SlideShare une entreprise Scribd logo

Security News Bytes June 2014 Bangalore

n|u - The Open Security Community
n|u - The Open Security Community

null Bangalore Chapter - June 2014 Meet

FormationTechnologieActualités & Politique
1  sur  21
Télécharger pour lire hors ligne
SECURITY NEWS BYTES Nishanth Kumar n|u Bangalore chapter Lead N |U M O N T H LY M E E T 14 Jun 2014
!!!! DISCLAIMER !!!! • The information contained in this presentation does not break any intellectual property, nor does it provide detailed information that may be in conflict with any laws (hopefully...) :) • Registered brands belong to their legitimate owners. • The opinion here represented are my personal ones and do not necessary reflect my employers views. 14 Jun 2014
HEADLINES • GameOver Zeus & CryptoLocker malware • Iraq Blocks Social Media Amid Militant Drive • “Absolute Software” Names New Chief Executive Officer • Cybercriminals Ramp Up Activity Ahead of 2014 World Cup • Former Microsoft Worker Sent to Prison for Theft of Trade Secrets 14 Jun 2014
CONTINUED … • P.F. Chang's ( Restaurant chain ) confirms theft of customer card data. December 2013 , 100 million customers data is hacked as per the news . • LulzSec hacker helps FBI stop over 300 cyber attacks • Austrian computer student: I accidentally hacked Twitter with a heart symbol • Chinese government hackers are coming for your cloud. 14 Jun 2014
CONTINUED • Schools Kids hacked BMO ATM using Operators manual found online just a random guess of the password • New Svpeng Trojan Targets US Mobile Users • Spotify latest to be hit by hack on users 14 Jun 2014
?...? • Netflix passwords leaked again? • Most common passwords registered • w4gw4g • Poosty72 • Moshimoshi • 500 usernames ‘n’ passwords leaked 14 Jun 2014
EXPLOIT DB – STATS ( JUNE 2014 ) • Remote exploit - 6 • Local exploit – 2 • Web application – 7 • DOS - 2 • Papers - 6 14 Jun 2014
INTERESTING TRICK • Loophole in PayPal Terms Allows Anyone to Double their PayPal Money Endlessly three separate PayPal account • one real • Virtual Credit Card (VCC) • Virtual Bank Account (VBA) Link : http://thehackernews.com/2014/06/loophole-in- paypal-terms-allows-anyone.html 14 Jun 2014
14 Jun 2014
NEWS FROM GIANTS 14 Jun 2014
MICROSOFT • Microsoft helps FBI in GameOver Zeus botnet cleanup • Microsoft Running Out Of IPv4 Address Space In The US To Use For Azure VMs 14 Jun 2014
SYMANTEC • TrueCrypt Migration to Symantec Encryption Desktop 14 Jun 2014
T O O L S W A T C H . O R G R E A D E R S 2013 TOP SECURITY TOOLS 14 Jun 2014
OWASP ZAP – ZED ATTACK PROXY PROJECT • tool for finding vulnerabilities in web applications. • ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. Link : https://www.owasp.org/index.php/OWASP_Zed_Atta ck_Proxy_Project 14 Jun 2014
BEEF – THE BROWSER EXPLOITATION FRAMEWORK PROJECT • Penetration testing tool that focuses on the web browser. Link : http://beefproject.com/ 14 Jun 2014
BURP SUITE • Performing security testing of web applications and Proxy Server Link : http://portswigger.net/burp/ 14 Jun 2014
PE STUDIO • Free tool performing the static investigation of any Windows executable binary. Note : A file being analysed with PeStudio is never launched Link : www.winitor.com 14 Jun 2014
OWASP XENOTIX • Advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework • It provides Zero False Positive scan results with its unique Triple Browser Engine (Trident, WebKit, and Gecko) embedded scanner. Link : http://opensecurity.in/owasp-xenotix-xss-exploit- framework-v4-5-relesed/ 14 Jun 2014
LYNIS THE HARDENING UNIX TOOL • Tool to audit and harden Unix and Linux based systems. Link : http://cisofy.com/lynis/ 14 Jun 2014
14 Jun 2014
        THANK YOU 14 Jun 2014

Recommandé

Browser Exploit Framework
Browser Exploit FrameworkBrowser Exploit Framework
Browser Exploit Framework
n|u - The Open Security Community
 
Secuirty News Bytes-Bangalore may 2014
Secuirty News Bytes-Bangalore may 2014 Secuirty News Bytes-Bangalore may 2014
Secuirty News Bytes-Bangalore may 2014
n|u - The Open Security Community
 
Demystifying captcha Bangalore Meet April 18
Demystifying captcha Bangalore Meet April 18Demystifying captcha Bangalore Meet April 18
Demystifying captcha Bangalore Meet April 18
n|u - The Open Security Community
 
Flashack
FlashackFlashack
Flashack
n|u - The Open Security Community
 
The Shellshocker
The ShellshockerThe Shellshocker
The Shellshocker
Sharath Unni
 
Metasploit Demo
Metasploit DemoMetasploit Demo
Metasploit Demo
n|u - The Open Security Community
 
ESAPI
ESAPIESAPI
ESAPI
n|u - The Open Security Community
 
IE Memory Protector
IE Memory ProtectorIE Memory Protector
IE Memory Protector
3S Labs
 

Recommandé

Browser Exploit Framework
Browser Exploit FrameworkBrowser Exploit Framework
Browser Exploit Framework
n|u - The Open Security Community
 
Secuirty News Bytes-Bangalore may 2014
Secuirty News Bytes-Bangalore may 2014 Secuirty News Bytes-Bangalore may 2014
Secuirty News Bytes-Bangalore may 2014
n|u - The Open Security Community
 
Demystifying captcha Bangalore Meet April 18
Demystifying captcha Bangalore Meet April 18Demystifying captcha Bangalore Meet April 18
Demystifying captcha Bangalore Meet April 18
n|u - The Open Security Community
 
Flashack
FlashackFlashack
Flashack
n|u - The Open Security Community
 
The Shellshocker
The ShellshockerThe Shellshocker
The Shellshocker
Sharath Unni
 
Metasploit Demo
Metasploit DemoMetasploit Demo
Metasploit Demo
n|u - The Open Security Community
 
ESAPI
ESAPIESAPI
ESAPI
n|u - The Open Security Community
 
IE Memory Protector
IE Memory ProtectorIE Memory Protector
IE Memory Protector
3S Labs
 
Owasp Mobile Top 10 – 2014
Owasp Mobile Top 10 – 2014Owasp Mobile Top 10 – 2014
Owasp Mobile Top 10 – 2014
n|u - The Open Security Community
 
Recon ng null meet April 2015
Recon ng null meet April 2015Recon ng null meet April 2015
Recon ng null meet April 2015
n|u - The Open Security Community
 
Owasp m7-m8-shivang nullmeetblr 21june2015
Owasp m7-m8-shivang nullmeetblr 21june2015Owasp m7-m8-shivang nullmeetblr 21june2015
Owasp m7-m8-shivang nullmeetblr 21june2015
n|u - The Open Security Community
 
Venom vulnerability Overview and a basic demo
Venom vulnerability Overview and a basic demoVenom vulnerability Overview and a basic demo
Venom vulnerability Overview and a basic demo
Akash Mahajan
 
Rapid Android Application Security Testing
Rapid Android Application Security TestingRapid Android Application Security Testing
Rapid Android Application Security Testing
Nutan Kumar Panda
 
Metasploit Humla for Beginner
Metasploit Humla for BeginnerMetasploit Humla for Beginner
Metasploit Humla for Beginner
n|u - The Open Security Community
 
Security Monitoring using SIEM null bangalore meet april 2015
Security Monitoring using SIEM null bangalore meet april 2015Security Monitoring using SIEM null bangalore meet april 2015
Security Monitoring using SIEM null bangalore meet april 2015
n|u - The Open Security Community
 
OWASP Bangalore : OWTF demo : 13 Dec 2014
OWASP Bangalore : OWTF demo : 13 Dec 2014OWASP Bangalore : OWTF demo : 13 Dec 2014
OWASP Bangalore : OWTF demo : 13 Dec 2014
Anant Shrivastava
 
Tale of Forgotten Disclosure and Lesson learned
Tale of Forgotten Disclosure and Lesson learnedTale of Forgotten Disclosure and Lesson learned
Tale of Forgotten Disclosure and Lesson learned
Anant Shrivastava
 
Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014
Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014
Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014
Anant Shrivastava
 
Owasp Mobile Risk Series : M4 : Unintended Data Leakage
Owasp Mobile Risk Series : M4 : Unintended Data LeakageOwasp Mobile Risk Series : M4 : Unintended Data Leakage
Owasp Mobile Risk Series : M4 : Unintended Data Leakage
Anant Shrivastava
 
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer ProtectionOwasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Anant Shrivastava
 
Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)
n|u - The Open Security Community
 
Osint primer
Osint primerOsint primer
Osint primer
n|u - The Open Security Community
 
SSRF exploit the trust relationship
SSRF exploit the trust relationshipSSRF exploit the trust relationship
SSRF exploit the trust relationship
n|u - The Open Security Community
 
Nmap basics
Nmap basicsNmap basics
Nmap basics
n|u - The Open Security Community
 
Metasploit primary
Metasploit primaryMetasploit primary
Metasploit primary
n|u - The Open Security Community
 
Api security-testing
Api security-testingApi security-testing
Api security-testing
n|u - The Open Security Community
 
Introduction to TLS 1.3
Introduction to TLS 1.3Introduction to TLS 1.3
Introduction to TLS 1.3
n|u - The Open Security Community
 
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
n|u - The Open Security Community
 
Talking About SSRF,CRLF
Talking About SSRF,CRLFTalking About SSRF,CRLF
Talking About SSRF,CRLF
n|u - The Open Security Community
 
Building active directory lab for red teaming
Building active directory lab for red teamingBuilding active directory lab for red teaming
Building active directory lab for red teaming
n|u - The Open Security Community
 

Contenu connexe

En vedette

En vedette (12)

Owasp Mobile Top 10 – 2014
Owasp Mobile Top 10 – 2014Owasp Mobile Top 10 – 2014
Owasp Mobile Top 10 – 2014
 
Recon ng null meet April 2015
Recon ng null meet April 2015Recon ng null meet April 2015
Recon ng null meet April 2015
 
Owasp m7-m8-shivang nullmeetblr 21june2015
Owasp m7-m8-shivang nullmeetblr 21june2015Owasp m7-m8-shivang nullmeetblr 21june2015
Owasp m7-m8-shivang nullmeetblr 21june2015
 
Venom vulnerability Overview and a basic demo
Venom vulnerability Overview and a basic demoVenom vulnerability Overview and a basic demo
Venom vulnerability Overview and a basic demo
 
Rapid Android Application Security Testing
Rapid Android Application Security TestingRapid Android Application Security Testing
Rapid Android Application Security Testing
 
Metasploit Humla for Beginner
Metasploit Humla for BeginnerMetasploit Humla for Beginner
Metasploit Humla for Beginner
 
Security Monitoring using SIEM null bangalore meet april 2015
Security Monitoring using SIEM null bangalore meet april 2015Security Monitoring using SIEM null bangalore meet april 2015
Security Monitoring using SIEM null bangalore meet april 2015
 
OWASP Bangalore : OWTF demo : 13 Dec 2014
OWASP Bangalore : OWTF demo : 13 Dec 2014OWASP Bangalore : OWTF demo : 13 Dec 2014
OWASP Bangalore : OWTF demo : 13 Dec 2014
 
Tale of Forgotten Disclosure and Lesson learned
Tale of Forgotten Disclosure and Lesson learnedTale of Forgotten Disclosure and Lesson learned
Tale of Forgotten Disclosure and Lesson learned
 
Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014
Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014
Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014
 
Owasp Mobile Risk Series : M4 : Unintended Data Leakage
Owasp Mobile Risk Series : M4 : Unintended Data LeakageOwasp Mobile Risk Series : M4 : Unintended Data Leakage
Owasp Mobile Risk Series : M4 : Unintended Data Leakage
 
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer ProtectionOwasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
 

Plus de n|u - The Open Security Community

Plus de n|u - The Open Security Community (20)

Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)
 
Osint primer
Osint primerOsint primer
Osint primer
 
SSRF exploit the trust relationship
SSRF exploit the trust relationshipSSRF exploit the trust relationship
SSRF exploit the trust relationship
 
Nmap basics
Nmap basicsNmap basics
Nmap basics
 
Metasploit primary
Metasploit primaryMetasploit primary
Metasploit primary
 
Api security-testing
Api security-testingApi security-testing
Api security-testing
 
Introduction to TLS 1.3
Introduction to TLS 1.3Introduction to TLS 1.3
Introduction to TLS 1.3
 
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
 
Talking About SSRF,CRLF
Talking About SSRF,CRLFTalking About SSRF,CRLF
Talking About SSRF,CRLF
 
Building active directory lab for red teaming
Building active directory lab for red teamingBuilding active directory lab for red teaming
Building active directory lab for red teaming
 
Owning a company through their logs
Owning a company through their logsOwning a company through their logs
Owning a company through their logs
 
Introduction to shodan
Introduction to shodanIntroduction to shodan
Introduction to shodan
 
Cloud security
Cloud security Cloud security
Cloud security
 
Detecting persistence in windows
Detecting persistence in windowsDetecting persistence in windows
Detecting persistence in windows
 
Frida - Objection Tool Usage
Frida - Objection Tool UsageFrida - Objection Tool Usage
Frida - Objection Tool Usage
 
OSQuery - Monitoring System Process
OSQuery - Monitoring System ProcessOSQuery - Monitoring System Process
OSQuery - Monitoring System Process
 
DevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -SecurityDevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -Security
 
Extensible markup language attacks
Extensible markup language attacksExtensible markup language attacks
Extensible markup language attacks
 
Linux for hackers
Linux for hackersLinux for hackers
Linux for hackers
 
Android Pentesting
Android PentestingAndroid Pentesting
Android Pentesting
 

Dernier

1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
QucHHunhnh
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
heathfieldcps1
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
negromaestrong
 
Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseSpellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please Practise
AnaAcapella
 
Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...
Association for Project Management
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
ZurliaSoop
 

Dernier (20)

Dyslexia AI Workshop for Slideshare.pptx
Dyslexia AI Workshop for Slideshare.pptxDyslexia AI Workshop for Slideshare.pptx
Dyslexia AI Workshop for Slideshare.pptx
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 
How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSHow to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POS
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseSpellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please Practise
 
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibit
 
Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
 

Security News Bytes June 2014 Bangalore

  • 1. SECURITY NEWS BYTES Nishanth Kumar n|u Bangalore chapter Lead N |U M O N T H LY M E E T 14 Jun 2014
  • 2. !!!! DISCLAIMER !!!! • The information contained in this presentation does not break any intellectual property, nor does it provide detailed information that may be in conflict with any laws (hopefully...) :) • Registered brands belong to their legitimate owners. • The opinion here represented are my personal ones and do not necessary reflect my employers views. 14 Jun 2014
  • 3. HEADLINES • GameOver Zeus & CryptoLocker malware • Iraq Blocks Social Media Amid Militant Drive • “Absolute Software” Names New Chief Executive Officer • Cybercriminals Ramp Up Activity Ahead of 2014 World Cup • Former Microsoft Worker Sent to Prison for Theft of Trade Secrets 14 Jun 2014
  • 4. CONTINUED … • P.F. Chang's ( Restaurant chain ) confirms theft of customer card data. December 2013 , 100 million customers data is hacked as per the news . • LulzSec hacker helps FBI stop over 300 cyber attacks • Austrian computer student: I accidentally hacked Twitter with a heart symbol • Chinese government hackers are coming for your cloud. 14 Jun 2014
  • 5. CONTINUED • Schools Kids hacked BMO ATM using Operators manual found online just a random guess of the password • New Svpeng Trojan Targets US Mobile Users • Spotify latest to be hit by hack on users 14 Jun 2014
  • 6. ?...? • Netflix passwords leaked again? • Most common passwords registered • w4gw4g • Poosty72 • Moshimoshi • 500 usernames ‘n’ passwords leaked 14 Jun 2014
  • 7. EXPLOIT DB – STATS ( JUNE 2014 ) • Remote exploit - 6 • Local exploit – 2 • Web application – 7 • DOS - 2 • Papers - 6 14 Jun 2014
  • 8. INTERESTING TRICK • Loophole in PayPal Terms Allows Anyone to Double their PayPal Money Endlessly three separate PayPal account • one real • Virtual Credit Card (VCC) • Virtual Bank Account (VBA) Link : http://thehackernews.com/2014/06/loophole-in- paypal-terms-allows-anyone.html 14 Jun 2014
  • 11. MICROSOFT • Microsoft helps FBI in GameOver Zeus botnet cleanup • Microsoft Running Out Of IPv4 Address Space In The US To Use For Azure VMs 14 Jun 2014
  • 12. SYMANTEC • TrueCrypt Migration to Symantec Encryption Desktop 14 Jun 2014
  • 13. T O O L S W A T C H . O R G R E A D E R S 2013 TOP SECURITY TOOLS 14 Jun 2014
  • 14. OWASP ZAP – ZED ATTACK PROXY PROJECT • tool for finding vulnerabilities in web applications. • ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. Link : https://www.owasp.org/index.php/OWASP_Zed_Atta ck_Proxy_Project 14 Jun 2014
  • 15. BEEF – THE BROWSER EXPLOITATION FRAMEWORK PROJECT • Penetration testing tool that focuses on the web browser. Link : http://beefproject.com/ 14 Jun 2014
  • 16. BURP SUITE • Performing security testing of web applications and Proxy Server Link : http://portswigger.net/burp/ 14 Jun 2014
  • 17. PE STUDIO • Free tool performing the static investigation of any Windows executable binary. Note : A file being analysed with PeStudio is never launched Link : www.winitor.com 14 Jun 2014
  • 18. OWASP XENOTIX • Advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework • It provides Zero False Positive scan results with its unique Triple Browser Engine (Trident, WebKit, and Gecko) embedded scanner. Link : http://opensecurity.in/owasp-xenotix-xss-exploit- framework-v4-5-relesed/ 14 Jun 2014
  • 19. LYNIS THE HARDENING UNIX TOOL • Tool to audit and harden Unix and Linux based systems. Link : http://cisofy.com/lynis/ 14 Jun 2014
  • 21.         THANK YOU 14 Jun 2014