NSA tools leaked by #ShadowBrokers now infecting over 200k machines, will be weaponized for years:
Hipchat has suffered an #infosec incident
They're blaming a "third party library" but, -extremely- annoyingly, have neglected to state which library it is - so be prepared to keep an eye out for other services having incidents in the future, if this isn't a case of hipchat having used something catastrophically out of date.
I never did an #introductions post, so here's mine.
I have worked as a sysadmin and computer repairs, though I can't work any more.
Pen Test Poster: "White Board" - Bash - Find Juicy Stuff in the File System https://pen-testing.sans.org/blog/2017/03/08/pen-test-poster-white-board-bash-find-juicy-stuff-in-the-file-system #infosec
Pen Test Poster: "White Board" - PowerShell - Get Firewall Rules https://pen-testing.sans.org/blog/2017/03/08/pen-test-poster-white-board-powershell-get-firewall-rules #infosec
Critical Access Bypass Bug Patched on Durpal 8 http://feedproxy.google.com/~r/cyberkendra/~3/h6OamAE27vk/critical-access-bypass-bug-patched-on.html #infosec
Teen Hacker made £400,000 by Selling his DDoS Tool http://feedproxy.google.com/~r/cyberkendra/~3/jguXeNV-gPQ/teen-hacker-made-400000-by-selling-his.html #infosec
Ask Sucuri: What is the Principle of Least Privilege? https://blog.sucuri.net/2017/04/the-principle-of-least-privilege.html #infosec
Inside The Hunt For Russia’s Hackers https://www.buzzfeed.com/sheerafrenkel/inside-the-hunt-for-russias-hackers?utm_term=.lk1PEyLAo Really interesting read if you're into #infosec
"...identified a total of 10 security vulnerabilities, ranging from low- to high-risk issues, six of which can be exploited remotely by unauthenticated attackers."
DoublePulsar, as the NSA implant is code-named, was detected on more than 107,000 computers in one Internet scan. That scan was performed over the past few days by researchers from Binary Edge, a security firm headquartered in Switzerland.