VPNFilter-affected Devices Still Riddled with 19 Vulnerabilities

by Tony Yang and Peter Lee (Consumer Yamato Team)

Our IoT Smart Checker allows users to identify if connected devices (e.g. routers, network attached storage devices, IP cameras, and printers) in a given network are vulnerable to security risks and vulnerabilities, such as those related to Mirai, Reaper, and WannaCry.

Advice on UK ethical hacking certifications





A subreddit dedicated to hacking and hackers. What we are about: constructive collaboration and learning about exploits, industry standards, grey and white hat hacking, new hardware and software hacking technology, sharing ideas and suggestions for small business and personal security.

Upatre Continued to Evolve with new Anti-Analysis Techniques

First discovered in 2013, Upatre is primarily a downloader tool responsible for delivering additional trojans onto the victim host. It is most well-known for being tied with the Dyre banking trojan, with a peak of over 250,000 Upatre infections per month delivering Dyre back in July 2015. In November 2015 however, an organization thought to be associated with the Dyre operation was raided, and subsequently the usage of Upatre delivering Dyre dropped dramatically, to less than 600 per month by January 2016.

No More Paralysis by Analysis: How Security is Evolving to Real-Time Outcomes

A well-known CISO customer was recently telling me about his experience with implementing new security solutions. His consistent feeling? Dread – the security alerts and things that can suddenly break in the beginning can be overwhelming. “Everything goes red,” he said, referring to the immediate influx of red alerts and false positives that seem to accompany each new security deployment.

What The Latest Mueller Indictment Tells Us About Election Hacking

Summer Fridays just aren’t as relaxing as they used to be. This afternoon, special counsel Robert Mueller released indictments of 12 Russian intelligence officers alleging that they conspired to hack into various Democratic Party computers and email accounts during the 2016 election, and that they communicated with people associated with the Trump campaign. The indictment also singled out Russian intelligence for having hacked into a state board of elections website and a private company that helps administer elections.

Russian hackers used bitcoin to fund election interference, so prepare for FUD

The indictment filed today against 12 Russians accused of, among other things, hacking the DNC and undermining Hillary Clinton’s campaign also notes that the alleged hackers paid for their nefarious deeds with bitcoin and other cryptocurrencies. This unsavory application of one of tech’s current darlings will almost certainly be wielded against it by opportunists of all stripes.

Cyber News Rundown: Ticketmaster Hack Reveals Mega Breach

Reading Time: ~2 min.

Ticketmaster Snafu Only Tip of the Iceberg

After last month’s Ticketmaster breach, a follow-up investigation found it to be part of a larger payment card compromising campaign affecting more than 800 online retail sites worldwide. The cause of the breach appears to stem from the third-party breaches of several Ticketmaster suppliers, which allowed hackers to integrate their own code within the software to compromise a far larger audience than originally realized.

Threat Hunting: IOCs and Artifacts


Unusual behavior of information technology assets within an organization may be a hint that the organization is undergoing a cyberattack. Threat-hunting teams will often assess the environment for commonly-known and documented threats by implementing Indicators of Compromise (IOCs).