Researchers show how rogue web applications can be used to attack vulnerable browser extensions in a hack that gives adversaries access to private user data.

Source

The French Data Protection Authority (DPA) found a lack of transparency when it comes to how Google harvests and uses personal data for ad-targeting purposes.

Source

Just in time…

Cybersecurity experts this week fighting over Twitter in favor of not using HTTPS and suggesting software developers to only rely on signature-based package verification just because APT on Linux also does the same.

Just today, a security researcher revealed details of a critical remote code execution flaw in Linux APT, exploitation of which could have been mitigated if the

Source

Conpot is an ICS honeypot with the goal to collect intelligence about the motives and methods of adversaries targeting industrial control systems

Documentation
The build of the documentations source can be found here. There you will also find the instructions on how to install conpot and the FAQ.

Easy install using Docker

Via a pre-built image

  1. Install Docker
  2. Run docker pull honeynet/conpot
  3. Run docker run -it -p 80:80 -p 102:102 -p 502:502 -p 161:161/udp --network=bridge honeynet/conpot:latest /bin/sh
  4. Finally run conpot -f --template default

Navigate to http://MY_IP_ADDRESS to confirm the setup.

Build docker image from source

  1. Install Docker
  2. Clone this repo with git clone https://github.com/mushorg/conpot.git and cd conpot/docker
  3. Run docker build -t conpot .
  4. Run docker run -it -p 80:8800 -p 102:10201 -p 502:5020 -p 161:16100/udp -p 47808:47808/udp -p 623:6230/udp -p 21:2121 -p 69:6969/udp -p 44818:44818 --network=bridge conpot

Navigate to http://MY_IP_ADDRESS to confirm the setup.

Build from source and run with docker-compose

  1. Install docker-compose
  2. Clone this repo with git clone https://github.com/mushorg/conpot.git and cd conpot/docker
  3. Build the image with docker-compose build
  4. Test if everything is running correctly with docker-compose up
  5. Permanently run as a daemon with docker-compose up -d

Sample output
::

# conpot --template default  
_
___ ___ ___ ___ ___| |_
| _| . | | . | . | _|
|___|___|_|_| _|___|_|
|_|

Version 0.6.0
MushMush Foundation

2018-08-09 19:13:15,085 Initializing Virtual File System at ConpotTempFS/__conpot__ootc_k3j. Source specified : tar://conpot-0.6.0-py3.6/conpot/data.tar
2018-08-09 19:13:15,100 Please wait while the system copies all specified files
2018-08-09 19:13:15,172 Fetched x.x.x.x as external ip.
2018-08-09 19:13:15,175 Found and enabled ('modbus', ) protocol.
2018-08-09 19:13:15,177 Found and enabled ('s7comm', ) protocol.
2018-08-09 19:13:15,178 Found and enabled ('http', ) protocol.
2018-08-09 19:13:15,179 Found and enabled ('snmp', ) protocol.
2018-08-09 19:13:15,181 Found and enabled ('bacnet', ) protocol.
2018-08-09 19:13:15,182 Found and enabled ('ipmi', ) protocol.
2018-08-09 19:13:15,185 Found and enabled ('enip', ) protocol.
2018-08-09 19:13:15,199 Found and enabled ('ftp', ) protocol.
2018-08-09 19:13:15,206 Found and enabled ('tftp', <conpot.protocols.tftp.tftp_server.TftpServer object at 0x7f1af4fcef28$) protocol.
2018-08-09 19:13:15,206 No proxy template found. Service will remain unconfigured/stopped.
2018-08-09 19:13:15,206 Modbus server started on: ('0.0.0.0', 5020)
2018-08-09 19:13:15,206 S7Comm server started on: ('0.0.0.0', 10201)
2018-08-09 19:13:15,207 HTTP server started on: ('0.0.0.0', 8800)
2018-08-09 19:13:15,402 SNMP server started on: ('0.0.0.0', 16100)
2018-08-09 19:13:15,403 Bacnet server started on: ('0.0.0.0', 47808)
2018-08-09 19:13:15,403 IPMI server started on: ('0.0.0.0', 6230)
2018-08-09 19:13:15,403 handle server PID [23183] running on ('0.0.0.0', 44818)
2018-08-09 19:13:15,404 handle server PID [23183] responding to external done/disable signal in object 139753672309064
2018-08-09 19:13:15,404 FTP server started on: ('0.0.0.0', 2121)
2018-08-09 19:13:15,404 Starting TFTP server at ('0.0.0.0', 6969)

Intro video

WordPress Vulnerability Scanner – Scan for vulnerabilities, version, themes, plugins and much more!
WPintel allows you to scan self hosted WordPress sites.
With WPintel you can detect the following:
  • Version
  • Version vulnerabilities
  • Plugins
  • Themes
  • Users
and much more!
Although WPintel is designed for self hosted (wordpress.org) WordPress sites, some of it’s functionalities still work for sites hosted on wordpress.com.

Video

The French data protection watchdog CNIL has issued its first fine of €50 million (around $57 million) under the European Union’s new General Data Protection Regulation (GDPR) law that came into force in May last year.

The fine has been levied on Google for “lack of transparency, inadequate information and lack of valid consent regarding the ads personalization,” the CNIL (National Data

Source

Since most security tools also keep an eye on the network traffic to detect malicious IP addresses, attackers are increasingly adopting infrastructure of legitimate services in their attacks to hide their malicious activities.

Cybersecurity researchers have now spotted a new malware attack campaign linked to the notorious DarkHydrus APT group that uses Google Drive as its command-and-control (

Source

Malice’s mission is to be a free open source version of VirusTotal that anyone can use at any scale from an independent researcher to a fortune 500 company.

Try It Out

DEMO: demo.malice.io

  • username: malice
  • password: ecilam

Requirements

Hardware

  • ~16GB disk space
  • ~4GB RAM

Software

Getting Started (OSX)

Install

$ brew install maliceio/tap/malice
Usage: malice [OPTIONS] COMMAND [arg...]

Open Source Malware Analysis Framework

Version: 0.3.11

Author:
blacktop -

Options:
--debug, -D Enable debug mode [$MALICE_DEBUG]
--help, -h show help
--version, -v print the version

Commands:
scan Scan a file
watch Watch a folder
lookup Look up a file hash
elk Start an ELK docker container
plugin List, Install or Remove Plugins
help Shows a list of commands or help for one command

Run 'malice COMMAND --help' for more information on a command.

Scan some malware

$ malice scan evil.malware

NOTE: On the first run malice will download all of it’s default plugins which can take a while to complete.

Malice will output the results as a markdown table that can be piped or copied into a results.md that will look great on Github see here

Start Malice’s Web UI

$ malice elk

You can open the Kibana UI and look at the scan results here: http://localhost (assuming you are using Docker for Mac)

  • Type in malice as the Index name or pattern and click Create.
  • Now click on the Malice Tab and behold!!!

Getting Started (Docker in Docker)

Install/Update all Plugins

docker run --rm -v /var/run/docker.sock:/var/run/docker.sock malice/engine plugin update --all

Scan a file

docker run --rm -v /var/run/docker.sock:/var/run/docker.sock 
-v `pwd`:/malice/samples
-e MALICE_VT_API=$MALICE_VT_API
malice/engine scan SAMPLE

Documentation

A Russian hacker indicted by a United States court for his involvement in online ad fraud schemes that defrauded multiple American companies out of tens of millions of dollars pleaded not guilty on Friday in a courtroom in Brooklyn, New York.

Aleksandr Zhukov, 38, was arrested in November last year by Bulgarian authorities after the U.S. issued an international warrant against him, and was

Source