See on Scoop.it – STO_STRATEGY
[ View the story “Latest Sec Events News” on Storify]
See on sto-strategy.com
See on Scoop.it – STO_STRATEGY
[ View the story “Latest Sec Events News” on Storify]
See on sto-strategy.com
See on Scoop.it – STO_STRATEGY
With the ever growing threat of cyber-attacks on government critical
infrastructure there is no better time to come together and discuss the
latest threats being seen to breach public sector computer systems.
European governments are now working together and with the private sector
to strengthen their defence.
See on sto-strategy.com
See on Scoop.it – STO_STRATEGY
See on sto-strategy.com
See on Scoop.it – IT SEC TOOLS
IT pro gets 4 years in prison for sabotaging ex-employer’s system
“A former network engineer for oil and gas company EnerVest has been
sentenced to four years in federal prison after pleading guilty in
January to sabotaging the company’s systems badly enough to disrupt its
business operations for a month. Ricky Joe Mitchell of Charleston, West
Virginia, must also pay $428,000 in restitution and a $100,000 fine,
according to an announcement this week from U.S. Attorney Booth
Goodwin’s office. In June 2012, Mitchell found out he was going to be
fired from EnerVest and in response he decided to reset the company’s
servers to their original factory settings. He also disabled cooling
equipment for EnerVest’s systems and disabled a data-replication
process.”Data Breach at American Institutes for Research Exposes 6,500 Employees’
Info“About 6,500 current and former employees of the American Institutes
for Research (AIR) may have had unencrypted information – including
Social Security numbers and payment card information – compromised
after unauthorized access was gained to one of the organization’s
servers.
How many victims? About 6,500.
What type of personal information? Social Security numbers and payment
card information is among the unencrypted data that was compromised.
What happened? Unauthorized access was gained to an AIR server that
contained the information.
What was the response? AIR brought on a digital forensics firm to carry
out an investigation. All impacted employees are being notified and
offered a free year of credit monitoring services.
Details: AIR learned of the incident on May 12. Notification letters
are dated May 14. The breach impacted business systems, and student and
client information was not affected.
Quote: “At this point, we have no evidence that any information was
accessed or misused,” according to a notification letter from David
Myers, president and CEO of AIR”—
http://blogs.edweek.org/edweek/DigitalEducation/2014/05/data_breach_at_major_k-12_rese.htmlVisa, MasterCard renew push for chip cards
“Visa and MasterCard are renewing a push to speed the adoption of
microchips into U.S. credit and debit cards in the wake of recent
high-profile data breaches, including this week’s revelation that
hackers stole consumer data from eBay’s computer systems.
Card processing companies argue that a move away from the black
magnetic strips on the backs of credit cards would eliminate a
substantial amount of U.S. credit card fraud. They say it’s time to
offer U.S. consumers the greater protections microchips provide by
joining Canada, Mexico and most of Western Europe in using cards with
the more advanced technology.
Chips aren’t perfect, says Carolyn Balfany, MasterCard’s group head for
U.S. product delivery, but the extra barrier they present is one of the
reasons criminals often choose to target U.S.-issued cards, whose
magnetic strips are easy to replicate.”— http://news.yahoo.com/visa-mastercard-renew-push-chip-181248195.html
eBay, Security Experts Say Database Dump is Fake
“Security experts and eBay have confirmed that a recent user database
being advertised on Pastebin was not obtained as a result of the data
breach suffered by the online marketplace earlier this year.
On May 21, eBay admitted that its corporate network had been breached
sometime between late February and early March 2014. The attackers
compromised the login credentials of a small number of employees and
used the data to gain access to the details of eBay’s 145 million
customers. The breach was discovered only in early May.
While there’s no evidence that financial information has been
compromised, or that PayPal customers are impacted, the cybercriminals
have managed to gain access to names, email addresses, physical
addresses, phone numbers, dates of birth and encrypted passwords.
It’s uncertain who is behind the attack, but other cybercriminals and
scammers are already trying to profit from the incident. Experts have
reported seeing a higher number of PayPal and eBay phishing attacks,
and, a post on Pastebin was found offering to sell 145,312,663 eBay
customer records for 1.453 Bitcoin (around $750).”— http://www.securityweek.com/ebay-security-experts-say-database-dump-fake
See on sto-strategy.com
See on Scoop.it – IT SEC TOOLS
Reuters reports that the U.S. Department of Homeland Security (DHS) has
acknowledged that an unidentified public utility in the U.S. was recently
compromised by a sophisticated hacker group.In a report [PDF], DHS’ Industrial Control Systems Cyber Emergency Response
Team (ICS-CERT) explained that the software used to mange the utility’s
control system was accessible via the Internet. “The systems were
configured with a remote access capability, utilizing a simple password
mechanism; however, the authentication method was susceptible to compromise
via standard brute forcing techniques,” the report states.An ICS-CERT investigation found that the system had been breached
previously, and worked with the utility’s owners to evaluate the overall
security of their infrastructure and to make practical recommendations for
securing the control network.ICS-CERT Monitor Jan-April2014
See on sto-strategy.com
See on Scoop.it – IT SEC TOOLS
Encrypted File Scanner v1.6 is the free tool to quickly scan and discover
all the secret Encrypted files on Windows system.http://securityxploded.com/encrypted-file-scanner.php
LDAP Password Kracker v2.0
LDAP Password Kracker is a free tool to recover the lost password from any
LDAP Directory Server. It supports password recovery over normal LDAP (port
389) as well as LDAP SSL (port 636) protocol.
See on sto-strategy.com
See on Scoop.it – STO_STRATEGY
IQPC 2nd Annual Cyber Security for Oil and Gas Summit will address the
major cyber security issues facing the oil and gas industry as a whole and
will provide a platform for IT and cyber security professionals to share
their wisdom, experience, and thoughts on the future of this complex and
often unknown threat to their enterprises.For more information on speakers view brochure here (http://bit.ly/1c22jw1
)Don’t forget to mention promo code CYBER_HAKIN to receive a 20% DISCOUNT!
See on sto-strategy.com
See on Scoop.it – STO_STRATEGY
Enterprise Apps Conference & Event: Apps World, one of the world’s leading
multi-platform events in the apps industry brings you Enterprise Apps
World. A two day show, co-hosted with Cloud World Forum, that will look at
all the implications of going mobile in the workplace and how enterprise
apps can help.
See on sto-strategy.com
See on Scoop.it – STO_STRATEGY
Grabbed from Exploit-DB
Reverse Engineering of x86 Linux Shellcodes the Easy Way
See on sto-strategy.com
See on Scoop.it – STO_STRATEGY
Bypassing SSL Pinning on Android via Reverse Engineering
See on sto-strategy.com