image
FIR (Fast Incident Response) is an cybersecurity incident management platform designed with agility and speed in mind. It allows for easy creation, tracking, and reporting of cybersecurity incidents. FIR is for anyone needing to track cybersecurity incidents (CSIRTs, CERTs, SOCs, etc.). It was tailored to suit our needs and our team’s habits, but we put a great deal of effort into making it as generic as possible before releasing it so that other teams around the world may also use it and customize it as they see fit. See the wiki for the user manual and more screenshots ! Installation There are two ways to install FIR. If you want to take it for a test-drive, just follow the instructions for setting up a development environment in the Wiki. If you like it and want to set it up for production, here’s how to do it . A dockerfile for running a dev-quality FIR setup is also available in docker/Dockerfile . Deploy to Heroku via fir/heroku_settings.py Community A dedicated users mailing list is available https://groups.google.com/d/forum/fir-users Technical specs FIR is written in Python (but you probably already knew that), using Django 1.9. It uses Bootstrap 3 and some Ajax and d3js to make it pretty. We use it with a MySQL back-end, but feel free to use any other DB adaptor you might want – as long as it’s compatible with Django, you shouldn’t run into any major issues. FIR is not greedy performance-wise. It will run smoothly on a Ubuntu 14.04 virtual machine with 1 core, a 40 GB disk and 1 GB RAM. Download FIR

image
By Waqas Pwn2Own 2019 has yet again proved that a secure system is nothing else but a myth. In its two days running, the contest has claimed many high-profile victims including the likes of Tesla, Firefox, and Safari. Pwn2Own is an annual hacking contest held in Vancouver alongside the CanSecWest conference. In the contest, hackers are required […] This is a post from HackRead.com Read the original post: Firefox, Edge, Safari, Tesla & VMware pwned at Pwn2Own

Source

image
By ghostadmin The Department of Homeland Security’s Office of the Inspector General has released a report revealing that FEMA (Federal Emergency Management Agency) couldn’t protect the private and confidential information of about 2.3 million hurricane survivors. In 2017, residents of Harvey, Maria, Irma, and California wildfires and hurricanes were offered Transitional Sheltering Assistance (TSA), which is a […] This is a post from HackRead.com Read the original post: FEMA leaks sensitive details of 2.3 million disaster survivors

Source

image
Identify technologies used on websites. More info on the release’s blogpost . CLI Installation WebTech is available on pip: pip install webtech It can be also installed via setup.py: python setup.py install –user Burp Integration Download Jython 2.7.0 standalone and install it into Burp. In “Extender” > “Options” > “Python Environment”: Select the Jython jar location Finally, in “Extender” > “Extension”: Click “Add” Select “py” or “Python” as extension format Select the Burp-WebTech.py file in this folder Usage Scan a website: $ webtech -u https://example.com/ Target URL: https://example.com … $ webtech -u file://response.txt Target URL: … Full usage: $ webtech -h Usage: webtech [options] Options: -h, –help show this help message and exit -u URLS, –urls=URLS url(s) to scan –ul=URLS_FILE, –urls-file=URLS_FILE url(s) list file to scan –ua=USER_AGENT, –user-agent=USER_AGENT use this user agent –rua, –random-user-agent use a random user agent –db=DB_FILE, –database-file=DB_FILE custom database file –oj, –json output json-encoded report –og, –grep output grepable report Resources for database matching HTTP Headers information – http://netinfo.link/http/headers.html Cookie names – https://webcookies.org/top-cookie-names Download Webtech

image
We are excited to announce this major release of auditing tool Lynis . Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security auditing tool. Used by system administrators, security professionals, and auditors, to evaluate the security defenses of their Linux and UNIX-based systems. It runs on the host itself, so it performs more extensive security scans than vulnerability scanners. Supported operating systems The tool has almost no dependencies, therefore it runs on almost all Unix-based systems and versions, including: AIX FreeBSD HP-UX Linux Mac OS NetBSD OpenBSD Solaris and others It even runs on systems like the Raspberry Pi and several storage devices! Installation optional Lynis is light-weight and easy to use. Installation is optional: just copy it to a system, and use “./lynis audit system” to start the security scan. It is written in shell script and released as open source software ( GPL ). How it works Lynis performs hundreds of individual tests, to determine the security state of the system. The security scan itself consists of performing a set of steps, from initialization the program, up to the report. Steps Determine operating system Search for available tools and utilities Check for Lynis update Run tests from enabled plugins Run security tests per category Report status of security scan Besides the data displayed on the screen, all technical details about the scan are stored in a log file. Any findings (warnings, suggestions, data collection) are stored in a report file. Opportunistic Scanning Lynis scanning is opportunistic: it uses what it can find. For example, if it sees you are running Apache, it will perform an initial round of Apache related tests. When during the Apache scan it also discovers an SSL/TLS configuration, it will perform additional auditing steps on that. While doing that, it then will collect discovered certificates so they can be scanned later as well. In-depth security scans By performing opportunistic scanning, the tool can run with almost no dependencies. The more it finds, the deeper the audit will be. In other words, Lynis will always perform scans which are customized to your system. No audit will be the same! Use cases Since Lynis is flexible, it is used for several different purposes. Typical use cases for Lynis include: Security auditing Compliance testing (e.g. PCI, HIPAA, SOx) Vulnerability detection and scanning System hardening Resources used for testing Many other tools use the same data files for performing tests. Since Lynis is not limited to a few common Linux distributions, it uses tests from standards and many custom ones not found in any other tool. Best practices CIS NIST NSA OpenSCAP data Vendor guides and recommendations (e.g. Debian Gentoo, Red Hat) Lynis Plugins Plugins enable the tool to perform additional tests. They can be seen as an extension (or add-on) to Lynis, enhancing its functionality. One example is the compliance checking plugin, which performs specific tests only applicable to some standard. Changelog Upgrade note ## Lynis 2.7.3 (2019-03-21) ### Added – Detection for Lynis being scheduled (e.g. cronjob) ### Changed – HTTP-6624 – Improved logging for test – KRNL-5820 – Changed color for default fs.suid_dumpable value – LOGG-2154 – Adjusted test to search in configuration file correctly – NETW-3015 – Added support for ip binary – SQD-3610 – Description of test changed – SQD-3613 – Corrected description in code – SSH-7408 – Increased values for MaxAuthRetries – Improvements to allow tailored tool tips in future – Corrected detection of blkid binary – Minor textual changes and cleanups Download Lynis 2.7.2 *[ GPL ]: GNU Public License

image
By Waqas T-Series – PewDiePie Battle Takes an Ugly Turn- PewDiePie Fans Launching PewDiePie ransomware to Get Followers. The battle between T-Series and PewDiePie for the top slot on YouTube is getting more fierce and dramatic day by day. Where T-Series fans are supporting the Indian music company, PewDiePie fans have resorted to extreme measures in making […] This is a post from HackRead.com Read the original post: PewDiePie ransomware forcing users to subscribe him on YouTube

Source

image
Sms Stack is a Framework to provided TPC/IP based characteristics to the GSM Short Message Service. This framework works in multiple environments to provided a full stack integration in a service. The main layer features techniques to control the order and the number of sms for a given stream, and a layer of security with AES + CTR cypher. You can easily implement your own protocol on the top of the stack of Sms Stack and add new features to an Sms Based communication between devices. Prerequisities You can download use sms-stack in multiple environments in order to implement it in multiple scenearios. Typescript Npm – https://www.npmjs.com Nodejs – https://nodejs.org/en/ Typescript – https://www.typescriptlang.org/#download-links Python Python 3.4 or higher – https://www.python.org/downloads/ Pip – https://pypi.org/project/pip/ Android Android API 23 (6.0) or higher – https://developer.android.com/about/versions/marshmallow/android-6.0 Android Studio + Gradle (With JUnit) – https://developer.android.com/studio/install Usage Simply add the framework in one of each repositories given in your repository. Typescript npm install sms-stack 1.x.x Python pip install sms stack 0.x.x Android Add in the gradle app file implementation ‘com.example.smstcplibrary:smsstack:0.x.x For further implementation, please use the given wiki SMS Stack scheme Contact THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. This software doesn’t have a QA Process. This software is a Proof of Concept. If you have any problems, you can contact: [email protected] – _ Ideas Locas CDO – Telefónica _ [email protected] – _ Ideas Locas CDO – Telefónica _ [email protected] – _ Ideas Locas CDO – Telefónica _ For more information please visit https://www.elevenpaths.com . Download SDK-SMS-Stack

image
By Waqas Defibrillators are electronic devices manufactured to save the lives of people with life-threatening heart conditions such as Hypertrophic Cardiomyopathy (HCM). But now, according to the Department of Homeland Security (DHS), Medtronic defibrillators are vulnerable to cyber attacks allowing hackers to remotely control the device within “short-range access.” In total, 20 Medtronic products are vulnerable affecting over […] This is a post from HackRead.com Read the original post: Medtronic defibrillators vulnerable to life threatening cyber attacks

Source

image
Four people have been arrested for taking secret videos of guests at motels and live-streaming them to paying audiences. According to Seoul police, the perps filmed about 1,600 motel guests in the past year in various states of undress and having sex. They did so with tiny wireless spy cameras set up in 42 motel rooms at 30 motels across South Korea, in 10 cities. The devices were hidden inside TVs, hair dryer holsters and electrical outlets. The filming took place between last Nov. 24 and March 2, the authorities said, with the livestreamed feeds beamed out globally. The voyeur gang raked in $6,200 for the feeds from 97 paid users of an undisclosed website; in all, there were 803 illegally filmed videos. The suspects will face up to five years in jail and a penalty of about $26,000 for illegally distributing videos, and up to a year and almost $9,000 for distributing pornography. “The police agency strictly deals with criminals who post and share illegal videos as they severely harm human dignity,” said an official of Seoul Metropolitan Police Agency’s cyber investigation unit, speaking to the Korea Herald. Secretly filming unwitting victims is not unheard of, unfortunately, but the motel angle is a new wrinkle. Last year, several Android apps were discovered with “alarming” privacy holes – enabling mobile apps to take and share screenshots and video of the phones’ app activity without users’ knowledge. Researchers from Northeastern University examined 17,260 apps from marketplaces Google Play, AppChina, Mi.com and Anzhi; while a large fraction of apps are not abusing this ability to record media on mobile phones, the researchers did discover a “few instances” of covert recording. The IoT space opens up more vectors for video spying as well. Researchers for instance last year uncovered vulnerabilities in Dongguan Diqee 360 vacuum cleaners, which have a webcam with night vision and smartphone-controlled navigation controls. The flaws would allow attackers to eavesdrop, perform video surveillance and steal private data from victims.

Source

image
Hackers took down the Mozilla Firefox and Microsoft Edge browsers on Thursday at Pawn2Own, the annual hacking conference held in tandem with CanSecWest, as the competition continued for a second day. The dynamic hacking duo of Amat Cama and Richard Zhu, which make up team Fluoroacetate, had another good day, following Wednesday’s successes. The two trained their skills first on Mozilla Firefox, leveraging a JIT bug in the browser, followed up by an out-of-bounds write exploit in the Windows kernel. The one-two punch allowed Fluoroacetate to take over the targeted system. “They were able to execute code at SYSTEM level just by using Firefox to visit their specially crafted website,” wrote Zero Day Initiative in a write-up of the day’s hacking results. For their efforts the two earned $50,000. The @fluoroacetate duo does it again. They used a type confusion in #Edge, a race condition in the kernel, then an out-of-bounds write in #VMware to go from a browser in a virtual client to executing code on the host OS. They earn $130K plus 13 Master of Pwn points. pic.twitter.com/mD13kozJLv — Zero Day Initiative (@thezdi) March 21, 2019 The story of the day continued to be Cama and Zhu, who earned an additional $130,000 for a “masterfully crafted exploit chain” that eventually lead to the owning the underlying hypervisor of a VMware Workstation, ZDI reported. That hack began on VMware Workstation where Fluoroacetate opened an Edge browser and visited a booby-trapped website that contained a confusion bug. Next, Cama and Zhu used a race condition in the Windows kernel followed by an out-of-bounds write in VMware workstation that linked to executing code on the underlying hypervisor. Arthur Gerkis of Exodus Intelligence Adding both day’s awards together, Fluoroacetate has so far earned $340,000 in the Pawn2Own competition this year. Mozilla’s Firefox browser went down a second time Thursday, thanks to hacker Niklas Baumstark. He was able to execute code at the system level of a PC by leveraging a JIT bug in Firefox. “In a real-world scenario, an attacker could use this to run their code on a target system at the level of the logged-on user,” ZDI wrote. The successful exploit earned Baumstark $40,000. A researcher named Arthur Gerkis, with Exodus Intelligence, was the final contestant and a newcomer to the Pwn2Own competition. His target was also Microsoft’s Edge browser. “[Gerkis] wasted no time by using a double free bug in the renderer followed by a logic bug to bypass the sandbox,” ZDI wrote. For his effort, the researcher earned $50,000. Day three of the competition closes out the Pawn2Own event with a automotive category.

Source