Equation Group

O estranho caso do Equation Group:

In 2009, one or more prestigious researchers received a CD by mail that contained pictures and other materials from a recent scientific conference they attended in Houston. The scientists didn't know it then, but the disc also delivered a malicious payload developed by a highly advanced hacking operation that had been active since at least 2001. The CD, it seems, was tampered with on its way through the mail. (...)

Taken together, the accomplishments led Kaspersky researchers to conclude that Equation Group is probably the most sophisticated computer attack group in the world, with technical skill and resources that rival the groups that developed Stuxnet and the Flame espionage malware.




Hackers roubam centenas de milhões a bancos

Bank Hackers Steal Millions via Malware
New York Times / Kaspersky

Since late 2013, an unknown group of hackers has reportedly stolen $300 million ­— possibly as much as triple that amount — from banks across the world, with the majority of the victims in Russia.


notícia completa

CryptoCurrency Security Standard (CCSS)




Introducing the CryptoCurrency Security Standard (CCSS)

The C4 mission statement is to develop and maintain standards that will benefit the cryptocurrency ecosystem. We accomplish this mission with the collaboration of the brightest minds in our space and have met success with each of our prior projects. Today, after months of working with extremely knowledgeable partners on this critical project, BitGo and C4 are proud to jointly announce the release of the draft CryptoCurrency Security Standard (CCSS) for public discussion.

(...)

The full whitepaper can be downloaded here: https://cryptoconsortium.org/ccss/CCSS.zip

The latest draft of the CryptoCurrency Security Standard is published online via GitHub at http://cryptoconsortium.github.io/CCSS/

artigo completo

Kali Linux 1.1.0

Saiu a versão 1.1.0 do Kali Linux!

"After almost two years of public development (and another year behind the scenes), we are proud to announce our first point release of Kali Linux – version 1.1.0. This release brings with it a mix of unprecedented hardware support as well as rock solid stability. For us, this is a real milestone as this release epitomizes the benefits of our move from BackTrack to Kali Linux over two years ago. As we look at a now mature Kali, we see a versatile, flexible Linux distribution, rich with useful security and penetration testing related features, running on all sorts of weird and wonderful ARM hardware."

De hackers a empresários

Um artigo muito interessante sobre como na Europa de Leste surgiram inúmeros hackers que posteriormente se tornaram especialistas de segurança:

How Eastern Europe's villains changed sides in the malware war - and made you protect your PC



blogs de segurança

41 Amazing Internet Security Blogs You Should Be Reading


Blackhat - o filme

Uma análise interessante sobre o filme Blackhat do ponto de vista dos profissionais da segurança:

Blackhat movie: the good the bad and the ugly - CSO Online

Em resumo:

  • Good: The IoT attack was real
  • Bad: ... but the IoT attacks made no sense
  • Ugly: ... the criminal hacker is the one genius who can fix things



BadIRET

Um artigo muito interessante sobre explorar a vulnerabilidade BadIRET:

Exploiting “BadIRET” vulnerability (CVE-2014-9322, Linux kernel privilege escalation)
Br Labs

Inclui esta banda desenhada esquisita: