FIN7 Hackers Leveraging Password Reuse and Software Supply Chain Attacks

The notorious cybercrime group known as FIN7 has diversified its initial access vectors to incorporate software supply chain compromise and the use of stolen credentials, new research has revealed. "Data theft extortion or ransomware deployment following FIN7-attributed activity at multiple...

FIN7 Mails Malicious USB Sticks to Drop Ransomware

Ransomware gangs are mailing malicious USB drives, posing as the U.S. Department of Health and Human Services HHS and/or Amazon to target the transportation, insurance and defense industries for ransomware infection, the FBI warned on Friday. In a security alert sent to organizations, the FBI sai...

Attackers are mailing USB sticks to drop ransomware on victims’ computers

Physical objects as security threats are in the news at the moment. The oft-touched upon tale of rogue USB sticks is a common one. Being wary of random devices found on the floor, or handed out at events is a smart move. You simply don’t know what’s lurking, and it’s hard to find out safely witho...

Use Safety and Precaution When Using USBs

Removable USB devices are basic instruments for storing and transferring files from one device to another. Although they’re convenient to use, they can also pose a potential threat to your devices—especially when used without prior caution. There are reported instances, where researchers weren’t...

Bad Ducky - Rubber Ducky Compatible Clone Based On CJMCU BadUSB HW

Bad Ducky is yet another Rubber Ducky clone. It is based on CJMCU BadUsb ATMEGA32u4 - Arduino Leonardo clone board with onboard card reader, which you can buy on ebay or aliexpress. My goal was to create something compatible with Rubber Ducky scripts, while having ability to easily choose which...

OverThruster - HID Attack Payload Generator For Arduinos

OverThruster is a tool to generate sketches for Arduinos when used as an HID Attack. It was designed around devices with the ATMEGA32U4 chip, like the CJMCU-BEETLE, or the new LilyGo "BadUSB" devices popping up on ebay and aliexpress that look like USB sticks but contain an Arduino. I wrote this...

Caution Urged over Patched Windows USB Driver Flaw

USB-related vulnerabilities make people nervous; you need look no further than Stuxnet and BadUSB to see the dangers associated with infected portable storage devices and peripherals. Yesterday, Microsoft patched a flaw in the Windows USB Mass Storage Class Driver that could put some people on...

Kali Linux NetHunter

Official Offensive Security have obsessively been building Kali on weird and wonderful ARM hardware and today, we are proud to reveal their latest creation – the Kali Linux NetHunter. NetHunter is a Android penetration testing platform for Nexus devices built on top of Kali Linux, which includes...

BadUSB Vulnerabilities in ICS Gear

CANCUN – BadUSB was the hot hack of the summer of 2014. Noted researcher Karsten Nohl delivered a talk at Black Hat during which he explained how USB controller chips in peripheral devices that connect over USB can be reprogrammed. The result is a completely compromised device hosting undetectabl...

Kali Linux NetHunter - Android penetration testing platform

NetHunter is a Android penetration testing platform for Nexus and OnePlus devices built on top of Kali Linux, which includes some special and unique features. Of course, you have all the usual Kali tools in NetHunter as well as the ability to get a full VNC session from your phone to a graphical...

GPG 32-Bit Short Key ID Collision Attacks

Attack and vulnerability details are often disclosed in order to prompt vendors and project maintainers into action. It happened recently with publication of attack code that mimicked the work of Karsten Nohl on BadUSB and tried to nudge Phison Electronics of Taiwan into looking at its USB...

Half of Leading USB Controller Chips Vulnerable to BadUSB

BadUSB hasn’t gone from bad to worse necessarily, but it sure has reached a new state of confusion for security experts and consumers in the crosshairs. Researcher Karsten Nohl, who warned the world during Black Hat last summer that the controller chips in most USB devices could be reprogrammed t...

The researchers published BadUSB attack test exploit code-exploit warning-the black bar safety net

! The world's most evil USB peripherals – BadUSB In 2 0 1 4 in the United States in the black hat conference, Berlin SRLabs security researchers JakobLell and independent security researchers Karsten Nohl shows they called“BadUSB”according to the BadBIOS namedmethod of attack, this attack method ...

Karsten Nohl BadUSB Patch Fall Short of a Fix

Two researchers who released code that can be used to exploit a critical weakness in most USB drives followed that up Sunday with their version of a patch for the problem. The attack code and subsequent patch is a response to the BadUSB research released during Black Hat this summer, yet, the fix...

Hackers publish the BadUSB fix patch only applies to the latest version of the group with the USB 3.0 firmware-bug warning-the black bar safety net

Last week, two hackers announced they had the BadUSB code reverse engineering, and on GitHub published. As for the reason for this, is to give the industry the pressure is applied, in order to quickly come up with a solution--although doing so will also make the user more vulnerable to face...

BadUSB Malware Code Released — Turn USB Drives Into Undetectable CyberWeapons

Once again USB has come up as a major threat to a vast number of users who use USB drives – including USB sticks and keyboards. Security researchers have released a bunch of hacking tools that can be used to convert USB drive into silent malware installer. This vulnerability has come about to be...

Dennis Fisher and Mike Mimoso Discuss Bash, Shellshock and BadUSB

Dennis Fisher and Mike Mimoso talk about the Bash Shellshock bug nightmare and the BadUSB code release. Download: digitalunderground169.mp3 Music by Chris Gonsalves...

BadUSB Attack Code Publicly Disclosed

Rarely in security is anything an absolute, but in the case of the BadUSB research that emerged during this year’s Black Hat conference, phrases such as “completely compromised” and “undetectable” paint a grim picture for the security of devices that communicate over USB. Over the weekend, the...

Kali Linux "NetHunter" — Turn Your Android Device into Hacking Weapons

The developers of one of the most advance open source operating system for penetration testing, 'KALI Linux' have announced yesterday the release of a new Kali project, known as NetHunter, that runs on a Google Nexus device. Kali Linux is an open source Debian-based operating system for penetrati...