Tag Archives: c amp

Cyber Attacks, IT Security News

How a Security Industry Collective Shattered The Latest Hlux/Kelihos Botnet

March 29, 2012 bitconsult Leave a comment

On the heels of news earlier this week that Microsoft led an operation that resulted in the takedown of several Zeus botnets, on Wednesday more news came from the security industry on the successful takedown of yet another large botnet.

On Wednesday, experts from Kaspersky Lab along with others including experts from newly formedsecurity firm CrowdStrike, Dell SecureWorks and members of the Honeynet Project, announced the successful takedown of the second Hlux/Kelihos botnet. (Microsoft refers to the botnet as Kelihos, while Kaspersky calls it the Hlux botnet.) Continue reading How a Security Industry Collective Shattered The Latest Hlux/Kelihos Botnet →

Duqu, Virus & Worms

Kaspersky Lab: Duqu Framework Likely Written in an Unknown Programming Language

March 12, 2012 bitconsult Leave a comment

Duqu's Uknown Programming Language

Kaspersky Lab Researchers Say Parts of Duqu Are Written in an Unknown Programming Language, Uses Asynchronous Commutations

Duqu, sometimes referred to as “Son of Stuxnet”, surfaced in October 2010 and has been the subject of considerable industry research as experts attempt to unveil more details on the mystery and origin of the malware. Duqu was designed to help attackers infiltrate systems via backdoor access and steal information and data primarily from industrial control systems and corporate secrets. In other words, the ultimate cyber-espionage weapon. Continue reading Kaspersky Lab: Duqu Framework Likely Written in an Unknown Programming Language →

DDos Attacks, Vulnerability News

Variant of Zeusbot/Spyeye Botnet uses p2p network model

February 24, 2012 bitconsult Leave a comment

Cybercriminals are using a modified version of the Zeusbot/Spyeye, which is using a peer-to-peer (P2P) network architecture, rather than a simple bot to command-and-control (C&C) server system, making the botnet much harder to take down, Symantec warned. ZeuS is very popular in the cybercriminal world because it’s capable of stealing a wide variety of information, documents and login credentials from infected systems. Continue reading →

Information Security Evangelist

The ePickpocketer July 28, 2015
The great EMV migration has been here with us for a while and everybody is excited with the new innovations of cashless payment (especially matatu industry) which brought a lot of excitement even though still trying to trace its tracks to be adopted industry-wide. This is because no other industry Kenyans detest like the matatu … Continue reading The ePickpo […]
bitconsult
The OpenSSL Vulnerability – CVE-2015-1793 July 10, 2015
Severity: High What is OpenSSL? OpenSSL is a general purpose cryptography library that implements a cryptographic security protocol called TLS/SSL, and puts the “S” in HTTPS for many websites. The Vulnerability Hackers can lure or misdirect a user to a bogus website/ email server, and any other internet service using TLS/SSL for its secure communication […]
bitconsult
Spear Phishing – Simple, very effective and most prevalent social engineering hacking technique May 21, 2015
Spear-phishing is an attempt by a hacker to obtain confidential information about a user through fraudulent means by targeting a specific employee in order to gain access to information. While phishers are usually attempting to steal from the victim, spear phishers attempt to compromise the victim’s company’s network and systems to steal corporate secrets, i […]
bitconsult
PENETRATION TESTING OF ANDROID-BASED TABLET May 12, 2015
ABSTRACT “If you know the enemy and know yourself you need not fear the results of a hundred battles.” – Sun Tzu, Ancient Chinese Strategist and Philosopher The purpose of this a study is to conduct a pen test in android-based tablet. The pen test was implemented in a manner that simulated a malicious attacker … Continue reading PENETRATION TESTING OF ANDROI […]
bitconsult
How to create strong passwords January 28, 2015
The world has become a digital village and each one of us has got various computing devices at their disposal (Mobile phones, Personal Computers, Laptops, and tablets). Operate myriads of social media accounts (Facebook, LinkedIn, yahoo, Gmail and many more). The common denominator for all of them is the ‘PASSWORD’. Oxford online dictionary password defines […]
bitconsult
LEGAL ARGUMENTS FOR AND AGAINST THE USE OF OPEN SOURCE FORENSICS TOOLKITS IN COURT PROCEEDINGS IN KENYA October 23, 2014
Originally posted on BitCyber Security Consultants: Abstract Purpose – The purpose of this paper is to explore legal arguments for and against the use of open source forensics toolkits in court proceedings in Kenya Design/methodology/approach– The methodology used is literature review from scientific research papers and laws of Kenya. Findings–There is no re […]
bitconsult
#Shellshock bug – critical vulnerability in the Bash Unix command-line interpreter October 1, 2014
Shellshock or Bashdoor is a security bug found in Unix Bash shell. It is a critical flaw which has been discovered on 24 September 2014 by Akamai Technologies security researcher Stephane Chazelas. “Many Internet daemons, such as web servers, use Bash to process certain commands, allowing an attacker to cause vulnerable versions of Bash to execute … Continu […]
bitconsult
The Microsoft Security Intelligence Report – Volume 16, 2014 summary based on Kenya information security environment in 17 points May 22, 2014
Microsoft has released security intelligence report giving analysis of the threat and attack vectors globally. “The Microsoft Security Bulletins and Microsoft Security Advisories that are issued each month give IT professionals the latest information about vulnerabilities, the products they affect, and any security updates or actions they can implement to mi […]
bitconsult
Oracle Critical Patch Updates for April 2014 April 17, 2014
Oracle has released April 2014 critical Patch Updates addressing serious flaws and vulnerabilities that have been identified. ” Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory” (Oracle, 2014). The patches address 104 security vulnerabilities con […]
bitconsult
‘Heartbleed’ critical bug affecting most websites in Kenya April 9, 2014
OpenSSL is used by most of websites in Kenya (most i come across are open source and made from joomla), so the flaw impacts almost everyone who is using open source web servers like Apache and nginx . Those not impacted by this two year-old bug are immune either because their websites don’t support SSL … Continue reading ‘Heartbleed’ critical bug affecting m […]
bitconsult

%d bloggers like this: