Resources

  • Cyberspectrum: Bay Area Software Defined Radio #2 (Dec 2014) HD – youtube.com
    first Cyberspectrum meetup in San Francisco. The Bay Area SDR Meetup served as a forum to exchange knowledge and ideas related to Software Defined Radio. Meetup presentations recorded and posted online.
  • The World’s Biggest Data Breaches, In One Incredible Infographic – businessinsider.com
    The folks over at Information Is Beautiful have put together an amazing infographic with the biggest data breaches in recenty history. You can see when the attack happened, who it happened to, and how large the impact was.
  • SnoopSnitch – twitter.com
    SnoopSnitch, by Karsten Nohl, let’s you detect IMSI catchers and SS7 attacks. (requires root)

Tools

  • USBdriveby – github.com
    USBdriveby is a device you stylishly wear around your neck which can quickly and covertly install a backdoor and override DNS settings on an unlocked machine via USB in a matter of seconds. Code is available here.
  • Quickjack – github.com
    Quickjack is an intuitive, point-and-click tool for performing advanced and covert clickjacking and frame slicing attacks. Code is available here.
  • SubBrute – github.com
    SubBrute is a community driven project with the goal of creating the fastest, and most accurate subdomain enumeration tool.

Vendor/Software patches

  • Apple automatically patches Macs to fix severe NTP security flaw – arstechnica.com
    Apple does have the ability to quietly and automatically patch systems if it needs to, however, and it has exercised that ability for the first time to patch a critical flaw in the Network Time Protocol (NTP) used to keep the system clock in sync.

Vulnerabilities

  • Hackers allegedly behind Xbox and PlayStation network shutdown set sights on Tor – theverge.com
    The group that allegedly took down Microsoft and Sony’s gaming networks now says it’s set its sights on a new target. Lizard Squad, which took credit for denial of service attacks that kept Xbox Live and PlayStation Network offline over Christmas, tweeted earlier today that it was going after the Tor encryption service.
  • 12 Days of HaXmas: MS14-068, now in Metasploit! – community.rapid7.com
    In November of 2014, a really interesting vulnerability was published on Microsoft Windows Kerberos, You have already heard about it.-MS14-068. Here is more in-depth analysis about the vulnerability.

Other News

  • The Year’s Worst Hacks, From Sony to Celebrity Nude Pics – wired.com
    With each passing year, data breaches get bigger and more invasive. But 2014 saw a new twist to the breach phenomenon with the Sony hack. Here’s a look back at this year’s top hacks—the biggest and the noisiest.
  • Sony Pictures holds $60 million Cyber policy with Marsh – ropertycasualty360.com
    Sony Pictures Entertainment holds $60 million in Cyber insurance with Marsh, according to documents leaked by the group claiming responsibility for the attack on the movie studio.
  • Neglected Server Provided Entry for JPMorgan Hackers – dealbook.nytimes.com
    The computer breach at JPMorgan Chase this summer — the largest intrusion of an American bank to date — might have been thwarted if the bank had installed a simple security fix to an overlooked server in its vast network, said people who have been briefed on internal and outside investigations into the attack.