepped down.

It was a stunning turn of events for Blue Coat, which was sold just last year to Bain Capital for $2.4 billion. By all reports, Bain intended to take Blue Coat public this year until they received and overwhelming offer from Symantec.

Bain makes a tidy profit off of the deal just a year after buying Blue Coat and intends to take $750 million of the proceeds and plow it back into the combined business.

With Blue Coat, the two companies are combining to create an enterprise security giant. The fact is what you have is two large companies with lots of customers and revenue, but that are under pressure from an increasingly competitive security market, hoping that the combined entity can do better than they could alone.

“Together, we will be best positioned to address the ever-evolving threat landscape, the massive changes introduced by the shift to mobile and cloud, and the challenges created by regulatory and privacy concerns,” Dan Schulman, Chairman of Symantec said in a statement.


DeRay Mckesson’s Twitter account hacked with just his name and four digits
https://nakedsecurity.sophos.com/2016/06/14/deray-mckessons-twitter-account-hacked-with-just-his-name-and-four-digits/

It’s a whole lot out of character for Black Lives Matter activist and politician DeRay Mckesson to proclaim support for Donald Trump.

But on Friday morning, as his friends informed him, Mckesson’s Twitter feed started spewing Trump endorsements and proclamations that “I’m not actually black.”

Of course, it turned out that Mckesson’s Twitter account had been hijacked.

That’s not terribly surprising, in lieu of the fact that 33 million Twitter logins were put up for sale last week.

In fact, he was doing what security people, and Twitter, tell people to do: he was using two-factor authentication (2FA) to protect his account.

Yet still, in spite of good security hygiene, as has happened to plenty of celebrities before him – Mark Zuckerberg being the latest – somebody managed to take control of Mckesson’s account.

After he regained control of his Twitter account, he explained that the attackers managed to do the deed by convincing Verizon to reset his SIM. That way, the hijacker or hijackers managed to set it up so they could intercept text messages intended for Mckesson and thereby bypass the 2FA that otherwise should have kept his account secure.

Related article: Your mobile phone account could be hijacked by an identity thief


Russian government hackers penetrated DNC, stole opposition research on Trump

https://www.washingtonpost.com/world/national-security/russian-government-hackers-penetrated-dnc-stole-opposition-research-on-trump/2016/06/14/cf006cb4-316e-11e6-8ff7-7b6c1998b7a0_story.html

Russian government hackers penetrated the computer network of the Democratic National Committee and gained access to the entire database of opposition research on GOP presidential candidate Donald Trump, according to committee officials and security experts who responded to the breach.

The intruders so thoroughly compromised the DNC’s system that they also were able to read all email and chat traffic, said DNC officials and the security experts.

The intrusion into the DNC was one of several targeting American political organizations. The networks of presidential candidates Hillary Clinton and Donald Trump were also targeted by Russian spies, as were the computers of some GOP political action committees, U.S. officials said. But details on those cases were not available.

A Russian Embassy spokesman said he had no knowledge of such intrusions.

Some of the hackers had access to the DNC network for about a year, but all were expelled over the past weekend in a major computer cleanup campaign, the committee officials and experts said.


Chrome Bug Enabled Crooks to Send Malicious Code to Your Browser as PDF Files
http://news.softpedia.com/news/chrome-bug-enabled-crooks-to-send-malicious-code-to-your-browser-as-pdf-files-505068.shtml

Google has recently patched a high severity security bug in the Chrome browser that allowed crooks to send malicious code to your browser and take over your entire system.

The issue, tracked by the CVE-2016-1681 identifier, affects the browser's built-in PDF reader called PDFium.

Google patched the issue with the release of Chrome 51.0.2704.63, released on May 25. In the meantime, Chrome released another wave of security updates at the start of June.

Cisco's Aleksandar Nikolic was the researcher that discovered and reported the issue to Google, who even awarded him $3,000 for his efforts.

According to the researcher's account, the issue was discovered six days earlier, on May 19, and Google's team fixed it right away.

Nikolic says that CVE-2016-1681 allowed attackers to embed a JPEG2000 image inside a PDF file, which when opened inside a vulnerable Chrome browser, would have triggered a buffer overflow that enabled the threat actor to run arbitrary code on the victim's machine.

The actual vulnerability was not in Chrome or PDFium, but in the OpenJPEG library that parses JPEG2000 files before being displayed inside the browser.

 

Reboot It! Episode 47 - With Rick Hayes and Benny Karnes - Swift and is Facebook Eavesdropping on you?

securewvhackerconheader.

Upcoming Conferences

SecureWV/Hack3rCon
When: November 18-20
Where: Charleston, WV
http://securewv.com/ 
CFP is Open!
Tickets are on sale!

DerbyCon 6
When: September 21-25, 2016
Where: Louisville, KY
http://derbycon.com
CFP is Open!

Stories

North Korea fingered in Swift payments systems cyber heists http://www.theinquirer.net/inquirer/news/2459810/north-korea-fingered-in-swift-payments-systems-cyber-heists

“CYBER ATTACKS on the Swift payment system have been linked to North Korea by security researchers following an analysis of the malware code that showed similarities with malware used in attacks since 2009.

This would not be the first time that North Korea has been implicated in criminal activity. The country's leadership has been linked with a high-quality counterfeiting operation and the mass production and distribution of methamphetamine.

Analysis by security firm Symantec indicates that a hacking group called Lazarus is behind the attacks. The group was responsible for a number of sophisticated attacks on targets in the US and South Korea.

"Symantec believes that distinctive code shared between [malware] families, and the fact that Backdoor.Contopee [linked with Lazarus] was being used in limited targeted attacks against financial institutions in the region, means that these tools can be attributed to the same group," the firm said.

"Backdoor.Contopee has been used by attackers associated with a broad threat group known as Lazarus. Lazarus has been linked to a string of aggressive attacks since 2009, largely focused on targets in the US and South Korea.”

Facebook using people’s phones to listen in on what they’re saying, suggests professor
http://www.independent.co.uk/life-style/gadgets-and-tech/news/facebook-using-people-s-phones-to-listen-in-on-what-they-re-saying-claims-professor-a7057526.html
“Facebook could be listening in on people’s conversations all of the time, an expert has claimed.

The app might be using people’s phones to gather data on what they are talking about, it has been claimed.

Facebook says that its app does listen to what’s happening around it, but only as a way of seeing what people are listening to or watching and suggesting that they post about it. 

The feature has been available for a couple of years, but recent warnings from Kelli Burns, mass communication professor at the University of South Florida, have drawn attention to it.

Professor Burns has said that the tool appears to be using the audio it gathers not simply to help out users, but might be doing so to listen in to discussions and serve them with relevant advertising. She says that to test the feature, she discussed certain topics around the phone and then found that the site appeared to show relevant ads.”


All your disk image are belong to us, says US appeals court (Arstechnica):
http://arstechnica.co.uk/tech-policy/2016/05/feds-can-keep-your-hard-drives-indefinitely-and-search-them-too/?utm_source=fark&utm_medium=website&utm_content=link

Court says all your files are ripe for seizure—Fourth Amendment doesn't apply.

The government can prosecute and imprison people for crimes based on evidence obtained from their computers—even evidence retained for years that was outside the scope of an original probable-cause search warrant, a US federal appeals court has said in a 100-page opinion paired with a blistering dissent.

The 2nd US Circuit Court of Appeals ruled that there was no constitutional violation because the authorities acted in good faith when they initially obtained a search warrant, held on to the files for years, and built a case unrelated to the original search.

The case posed a vexing question—how long may the authorities keep somebody's computer files that were obtained during a search but were not germane to that search? The convicted accountant said that only the computer files pertaining to his client—who was being investigated as part of an Army overbilling scandal—should have been retained by the government during a 2003 search. All of his personal files, which eventually led to his own tax-evasion conviction, should have been purged, he argued.


Eric Holder says Edward Snowden performed a 'public service' (Slashdot)
Slashdot: https://slashdot.org/story/311847
Original (CNN): http://www.cnn.com/2016/05/30/politics/axe-files-axelrod-eric-holder/index.html

From Slashdot: Former U.S. Attorney General Eric Holder says Edward Snowden performed a "public service" by triggering a debate over surveillance techniques, but still must pay a penalty for illegally leaking a trove of classified intelligence documents. "We can certainly argue about the way in which Snowden did what he did, but I think that he actually performed a public service by raising the debate that we engaged in and by the changes that we made," Holder told David Axelrod on "The Axe Files," a podcast produced by CNN and the University of Chicago Institute of Politics. "Now I would say that doing what he did -- and the way he did it -- was inappropriate and illegal," Holder added. "I think that he's got to make a decision. He's broken the law in my view. He needs to get lawyers, come on back, and decide, see what he wants to do: Go to trial, try to cut a deal. I think there has to be a consequence for what he has done." "But," Holder emphasized, "I think in deciding what an appropriate sentence should be, I think a judge could take into account the usefulness of having had that national debate."


MySpace And Tumblr Accounts Leaked From 2013 Breaches (Dark Reading):
Dark Reading: http://www.darkreading.com/cloud/myspace-and-tumblr-accounts-leaked-from-2013-breaches/d/d-id/1325738? 
BBC: http://www.bbc.com/news/technology-36416855

From Dark Reading: Timing of release of hacked details from different sites may be deliberate, says researcher.

Social networking sites MySpace and Tumblr were reportedly breached several years ago but stolen IDs of millions via the attacks were recently put up for sale, reports BBC. The details were leaked only last month when news broke of 167 million LinkedIn account details being available online after a 2012 hack.

It's unclear whether the timing of these leaks were planned or coincidental, according to BBC, and whether there are more to come.

Security researcher Troy Hunt said there must be "some catalyst" behind the releases and adds that millions of IDs from adult dating site Fling have also been put on sale now, although Fling was hacked way back in 2011.

The Tumblr dump is "just a list of emails," according to news site Motherboard, and available at a lower price, while around 360.2 million MySpace accounts are on offer at a higher price. Account status of Tumblr, Fling and LinkedIn can be checked at the data dump on Hunt’s Have I Been Pwned.


Got $90,000? A Windows 0-Day Could Be Yours:
https://krebsonsecurity.com/2016/05/got-90000-a-windows-0-day-could-be-yours/

How much would a cybercriminal, nation state or organized crime group pay for blueprints on how to exploit a serious, currently undocumented, unpatched vulnerability in all versions of Microsoft Windows? That price probably depends on the power of the exploit and what the market will bear at the time, but here’s a look at one convincing recent exploit sales thread from the cybercrime underworld where the current asking price for a Windows-wide bug that allegedly defeats all of Microsoft’s current security defenses is USD $90,000.

So-called “zero-day” vulnerabilities are flaws in software and hardware that even the makers of the product in question do not know about. Zero-days can be used by attackers to remotely and completely compromise a target — such as with a zero-day vulnerability in a browser plugin component like Adobe Flash or Oracle’s Java. These flaws are coveted, prized, and in some cases stockpiled by cybercriminals and nation states alike because they enable very stealthy and targeted attacks.

The $90,000 Windows bug that went on sale at the semi-exclusive Russian language cybercrime forum exploit[dot]in earlier this month is in a slightly less serious class of software vulnerability called a “local privilege escalation” (LPE) bug. This type of flaw is always going to be used in tandem with another vulnerability to successfully deliver and run the attacker’s malicious code.

TeamViewer User Claims Accounts Hacked, Service Goes Offline With Server Issues

http://www.inquisitr.com/3156809/teamviewer-accounts-hacked-users-claim/
TeamViewer is a remote desktop connection software that allows users to share screens and allow remote access from anywhere in the world. In the past 24 hours, many customers have made unverified claims that their computers were maliciously accessed by hackers. According to these sources, hackers are using TeamViewer to access the computers late at night, out of standard USA working hours, and accessing bank accounts using saved browser passwords, or installing forms of ransomware. As of 12 p.m. Wednesday, the TeamViewer website was offline, with their Twitter being the only form of comment so far from the company. TeamViewer later stated that these claims of hacking attacks were not related to the website outage.

Some users who use two-factor authentication have still experienced malicious logins. Other tips include using passwords unique to TeamViewer and using a combination of uppercase and lowercase letters, numbers, and symbols.


Other Links
Breached Passwords Leak Look-Up Sites
Leaked Source - https://www.leakedsource.com/main/
Breached or Clear - http://breachorclear.jesterscourt.cc/

Digital Forensic Cyber Camp (July 12-14) http://epay.wvsto.com/MarshallContinuingEducation/Digital-Forensic-Cyber-Camp-July-12-14-P3.aspx
Digital Forensic Cyber Camp (June 28-30)
http://epay.wvsto.com/MarshallContinuingEducation/Digital-Forensic-Cyber-Camp-June-28-30-P1.aspx

Reboot It! Episode 42 with Rick Hayes and Benny Karnes of 304 Geeks

SecureWV/Hack3rcon this year will be November 18-20, 2016 in South Charleston, WV, the Marshall University CCDC, the news of the day including the Norse implosion, wireless insecurity, the recent NSA TAO talk,  cyber and cybersecurity, Shodan, cross-device tracking technology, Nespresso, the Altwork Station, Under-The-Jack PackDerbyCon 6 dates and information, Modere, information sharing, threat intelligence, and a bunch of other stuff.

Reboot It! Episode 41 with Benny Karnes

This week we talk to 304Geeks Vice President Benny Karnes. Dates for SecureWV/Hack3rcon 7 are Nov. 11, 12, and 13th. We also talk about AIDE 2016, SecureWV 2015, targeted Facebook ads, the end of the Java plug-in, the end of flash,and the  Reaver Pro, and Hak5 Wifi Pineapple Nano Evaluation and Development Kit

Please vote for Reboot It! for the Best New Security Blog or Podcast. We were not nominated so please write us in: https://www.surveymonkey.com/r/TMRP8Z5

Reboot It! Episode 40 with Bryan and Brian of the Brakeing Down Security Podcast

This week I talk to Bryan and Brian of the Brakeing Down Security Podcast about the challenges of doing podcasts, the OSCP, the value of certifications, my teaching at Marshall University, writing books, finding and dealing with show guests, Debycon, Hackers For Charity, security awareness training, cyber insurance, the Hatfield and McCoy's, the West Virginia economy, Bob stories, World of Warcraft, and a bunch of other stuff.