Tor Botnets, SIM Hacking, and Pwned Prius
Blackhat and Defcon are only a few days away, so this week’s InfoSec news summary covers previews of some of the research experts plan on disclosing during next week’s security bonanza.
During this week’s episode, learn about the latest Tor-based botnets, hear how hackers can force malware through your phone’s SIM card, and see a couple researchers totally take over a Prius car with a laptop. Watch below, and check the Reference section for other interested security stories.
Show Notes: I had unexpected microphone cable problems during my recording, which I didn’t learn about until after my shoot. It caused some hum and clicks in this week’s video. I apologize for the bad audio, and will be sure to check it next week.
Also, I will be attending Blackhat next week. I still plan to post at least one video, but it may not appear at its regular time.
(Episode Runtime: 10:09)
Direct YouTube Link: https://www.youtube.com/watch?v=Pa3QsIS-TK8
Episode References:
- Security researcher’s hack causes Apple developer site down time – Mac Rumors
- Eset details two new Tor-based botnets – We Live Security blog
- Flaw in cellular SIM card update process allows mobile phone hijacking – SR Labs Blog
- Researchers preview car hacking demo planned for Blackhat – Forbes
- Authorities take down cyber gang responsible for huge financial sector breaches – Washington Post
- Breaking News: Barnaby Jack, the pacemaker hacker, passes away before his Blackhat talk – Chicago Tribune
Extras:
- Ubuntu forum breach results in 1.8 million lost credentials – CBR
- TruCaller database hacked – The Hindu Business Line
- Cool visualization of the largest data breaches – Information is Beautiful
- Don’t fall for Royal Baby malware scams –InfoSec Magazine
- New Banking trojan called KINS – SC Magazine
- Chinese malware found to leverage Android “Master Key” vulnerability – Engadget
— Corey Nachreiner, CISSP (@SecAdept)
1. If theoretical research like “rooting SIM” will become reality, and malware attacks will grow in it’s intelligent by such giant steps – we will have not only antiviruses on our Google Android/ Apple iOS devices, but also: SMS-firewalls with signatures and geolocation features, something like “IPS for incoming calls” and “DLP for GRPS outbound connections” 🙂 Looks like mobile industry will forced to evolve this way.
2. Interesting information about KINS banking trojan. As far as I know – most impressive technique such trojan use – HTML rewriting, created for the propose to hide actual sum of withdraw from victim’s account.