The Cambridge Cloud Cybercrime Centre is seeking a Research Assistant for DDoS measurement. The Centre's overall objective is to create a sustainable and internationally competitive centre for academic research into cybercrime.
A new vulnerability has been found on OpenSSH which is used by almost all Linux/BSD distributions, as well as many network infrastructure devices to allow SSH connectivity. The vulnerability applies to any SSH device that allows for user/password logins as opposed to shared keys. And, from my quick review of the vulnerability, it seems to be common on almost every device that has not had password logins specifically disabled. The vulnerability allows an attacker to attempt many thousands of passwords for a user, instead of the default 3-6, before being blocked.
As with many other people in the cybersecurity world, ThreatSTOP received notification today about a spear phishing campaign using some of the zero day vulnerabilities leaked from “Hackinged Team” at the beginning of the month. ThreatSTOP is happy to report that we are blocking the IOCs in that notification for all our customers who use either the TSCritical Target List or the Lists that include it – BASIC or BOTNETS - in their firewall policy.
Recently the Italian group Hacking Team was compromised and, according to the attackers, had 400 GB of data stolen.