2. !!!! DISCLAIMER !!!!
• The information contained in this presentation does
not break any intellectual property, nor does it
provide detailed information that may be in conflict
with any laws (hopefully...) :)
• Registered brands belong to their legitimate owners.
• The opinion here represented are my personal ones
and do not necessary reflect my employers views.
14 Jun 2014
3. HEADLINES
• GameOver Zeus & CryptoLocker malware
• Iraq Blocks Social Media Amid Militant Drive
• “Absolute Software” Names New Chief Executive Officer
• Cybercriminals Ramp Up Activity Ahead of 2014 World
Cup
• Former Microsoft Worker Sent to Prison for Theft of Trade
Secrets
14 Jun 2014
4. CONTINUED …
• P.F. Chang's ( Restaurant chain ) confirms theft of
customer card data.
December 2013 , 100 million customers data is
hacked as per the news .
• LulzSec hacker helps FBI stop over 300 cyber attacks
• Austrian computer student: I accidentally hacked Twitter
with a heart symbol
• Chinese government hackers are coming for your cloud.
14 Jun 2014
5. CONTINUED
• Schools Kids hacked BMO ATM using Operators
manual found online
just a random guess of the password
• New Svpeng Trojan Targets US Mobile Users
• Spotify latest to be hit by hack on users
14 Jun 2014
6. ?...?
• Netflix passwords leaked again?
• Most common passwords registered
• w4gw4g
• Poosty72
• Moshimoshi
• 500 usernames ‘n’ passwords leaked
14 Jun 2014
7. EXPLOIT DB – STATS ( JUNE 2014 )
• Remote exploit - 6
• Local exploit – 2
• Web application – 7
• DOS - 2
• Papers - 6
14 Jun 2014
8. INTERESTING TRICK
• Loophole in PayPal Terms Allows Anyone to Double
their PayPal Money Endlessly
three separate PayPal account
• one real
• Virtual Credit Card (VCC)
• Virtual Bank Account (VBA)
Link : http://thehackernews.com/2014/06/loophole-in-
paypal-terms-allows-anyone.html
14 Jun 2014
11. MICROSOFT
• Microsoft helps FBI in GameOver Zeus botnet
cleanup
• Microsoft Running Out Of IPv4 Address Space In The
US To Use For Azure VMs
14 Jun 2014
13. T O O L S W A T C H . O R G R E A D E R S
2013 TOP SECURITY
TOOLS
14 Jun 2014
14. OWASP ZAP – ZED ATTACK PROXY
PROJECT
• tool for finding vulnerabilities in web applications.
• ZAP provides automated scanners as well as a set
of tools that allow you to find security vulnerabilities
manually.
Link :
https://www.owasp.org/index.php/OWASP_Zed_Atta
ck_Proxy_Project
14 Jun 2014
15. BEEF – THE BROWSER EXPLOITATION
FRAMEWORK PROJECT
• Penetration testing tool that focuses on the web
browser.
Link : http://beefproject.com/
14 Jun 2014
16. BURP SUITE
• Performing security testing of web applications and
Proxy Server
Link : http://portswigger.net/burp/
14 Jun 2014
17. PE STUDIO
• Free tool performing the static investigation of any
Windows executable binary.
Note : A file being analysed with PeStudio is never
launched
Link : www.winitor.com
14 Jun 2014
18. OWASP XENOTIX
• Advanced Cross Site Scripting (XSS) vulnerability
detection and exploitation framework
• It provides Zero False Positive scan results with its
unique Triple Browser Engine (Trident, WebKit, and
Gecko) embedded scanner.
Link : http://opensecurity.in/owasp-xenotix-xss-exploit-
framework-v4-5-relesed/
14 Jun 2014
19. LYNIS THE HARDENING UNIX TOOL
• Tool to audit and harden Unix and Linux based
systems.
Link : http://cisofy.com/lynis/
14 Jun 2014