The previous trend of using stolen certificates to digitally sign malware (to circumvent OS’s requirements for valid digital signatures om files to install SW) has been overtaken by black hats issuing counterfeit certificates pretending to be the institution the certificates are issued to. Social engineering to the next leve is one way of looking at this. Recorded Future has an analysis of the current market place, with a tracking of the 3 largest dark web merchants and their volumes over the last 5 years. Also a breakdown of the current offerings available. Note that the high-end certs are Symantec Certs, the CA that got phased ut by the browser vendors after numerous issues, so the hope is that this will remove the EV certificates from this kind of use.
Tag: Black Hat
Skimming devices now call home
A new generation of mag-stripe skimmers with a fully built in GSM device has been found in US Petrol pumps, as shown in a recent article by Brian Krebs. The captured devices contained a common T-Mobile GSM SIM, allowing for the captured data to be immediately transferred via SMS to the skimmers for real time use and abuse. All of course down the the US slowness in implementing the Chip / PIN security aspects ot EMV.
DEFCON 25 – Wired’s favorite Black Hat Hacks
Summary article from Wired on the best of the Black Hat hacks shown DEFON 25. From hacking smart guns, to hacking Teslas and other cars, new Botnet technologies and their take downs and the general worry that is IOT. Well worth a read.