Iranian Hacker's 3 year old Sting Op

a three-year old cyber espionage campaign which they believe to have originated in Iran, targeting a number of military and political leaders in the United States, Israel and other countries by creating false social networking accounts and a fake news website.

Story here & here 

True Crypt shuts down, but why?

One of the most famous tools for disk encryption, shuts down, without any explanation!!?? The recommendation is to migrate to Microsoft's Bitlocker (yikes)

Spotify hacked

Today, the popular Music streaming service Spotify said the company has suffered a Data breach and warned users of its Android app to upgrade it in the wake of a potential data breach in their servers.

Full Story 

Aussie Apple Fans Get Pawned

A mysterious new scam has emerged targeting Antipodean iPhone, iPad and iMac users by locking their devices via “Find My iPhone” technology and holding them to ransom.

Full Story  &  Troy Hunt's Analysis

London - Latest Victim of Car Hacking

Thieves are hacking into these on-board computers using cell-phone-sized electronic devices originally designed for locksmiths.

Full Story 

Anonymous Philippines Defaces Chinese websites

"Anonymous Philippines" claimed responsibility for defacing more than 200 Chinese websites in retaliation for Beijing's aggressive actions in the West Philippine Sea, according to the messages posted on their Facebook page.

Full Story

Diving Underground: Fake ID's & Passports

Continuing with the research of the underground, here is one of the many service providers, promising as-good-as real passports, driving licenses, and ID cards. The payment mode remains BTC

ISC2's Vulnerability

This is plain embarrassing, organizations like (ISC)2 do not take basic security measures.

Antivirus is Dead

Nothing new in here, but a good writeup on why AV is not a reliable security control now. Still a must have investment, but do not expect much from them.

Bitly Hacked!

Bitly's been hacked, reset your passwords and APIs now. Bitly's own public release is here.

Technical Experts vs Management

Does not show case IT Security directly, but still as true. A light humor around the disconnect between the technical experts, the stakeholders and the big-bosses in the corporate environment.

Telco Orange Hacked (again) - 1.3 M customers impacted

Second attack in a span of months!

KPI for a SIEM tool

Some good ideas and indicators.

OpenID, OAuth Vulnerability

Account hijacking is all too common in social networking, but a wider-spread problem has affected almost all major OAuth 2.0 and OpenID providers, such as Facebook, Google, Yahoo, LinkedIn, Microsoft, GitHub, QQ, Taobao, Weibo, VK, Mail.Ru and Sohu, have been affected by a serious covert redirect vulnerability.\

Full Story

Police Use New Tool To Source Crowds for Evidence

Leading edge technology, or will it be the bleeding edge nightmare?

A new crime-fighting innovation known as LEEDIR, the Large Emergency Event Digital Information Repository, pairs an app with cloud storage to help police use smartphones as tools to gather evidence. The crowdsourcing system gives authorities a secure, central repository for the countless electronic tips that can come in during a crisis.

Diving Underground: Counterfeit Currency

Continuing with my research of the underground market, I stumbled upon a website which offers USD and Euro currency, at a discount of up to 75%. The payment is to be made via bitcoins (of course).

A screenshot of the website is pasted below. However, it does make me wonder, how the buyer could be assured of the legitimacy of the seller. Unlike ebay, there is no easy way here to give a negative feedback. Nevertheless, another insight into the thriving underground.

Kali Linux Hacked!

Kali (formerly called Backtrack) became the latest victim of heartbleed. A bit sad to see a pen-testing community go down.