Anomali Limo – Take the Fast Lane to Threat Intelligence

Far from being just a buzzword, threat intelligence has proven to be a valuable asset to security teams. 78% of respondents polled from The Value of Threat Intelligence: Ponemon Study, stated that threat intelligence was critical for a strong security posture. One of the difficulties with threat intelligence isn’t necessarily recognizing its value, though – it’s getting started.

At Anomali we wanted to provide people with an easy-to-use tool for collecting and analyzing threat data, which is why we built STAXX. It’s a free TAXII client that allows you to subscribe to any STIX/TAXII feed and link to an online portal for investigations. In the past months we’ve made a lot of changes to ensure that STAXX has everything needed to start incorporating threat intelligence into their security systems. We’ve even upped our game by including our new Limo services to partner with our TAXII client.

Limo is a preconfigured set of intelligence feeds that STAXX users can access immediately upon download. It’s completely free, and provides information from our Weekly Threat Briefing, Anomali Labs data, and other open source intelligence feeds.

Below is a list of the current Limo feeds and a description of what they provide. If there’s something you think we missed or would like to see, feel free to let us know in our Forum. We’re always looking for feedback (even if it’s that you don’t like puns).

This feed provides threat indicators from our Weekly Threat Briefings. Each briefing contains curated intelligence about the latest active threats in the news and around the world. A brief analysis from our Anomali Labs team provides some technical insight as to why these threats are relevant. With threat actors consistently altering their malicious tacitcs, keeping up-to-date on the most recent threats and vulnerabilities is critical. You can also subscribe to this information and receive email updates, or check back to our blog on Tuesday’s.


Blutmagie_TOR_Nodes contains a list of exit nodes provided by the website Tor Network Status. Tor is used as a vector for cyber-attacks, and traffic to and from a Tor exit node could be an indication of an attack.

Bots, phishing sites, and hostile traffic – oh my! This Limo feed provides hosts published by Emerging Threats that are known to be significantly infected or hostile.

Lehigh_Malwaredomains specializes in providing domains that are known to be used to propagate malware and spyware, as published by the DNS-BH project.

This Limo feed provides phishing data from PhishTank, a free community site. Phishing is one of the most common and successful kind of attacks. Check out our blog, Teach a Man to Phish, to learn how your adversaries might try to trick you.

CyberCrime provides Indicators of Compromise focused on banking malware such as Zeus, Pony, etc.

DShield is a community-based collaborative firewall log correlation system. It receives logs from volunteers worldwide and uses them to analyze attack trends. This Limo feed provides threat indicators for IP addresses that have been observed performing mass scanning activities, provided by Internet Storm Center.

Ransomware Tracker provides domain names that are associated with Ransomware, such as Botnet command and control (C&C) servers, distribution sites, and payment sites. 

This feed is the same as above, but with IPs rather than domains. Remember with ransomware it doesn’t pay to pay – you’ll just get played.

This is a community-based malware domain list project with infromation from Malware Domain List

This is a feed of the Emerging Threats’ command and control hosts.

We’ll be publishing a few how-to’s in future blogs to explain how you can take the information from these feeds and make it actionable. Subscribe to our blog to make sure you don’t miss out!

Source: Honeypot Tech

Affordable Raspberry Pi 3D Body Scanner

With a £1000 grant from Santander, Poppy Mosbacher set out to build a full-body 3D body scanner with the intention of creating an affordable setup for makespaces and similar community groups.

First Scan from DIY Raspberry Pi Scanner

Head and Shoulders Scan with 29 Raspberry Pi Cameras

Uses for full-body 3D scanning

Poppy herself wanted to use the scanner in her work as a fashion designer. With the help of 3D scans of her models, she would be able to create custom cardboard dressmakers dummy to ensure her designs fit perfectly. This is a brilliant way of incorporating digital tech into another industry – and it’s not the only application for this sort of build. Growing numbers of businesses use 3D body scanning, for example the stores around the world where customers can 3D scan and print themselves as action-figure-sized replicas.

Print your own family right on the high street!
image c/o Tom’s Guide and Shapify

We’ve also seen the same technology used in video games for more immersive virtual reality. Moreover, there are various uses for it in healthcare and fitness, such as monitoring the effect of exercise regimes or physiotherapy on body shape or posture.

Within a makespace environment, a 3D body scanner opens the door to including new groups of people in community make projects: imagine 3D printing miniatures of a theatrical cast to allow more realistic blocking of stage productions and better set design, or annually sending grandparents a print of their grandchild so they can compare the child’s year-on-year growth in a hands-on way.

Raspberry Pi 3d Body Scan

The Germany-based clothing business Outfittery uses full body scanners to take the stress out of finding clothes that fits well.
image c/o Outfittery

As cheesy as it sounds, the only limit for the use of 3D scanning is your imagination…and maybe storage space for miniature prints.

Poppy’s Raspberry Pi 3D Body Scanner

For her build, Poppy acquired 27 Raspberry Pi Zeros and 27 Raspberry Pi Camera Modules. With various other components, some 3D-printed or made of cardboard, Poppy got to work. She was helped by members of BuildBrighton and by her friend Arthur Guy, who also wrote the code for the scanner.

Raspberry Pi 3D Body Scanner

The Pi Zeros run Raspbian Lite, and are connected to a main server running a node application. Each is fitted into its own laser-cut cardboard case, and secured to a structure of cardboard tubing and 3D-printed connectors.

Raspberry Pi 3D Body Scanner

In the finished build, the person to be scanned stands within the centre of the structure, and the press of a button sends the signal for all Pis to take a photo. The images are sent back to the server, and processed through Autocade ReMake, a freemium software available for the PC (Poppy discovered part-way through the project that the Mac version has recently lost support).

Build your own

Obviously there’s a lot more to the process of building this full-body 3D scanner than what I’ve reported in these few paragraphs. And since it was Poppy’s goal to make a readily available and affordable scanner that anyone can recreate, she’s provided all the instructions and code for it on her Instructables page.

Projects like this, in which people use the Raspberry Pi to create affordable and interesting tech for communities, are exactly the type of thing we love to see. Always make sure to share your Pi-based projects with us on social media, so we can boost their visibility!

If you’re a member of a makespace, run a workshop in a school or club, or simply love to tinker and create, this build could be the perfect addition to your workshop. And if you recreate Poppy’s scanner, or build something similar, we’d love to see the results in the comments below.

The post Affordable Raspberry Pi 3D Body Scanner appeared first on Raspberry Pi.

Source: RaspberryPi – IOT Anonimo

Source: Privacy Online

Source: Zologic

Hak5 2224 – Open Sourcing Pentest Tools and Academia with InfoSec: DEF CON 25

On this episode of Hak5, Chris Grayson joins us to talk about open sourcing his pentesting tool, Website. Brittany Postnikoff chats with us about infosec professionals and academia working together for mutual benefit.

Chris Grayson

Brittany Postnikoff

Our Site:
Contact Us:
Threat Wire RSS:
Threat Wire iTunes:
Help us with Translations!

Source: Security news

Source: Zologic

The Changing Face & Reach of Bug Bounties

HackerOne CEO Marten Mickos reflects on the impact of vulnerability disclosure on today’s security landscape and leadership.
Source: Vulnerabilitys & Threats

Future of AI-driven Brick-and-Mortar Begins with Responsive Retail

We don’t live in a static world. When I “look” toward the future, I see sensing, machine learning and deep learning leading us toward a time when artificial intelligence (AI) could enable more secure and actionable retail insights with tremendous results. I envision stores using technology that always knows if shelves are stocked or not, with merchandise arranged so that retailers can gain deeper insights into inventory delivery, immediate availability, and to stay ahead of the fashion trends that drive a near constant change in stock. I imagine a store where shuffled merchandise doesn’t mean lost merchandise but instead uses technology to know where items are located and uses pattern matching via machine learning and artificial intelligence to really understand the retail environment.

Connected retail technology could also enable retail staff to say, “Hey, there’s a $5 item covering a $100 item that was really supposed to be on display; l need to fix that so that I can have can have the insight into the ROI of this endcap.” It could enable them to know that a store is merchandized properly. That people interact with endcaps and individual items.

We at Intel, along with our partners, understand that retailers are looking for answers for real-time inventory management – from ordering and delivery tracking to delivering great customer experience through merchandising insights and optimizing a workforce for maximum results – a 360-degree view. I’m encouraged to see retailers moving down this path. Unfortunately, many times the quick pace of digital disruption has resulted in islands of technology that have been cobbled together, making it difficult for retailers to glean that full 360-degree view of the store that leads to actionable insights. As technology leaders, we can help enable technology solutions that seamlessly support retailers.

A woman shops for shoes.


Localizing Inventory Management Solutions

From my perspective, improving inventory management can solve several retail issues at once. It’s a quick, cost effective entry point for most retailers. Why? First, it’s not just a missed sale if the inventory is not in its place, but it affects the customer experience. Whether a retailer offers an inviting and easy-to-understand sales process is completely irrelevant if the product isn’t on the shelf. So, for me, that’s where it starts. Inventory visibility allows for immediate localization because they’re seeing the real-time demand. Imagine a sales associate wondering, for weeks, if Christmas sweaters have arrived into a Phoenix, Ariz., store only to find out they are not due to arrive until May? It makes absolutely no sense yet hiccups in the supply chain like this occur every year. If a near real-time inventory management solutions was in place, then the retailer would have direct insights into the supply chain and could make merchandise adjustments, and understand the buying habits of not just customers, but individual stores and whole communities. The retailer could then instantly replenish inventory, or not, based on real-time demand.

One solution along these lines that I’m particularly excited about is the JDA Store Optimizer, supported by the Intel Responsive Retail Sensor. Built on Intel technology, it offers retailers an intelligent technology solution to help manage and overcome retailer’s business challenges. It tracks inventory accurately, so you always know where items are located and how many are in stock while also automatically updating store associates’ tasks. Having near real-time inventory data makes it easy to run lean, save time and money and replenish products as needed with little risk of shortages, overstocking, or preventable returns. The JDA Store Optimizer then uses this precise inventory data to automatically identify, prioritize and assign tasks that sales associates need to carry out to optimize operational efficiency, while freeing the store manager to spend more time making decisions that will improve store performance and increase revenues.

A hand touches a kiosk screen.


Enhancing Data Security and Privacy

Along with inventory insight, data security and privacy are also hot topics with retailers. When retailers deal with privacy, they approach it from an opt-in, as an enabled right into the platform. From a purely application perspective, the core platform is built from the ground up with security in mind. It’s also important to make sure that data can be isolated per application, so that if a retailer has a specific set of data they’re bringing that it’s only for them and they know they can trust that verified data. This kind of store-to-cloud security is built in from the ground up. Then there’s end-to-end data encryption, which helps strengthen data security and privacy.

From my perspective, privacy is personal. Some people are completely okay with giving away their details; other people are very guarded about it. Only 43 percent of shoppers say they are comfortable giving up personal data to a retailer—even if it is to improve their shopping experience. This is a relevant and prescient issue to retailers today. Our approach is that there needs to be a way to opt-in, a loyalty program is a great way to do that. If you paired that with opt-in facial recognition through smart video systems in stores, then the solution could also tap into more anonymized demographics to inform store layouts and endcap optimization. Do families with children tend to spend time in certain areas of the store? What about groups of female or male shoppers? That kind of anonymized demographic information could provide valuable insights.

As we approach close to 50 percent of shoppers opting-in to share their data, it’s clear that a growing number of consumers see the value in a more personalized experience. I really think it’s about what level shoppers want to opt-in and loyalty programs are probably the best approach. Moral of the story is we’re not creating the big brother state of retail. People are asking for more personalized experiences and technology can help enable that for them.

A shopper is pleased that her local store uses the Intel Retail Sensor Platform for inventory tracking. As a result, she just scored the best bag ever.


Enabling Tremendous Insights

Consumers also say that they want associates who are more knowledgeable and they want to get the right information from the right person. They want

associates who are knowledgeable about products and can recommend products which would be of best value to them and of highest quality. A recent study shows that 2 in 3 shoppers who tried to find information within a store say they did not find all the information they needed; when they were unable to find the complete information, 43 percent of customers left the store frustrated; 22 percent said they were less likely to buy from that retailer, and 41 percent more likely to shop elsewhere. It is so important to have engaged, knowledgeable, and able sales associates and the JDA Store Optimizer enables sales associates to get back to the business of being available to customers rather than just running around the store in search of inventory.

I think we can learn even more over time to make store truly responsive. In a way, the store itself is learning. The platform helps the store learn and as the store learns, it keeps up in near real-time with the changes that are happening in consumer behavior, and the retail environment. Moreover, there’s no lag time. You’re not being caught unaware.

As we’ve seen, successful retailing comes down to one thing: getting the right product into shoppers’ hands. That may sound simple, but success requires inventory accuracy, efficient sales associates, and the flexibility to quickly adapt to shoppers’ needs in near real-time. Thanks to today’s emerging retail technology solutions I’m convinced that the retail industry’s future has never looked brighter!

Visit to learn more about how Intel technology is shaping the future of responsive retail. To stay informed about Intel IoT developments, subscribe to our RSS feed for email notifications of blog updates, or visit and Twitter.

The post Future of AI-driven Brick-and-Mortar Begins with Responsive Retail appeared first on IoT@Intel.

Source: Network News

IPs Aren’t People

If you watch a lot of CSI Cyber or hacking movies you might be lead to believe that the IP address is the missing link between an activity on the Internet and identifying who acted. In reality this is rarely the case.

There are at least 4 common technologies that obscure who is tied to an IP.

There are many other less transient signatures of a system than an IP address.

Once a computer is identified it does not always identify who is using it.

What is an IP address?

IP stands for Internet Protocol. An IP address is an address given to a system for a period of time that makes data routable to and from the system on networks. The IP address creates a mapping that the rest of the network can use to identify and communicate with the system hardware.

Only a few network devices need to keep the system’s address (known as a MAC address) because everything else uses the IP to communicate. There are 2 major versions of IP in use today:

  • IPv4, which has around 4 billion addresses
  • IPv6, which has so many addresses that it’s compared to the number of grains of sand on Earth

IPV4 is exhausted in many ways and has lead to a slow migration to IPV6. Most major networks and devices today support IPV6. These 2 versions are significant because they both have their own ways of being an obstacle in identifying a person by an IP.

Why aren’t IP addresses easily tied to people?

There are a number of things that may be in the way of an IP being useful to identifying people. Some of them were created specifically for privacy. Others were needed to solve limited network addresses available before IPV6.

  1. Virtual Private Networks (VPNs) are used to encrypt traffic between a machine and the VPN so that any untrusted networks in between can’t easily snoop on the data. Most corporations use VPNs, although individual people can also purchase a VPN service or create their own. VPNs are useful for privacy for a few reasons:

    • Multiple people can use the same VPN at the same time.
    • Anything that they interact with while on that VPN will only have the IP address of the VPN – not the systems connected to it.
    • Only the VPN can reverse the information and identify the system (if it keeps logs).
  2. Proxies are just like the name implies. They usually route traffic for a specific protocol like website traffic. These are typically used for purposes like filtering unwanted websites from schools, public places, and companies. Proxies present the same issue as an IP address that’s recorded by a destination – only the proxy IP can be seen, not the IP of the system.

  3. Network Address Translation (NAT) is a technology that creates an internal network that can’t seen by an external network. This is used when there are a lot of internal devices and only a few public IP addresses available. The effect on a destination is the same. They will only see the IP address of the NAT device. Unlike with other technologies, the NAT device is usually in the vicinity of the systems it connects to.

  4. DHCP is a technology that shares an IP address contemporaneously. This ensures that a pool of IP addresses are used for devices that still need them. Any that are not don’t get a new lease on an IP, which means it’ll be available for others. If you’re getting logs of IP visits you must also keep the time for the visit, and then match the time of the visit to when someone had an IP. The system assigned that IP now may not be the same one.

The above technologies are often in used conjunction with one another. Together they make an IP address much less reliable as a personal identifier. Advertisers, for example, will only use an IP address to determine an approximate region, while for everything else they use other means. In the security industry they are used to identify systems and kept within that context.

How can systems and people be identified?

The list of practical systems and people’s signatures changes constantly. There are privacy features created to remove them and new research and technologies that create new ones all the time. For a comprehensive list of web browser signatures you can go to and run their test. It shows your list of browser plugins, cookies, settings, and technologies used to track you. That’s not the end of it though. All of our interactions can create signatures that can identify the people behind a system.


What can identify a person on a system?

This is another area of ongoing research. Conceptually, anything we do on a system can be used to create a signature.

  1. For instance, the unique way we type or use a mouse are both very easily recorded from a remote system. None of the technologies mentioned will mask this. Storing information at this level simply isn’t practical though.

  2. A more common method used is the correlation of your personal accounts. Anything that requires authentication is generally assumed to be you. This includes things like work accounts, email, and social media. A reasonable connection can be made by correlating the information between the logs of someone’s personal systems and the system someone wishes to identify them on.

  3. Uploaded information can also be used to identify someone. Files contain a good amount of embedded information that can link someone to a system. Many cameras automatically embed geographic coordinates, making them particularly useful for identification purposes.

What can I do if I don’t want to be tracked online?

There are a lot of reasons that people want to have some level of privacy online. Some may fear for their personal safety in response to expressing themselves, while others simply don’t like advertising anything too personal. Whatever your reasons, there are a few steps you could consider, such as:

  1. Using a privacy VPN that doesn’t keep logs

  2. Using an Operating system with a browser built with privacy in mind. Consider the TAILS OS for online activity as a start.

  3. Not using the same Browser/OS/System for things that identify you personally and things you do not want to be identified with easily.

I sincerely hope you found this information useful. If you are interested in what useful intelligence can be derived from IP addresses research “Threat Intelligence.” There are a number of companies that track information related to IP addresses within a useful context. Anomali has a Threat Intelligence Platform designed to work with this information and make it useful with computer operations.

Source: Honeypot Tech

Sean’s DIY Bitcoin Lottery with a Raspberry Pi

After several explorations into the world of 3D printing, and fresh off the back of his $5 fidget spinner crowd funding campaign, Sean Hodgins brings us his latest project: a DIY Bitcoin Lottery!

DIY Bitcoin Lottery with a Raspberry Pi

Build your own lottery! Thingiverse Files: Pi How-to: Instructables: Send me bitcoins if you want!

What is Bitcoin mining?

According to the internet, Bitcoin mining is:

[A] record-keeping service. Miners keep the blockchain consistent, complete, and unalterable by repeatedly verifying and collecting newly broadcast transactions into a new group of transactions called a block. Each block contains a cryptographic hash of the previous block, using the SHA-256 hashing algorithm, which links it to the previous block, thus giving the blockchain its name.

If that makes no sense to you, welcome to the club. So here’s a handy video which explains it better.

What is Bitcoin Mining?

For more information: and What is Bitcoin Mining? Have you ever wondered how Bitcoin is generated? This short video is an animated introduction to Bitcoin Mining. Credits: Voice – Chris Rice ( Motion Graphics – Fabian Rühle ( Music/Sound Design – Christian Barth ( Andrew Mottl (

Okay, now I get it.

I swear.

Sean’s Bitcoin Lottery

As a retired Bitcoin miner, Sean understands how the system works and what is required for mining. And since news sources report that Bitcoin is currently valued at around $4000, Sean decided to use a Raspberry Pi to bring to life an idea he’d been thinking about for a little while.

Sean Hodgins Raspberry Pi Bitcoin Lottery

He fitted the Raspberry Pi into a 3D-printed body, together with a small fan, a strip of NeoPixels, and a Block Eruptor ASIC which is the dedicated mining hardware. The Pi runs a Python script compatible with CGMiner, a mining software that needs far more explanation than I can offer in this short blog post.

The Neopixels take the first 6 characters of the 64-character-long number of the current block, and interpret it as a hex colour code. In this way, the block’s data is converted into colour, which, when you think about it, is kind of beautiful.

The device moves on to trying to solve a new block every 20 minutes. When it does, the NeoPixel LEDs play a flashing ‘Win’ or ‘Lose’ animation to let you know whether you were the one to solve the previous block.

Sean Hodgins Raspberry Pi Bitcoin Lottery

Lottery results

Sean has done the maths to calculate the power consumption of the device. He says that the annual cost of running his Bitcoin Lottery is roughly what you would pay for two lottery scratch cards. Now, the odds of solving a block are much lower than those of buying a winning scratch card. However, since the mining device moves on to a new block every 20 minutes, the odds of being a winner with Bitcoin using Sean’s build are actually better than those of winning the lottery.

Sean Hodgins Raspberry Pi Bitcoin Lottery


But even if you don’t win, Sean’s project is a fun experiment in Bitcoin mining and creating colour through code. And if you want to make your own, you can download the 3D-files here, find the code here, and view the step-by-step guide here on Instructables.

Good luck and happy mining!

The post Sean’s DIY Bitcoin Lottery with a Raspberry Pi appeared first on Raspberry Pi.

Source: RaspberryPi – IOT Anonimo

Source: Privacy Online

Source: Zologic

Retailers Get Big Sales Bump by Investing in RFID Technology

Overhead and handheld radio-frequency identification (RFID) technology is transforming brick-and-mortar retail. Today, nearly 73 percent of all retailers are implementing RFID to track their inventory. The benefit is clear: As consumer shopping behaviors and expectations have shifted dramatically in the digital age, customers now expect to find whatever they want, when they want it, and RFID has helped retailers come a long way to delivering on these expectations. Those that have implemented RFID have seen an average of over 25 percent improvement in inventory accuracy and a profit margin boosted by 60.7 percent. RFID tech spending shows no signs of slowing down, either—it’s growing at over 22 percent per year.

RFID Technology and Handhelds Versus Fixed/Overhead Solutions
But within the RFID space, a debate emerges: Which is better, handheld or overhead (also known as fixed)? There is a common misconception that handhelds provide 80 percent of the RFID benefits at only 20 percent of the cost, implying that RFID handhelds are cheaper and easier to implement than overhead RFID. If retailers are considering only the cost of hardware when making a decision, they might think they’re getting a better deal with a handheld RFID, since only a few scanners are required per store. Fixed sensors might be more expensive and difficult to deploy initially, but over time, it’s handhelds that are likely to prove more expensive. While the upfront cost for an overhead might be, on average, 30 percent higher, ongoing labor cost can be 90 percent lower with an overhead solution.

Two women shop in a store.


Transforming the Brick-and-Mortar Store with Overhead RFID Solutions
While it’s certainly true that any RFID deployment will have its benefits, a retailer will unlock the full spectrum of usage models only with an overhead infrastructure, since it’s only with an overhead solution that retailers can truly automate processes, drive labor efficiencies, get enhanced in-store digital experiences for their customers, and get real-time data with actionable insights.

Tasks performed with a handheld will take substantially more time to do than with an overhead system, and consistency and freshness of the inventory information will be affected as well. In addition, only overhead solutions can provide added benefits such as real-time inventory tracking that enables unified commerce fulfillment or in-store pickup—not to mention the many other in-store value-adds for overheads, such as interactive experience applications like smart fitting rooms, digital interactions with products, dynamic planograms, merchandise flow tracking, self-checkout, and many more.

An overhead solution is also a future-proof investment that can be leveraged as new use cases become important, such as pick-path optimization for ship from store, item location, zone management for larger stores, and consideration tracking, to name some. There is also the added ability to audit employee tasks, ensuring items are not only moved to the floor, but in the right spot. Overheads also provide better information around loss prevention and item theft and have a better ability to track display effectiveness.

Three people shop in a store.


Getting to the Sale Faster
The cost of a handheld reader goes far beyond just the price tag of the hardware. The true cost can lead to inventory distortion, a fragmented, lackluster customer experience, and higher workforce and labor inefficiencies. Because the customer experience is driven by positive personal interaction—something made possible only through an efficient workforce and accurate inventory—it’s the quality of the customer experience that will ultimately bring the process full circle with the sales transaction.

Getting to the sale faster means automating many of the in-store processes that take the retail employee’s attention away from the customer. And the way to enhance the customer experience and get to the sale faster isn’t simply to add more associates to the fold or to make current associates do more handheld RFID scanning. That will only increase operating costs and reduce customer-facing experiences. Even once a retailer has spent the time and money to train an employee on how to properly scan a store with a handheld, the inventory accuracy is still only as good as the last scan.

Intel RRS
The Intel Responsive Retail Sensor (Intel RRS) is a smart retail solution that provides retailers with the best of both the physical and online worlds. It connects the store, bringing digital convenience and intelligence, while also driving revenue growth and reinventing the customer experience. It automates previous repetitive tasks by employees, instead allowing them to focus on customer service, and it optimizes inventory management by reducing out-of-stock and misplaced items. But it also creates new sources of data that can be used to understand shopper browsing and buying habits.

Visit to learn more about how Intel technology is shaping the future of responsive retail. To stay informed about Intel IoT developments, subscribe to our RSS feed for email notifications of blog updates, or visit and Twitter.

The post Retailers Get Big Sales Bump by Investing in RFID Technology appeared first on IoT@Intel.

Source: Network News

WTB: Cryptocurrency Miner Uses WMI and EternalBlue To Spread Filelessly

Trending Threats

The intelligence in this week’s iteration discuss the following threats: APT, Exploit Kit, Malspam, Phishing, Ransomware, Underground Markets, Vulnerabilities, and Zero-days. The IOCs related to these stories are attached to the WTB and can be used to check your logs for potential malicious activity.

Cryptocurrency Miner Uses WMI and EternalBlue To Spread Filelessly (August 21, 2017)
Since July 2017, Trend Micro researchers have observed a new fileless malware campaign that uses the Windows Management Instrumentation (WMI) Event Consumer and the EternalBlue exploit to propagate itself. The WMI Event Consumer scripting application is used to execute fileless scripts and maintain persistence and the EternalBlue exploit as the initial infection vector.
Recommendation: Your company should institute policies that actively monitor and restrict the use of applications that could potentially be used for malicious activity. The WMI service may not need to be accessible on every work machine, and only trusted IT administrators should have access to it to reduce risk of malicious use. Additionally, Microsoft patched the EternalBlue exploit in MS17-010 on March 14, 2017, and it should be applied as soon as possible if it has not been already.
Tags: Malware, Fileless, WMI, EternalBlue

Is Malware Hiding in Your Resume? Vulnerability in LinkedIn Messenger Would Have Allowed Malicious File Transfer (August 18, 2017)
On June 14, 2017, CheckPoint researchers reported vulnerabilities in the messenger platform in the business social network, “LinkedIn,” and subsequently reported them to the company. LinkedIn acknowledged the flaws and patched them as of June 24, 2017. Prior to the fix, actors could bypass security measures by creating a PowerShell script and save it as a PDF file (among other techniques). This would cause the malicious payload to remain undetected and launch when a user downloaded the file.
Recommendation: This story depicts the risk of opening attachments that appear to come from legitimate senders. It is crucial that your employees understand the potential risk of opening online attachments, especially company recruiters as this story portrays.
Tags: Malware, Vulnerability, LinkedIn

New ERROR CryptoMix Ransomware Variant Released (August 18, 2017)
BleepingComputer researchers have discovered a new variant of the CryptoMix ransomware, dubbed “ERROR” after the file extensions the malware appends. The researchers note that the malware functions the same as CryptoMix, but the emails used for payment contact and the extension added to encrypted files have changed.
Recommendation: Ransomware is a continually evolving threat. It is paramount to have a comprehensive and tested backup solution in place. In the unfortunate case a reproducible backup is not in place, make sure to check for a decryptor before considering payment; avoid payment at all costs. Ransomware should be reported to law enforcement agencies who are doing their best to track these actors and prevent ransom from being a profitable business for cyber criminals.
Tags: Ransomware, CrytpoMix variant, ERROR

Two Critical Zero-Day Flaws Disclosed in Foxit PDF Reader (August 17, 2017)
Security researchers have identified two zero-day vulnerabilities (CVE-2017-10951, CVE-2017-10952) associated with command injection and file writing in “Foxit PDF Reader.” It is possible that a threat actor could exploit these vulnerabilities that could allow them to execute arbitrary code on a machine. The vulnerabilities can be exploited via a custom created PDF file and tricking the recipient into opening it.
Recommendation: As of this writing, Foxit has stated that they will not fix the vulnerabilities because they can be avoided if their users enable Safe Reading Mode while opening files.
Tags: Vulnerability, Zero-day

Google Chrome Remote Code Execution Flaw Detailed, PoC Released (August 17, 2017)
The vulnerability assessment company, “Beyond Security,” has released Proof of Concept (PoC) code for a remote code execution vulnerability that affects Google Chrome. The vulnerability resides in the incorrect optimization by the turbofan compiler that causes confusion when trying to access an object array or a value array. The researchers said that the vulnerability was discovered in Chrome version 59, and that it may affect other versions as well.
Recommendation: Your company should have policies in place to ensure that the most recent and secure version of software is being used. If Google chrome has not been updated to version 60, it should be done so as soon as possible because the PoC code may cause threat actors to attempt to exploit the vulnerability.
Tags: Vulnerability, Google Chrome, Remote code execution

It’s Back: Locky Ransomware Is On The Rise Again (August 17, 2017)
A new variant of the “Locky” ransomware has been identified being distributed via spam emails, according to Sophos researchers. This version is called “Lukitus” after the title of the file extensions the malware appends. The spam emails use subject lines such as “PAYMENT” and claim that the attached zip file is a payment receipt. If the zip file is opened, a VBScript downloader will download the Locky payload.
Recommendation: Always be on high alert while reading email, in particular when it has attachments, attempts to redirect to a URL, comes with an urgent label, or uses poor grammar. Use anti-spam and antivirus protection, and avoid opening email from untrusted or unverified senders. Additionally, it is important to have a comprehensive and tested backup solution in place for the unfortunate case of ransomware infection.
Tags: Spam, Ransomware, Locky variant, Lukitus

GhostClicker Adware is a Phantomlike Android Click Fraud (August 16, 2017)
Trend Micro researchers have discovered approximately 340 applications in the Google Play Store that contain auto-clicking adware called, “GhostClicker.” While some of the applications were removed from Google Play, researchers stated that as of August 7, 2017, there 101 infected applications that still remained. One of the applications was downloaded as many as five million times. GhostClicker is capable of generating fraudulent advertisement revenue by falsely generating clicks on advertisement and generating fake traffic.
Recommendation: Always keep your mobile phone fully patched with the latest security updates. Use the Google Play Store / Apple App Store to obtain your software, and avoid downloading applications, even if they appear legitimate, from third-party stores. In addition, it is important to review the permission the application will request and comments from others who have downloaded the application. Furthermore, it is paramount that mobile devices be kept up-to-date with the latest security patches and employ trusted antivirus software.
Tags: Mobile, Android, Adware, GhostClicker

ShadowPad In Corporate Networks (August 15, 2017)
In July, 2017, Kaspersky Labs discovered a backdoor that was implanted in software created by the secure connectivity solution company, “NetSarang Computer Inc.” The backdoor was identified by researchers via suspicious DNS requests that originated from the software. The backdoor is capable of downloading and executing arbitrary code and stores all files it creates at a unique location with encryption to make detection more difficult.
Recommendation: Supply-chain attacks are becoming increasingly common in today’s threat environment. Defending against these attacks is difficult as software updates often come through legitimate channels and would otherwise be trustworthy.
Tags: Backdoor, ShadowPad, Supply-chain

Get Rich or Die Trying: A Case Study on the Real Identity Behind A Wave of Cyberattacks on Energy, Mining and Infrastructure Companies (August 15, 2017)
Check Point researchers have identified a campaign that took place over approximately four months and targeted over 4,000 organizations around the world. The exact amount of companies who were infected was not mentioned but some affected companies include construction, oil and gas, marine and energy, mining, and transportation. A campaign on this this scale is typically attributed to a threat group, but researchers discovered that one Nigerian man was behind the wave of phishing emails. The phishing emails infected recipients with the “NetWire” Remote Access Trojan (RAT), which gives the actor full control over an infected machine, as well as the “Hawkeye” keylogger.
Recommendation: It is important that your company institute policies to educate your employees on phishing attacks. Specifically, how to identify such attacks and whom to contact if a phishing email is identified. Furthermore, maintain policies regarding what kind of requests and information your employees can expect to receive from colleagues, business partners, and management.
Tags: Phishing, Cybercriminal

Malspam Pushing Trickbot Banking Trojan (August 15, 2017)
Researchers have discovered that threat actors are distributing the “Trickbot” banking trojan via typosquatted domains created to impersonate financial institution’s legitimate websites. The actors are using emails that purport to come from financial institutions’ email addresses and claim that the user has received a secure attachment. The attachment has been discovered to be either an HTML file that downloads a Microsoft Office document, or an Office document. The Office attachment will infect the recipient with the Trickbot trojan if macros are enabled.
Recommendation: All employees should be educated on the risks of phishing. Additionally, it is important to know what kind of emails you and your company can expect to receive from the financial entities with whom you conduct business. This will assist in identifying potential malspam and phishing attempts.
Tags: Malspam, Trickbot

A Quick Look At A New KONNI RAT Variant (August 15, 2017)
A new variant of the KONNI Remote Access Trojan (RAT) has been observed being distributed via phishing emails, according to Fortinet researchers. The decoy document is titled “12 things Trump should know about North Korea” and contains a Visual Basic macro that drops and then executes the KONNI installer.
Recommendation: All employees should be educated on the risks of phishing, specifically, how to identify such attempts and whom to contact if a phishing attack is identified. It may also be useful for employees to stop using email attachments, in favor of a cloud file hosting service like Box or Dropbox.
Tags: KONNI, Phishing

The Blockbuster Saga Continues (August 14, 2017)
Palo Alto Networks’ Unit 42 researchers have identified a new phishing campaign believed to be conducted by a group associated with the North Korean Advanced Persistent Threat (APT) group. Specifically, the group that conducted “Operation Blockbuster” and “Operation Blockbuster Sequel.” Researchers note that this campaign has been ongoing through July and began in April 2017. The actors are using phishing emails with malicious Microsoft Office attachments that are targeting U.S. defense contractors with appropriately themed decoy documents such as fake job descriptions.
Recommendation: Defense in depth (layering of security mechanisms, redundancy, fail safe defense processes) is the best way to ensure safety from APTs, including a focus on both network and host based security. Prevention and detection capabilities should also be in place. Furthermore, all employees should be educated on the risks of phishing, and how to identify such attempts.
Tags: Threat group, Phishing

New Disdain Exploit Kit Sold on Underground Hacking Forums (August 14, 2017)
Security researcher, David Montenegro, has discovered that a new exploit kit called, “Disdain,” is being advertised for purchase on underground forums. The exploit kit is being advertised by an actor called, “Cehceny,” for others to purchase for rent on a basis of daily, weekly, or monthly subscriptions costing $80, $500, and $1,400 USD. Cehceny is advertising 15 CVEs and other capabilities and features for Disdain including browser and IP tracking, domain rotator, geolocation availability, untraceable panel server from payload server, RSA key exchange for exploits, and a scan domain. Researchers note that Cehceny has been labeled as a “scammer” on another well-known underground forum, and therefore it is unclear if this exploit kit will become popular.
Recommendation: Always keep your browser and operating system up to date, including any browser add-ons you may need (Flash, Java). Employ network as well as host based detection and prevention systems where possible.
Tags: Exploit kit, Underground forum, Cybercriminal

Locky Strikes Another Blow, Diablo6 Variant Starts Spreading Through Spam (August 14, 2017)
A new variant of the notorious “Locky” ransomware dubbed, “Diablo6,” is being distributed via a new spam campaign, according to Fortinet researchers. The emails purport to have receipt attachments or simply just a file attachment. The attachment will attempt to launch a compressed VBS downloader that leads to a download URL to fetch the Diablo6 payload if opened. The ransom note states that all of the files are encrypted with RSA-2048 and AES-128 ciphers and provides a link to follow for ransom payment.
Recommendation: Always be on high alert while reading email, in particular when it has attachments, attempts to redirect to a URL, comes with an urgent label, or uses poor grammar. Use anti-spam and antivirus protection, and avoid opening email from untrusted or unverified senders. Additionally, it is important to have a comprehensive and tested backup solution in place for the unfortunate case of ransomware infection.
Tags: Locky, Malspam

Observed Threats

This section includes the top threats observed from the Anomali Community user base as well as sensors deployed by Anomali Labs.

Locky Tool Tip
Locky is ransomware that is widely spread via phishing messages. Locky first appeared in early 2016. Locky is strongly correlated with the cyber criminal groups related to the dridex and necurs botnets. Multiple waves of Locky samples are distributed daily. The delivery mechanism has evolved over time. The delivery mechanism has been spam messages with executable attachments, MS Word document attachments using Macros to retrieve then execute Locky, and Zip files that extract JavaScript loaders that retrieve then execute Locky. Hosts compromised by Locky display a ransom-note with instructions on how to decrypt the encrypted files. Encrypted files are renamed .locky or .zepto.
Tags: Locky, Ransomware

Source: Honeypot Tech

Mod your Nerf gun with a Pi

Michael Darby, who blogs at 314reactor, has created a new Raspberry Pi build, and it’s pretty darn cool. Though it’s not the first Raspberry Pi-modded Nerf gun we’ve seen, it’s definitely one of the most complex!

Nerf Gun Ammo Counter / Range Finder – Raspberry Pi

An ammo counter and range finder made from a Raspberry Pi for a Nerf Gun.

Nerf guns

Nerf guns are toy dart guns that have been on the market since the early 1990s. They are popular with kids and adults who enjoy playing paintball, laser tag, and first-person shooter video games. Michael loves Nerf guns, and he wanted to give his toy a sci-fi overhaul, making it look and function more like a gun that an avatar might use in Half-Life, Quake, or Doom.

Modding a Nerf gun

A busy and creative member of the Raspberry Pi community, Michael has previously delighted us with his Windows 98 wristwatch. Now, he has upgraded his Nerf gun with a rangefinder and an ammo counter by adding a Pi, a Pimoroni Rainbow HAT, and some sensors.

Setting up a rangefinder was straightforward. Michael fixed an ultrasonic distance sensor pointing in the direction of the gun’s barrel. Live information about how far away he is from his target is shown on the Rainbow HAT’s alphanumeric display.

View of Michael Darby's nerf gun range finder

To create an ammo counter, Michael had to follow a more circuitous route. Since he couldn’t think of a way to read out how many darts are in the Nerf gun’s magazine, he ended up counting how many darts have been shot instead. This data is collected via a proximity sensor, a device that can measure shorter distances than an ultrasonic sensor. Michael aimed the sensor towards the end of the barrel, attaching it with Blu-Tack.

View of Michael Darby's nerf gun proximity sensor

The number of shots left in the magazine is indicated by the seven LEDs above the Rainbow HAT’s alphanumeric display. The countdown works for more than seven darts, thanks to colour coding: the LEDs count down first in red, then in orange, and finally in green.

In a Python script running on the Pi, Michael has included a default number of shots per magazine. When he changes a magazine, he uses one of the HAT’s buttons as a ‘Reload’ button, resetting the counter. He has also set up the HAT so that the number of available shots can be entered manually instead.

Nerf gun modding tutorial

On Michael’s blog you will find a thorough step-by-step guide to how he created this build. He has also included his code, and links to all the components, software installation guides, and test scripts he has used. So head on over there if you’re keen to mod your own nerf gun like this, and take a look at some of his other projects while you’re there!

Michael welcomes suggestions for how to improve upon his mods, especially for how to count shots in a magazine automatically. Do you have an idea? Let usand himknow in the comments!

Toy mods

Over the years, we’ve covered quite a few fun toy upgrades, and some that may have to be approached with caution. The Pi-powered busy board for babies, the ‘weaponized’ teddy bear, and the inevitable smart Fisher Price phone are just a few from our archives.

What’s your favourite childhood toy, and how could it be improved by the addition of a Pi? Share your ideas with us in the comments below.

The post Mod your Nerf gun with a Pi appeared first on Raspberry Pi.

Source: RaspberryPi – IOT Anonimo

Source: Privacy Online

Source: Zologic