nullcon Information Security Conference 8Bit, Goa 2017




nullcon‍ was founded in 2010 with the idea of providing an integrated platform for exchanging information on the latest attack vectors, zero day vulnerabilities and unknown threats. Our motto - "The neXt security thing!" drives the objective of the conference i.e. to discuss and showcase the future of information security and the next-generation of offensive and defensive security technology. The idea started as a gathering for researchers and organizations to brainstorm and demonstrate why the current technology is not sufficient and what should be the focus for the coming years pertaining to information security. In addition to security, one of the section of the conference called Desi Jugaad (Hindi for "Local Hack") is dedicated to hacking where we invite researchers who come up with innovative security/tech/non-tech solutions for solving real life challenges or taking up new initiatives.

The nullcon conference is a unique platform for security companies/evangelists to showcase their research and technology. Nullcon hosts Prototype, Exhibition, Trainings, Free Workshops, null Job Fair at the conference. It is an integrated and structured platform, which caters to the needs of IT Security industry at large in a comprehensive way.

The event consists of 25 speeches and 11 training sessions, which cover all major topics of IT security industry. The conference is created for security companies/enthusiasts so they can showcase the most up to date research and technology on the topic. The shared knowledge is usually used afterwords within the organizations. Moreover, we host ExhibitionFree WorkshopsCTF Hacking competitionsJob FairBlackShield Awards and other events at the conference.

The Keynote will be addressed by Joshua Pennell, Founder & President, IOActive, following which we would have talks by various international security researchers on topics such as, ATM Hackings, Drone Hijacking, Telecom Protocol Security, Blockchain issues, Cloud Security, Bug Hunting, Social Engineering, Botnets and lots more.

With nullcon 8-bit edition we have made a lot of changes bringing the conference to the next level:
  • We anticipate to have 1000 people,
  • Additional DevOps Security Track,
  • New Trainings on Cloud Security, IoT, Infrastructure, Hardware Security,
  • New CXO Panel session,
  • Larger exhibition vendor area etc.

Nullcon Goa 2017 Dates:
  • Training - 28th Feb to 2nd March 2017
  • Conference - 3rd to 4th March 2017

New Venue:
Holiday Inn Resort, Mobor Beach, Cavelossim, Salcette, Goa - India.
Registartion is still open! Get your pass here: http://nullcon.net/website/register-goa.php

We are happy to announce that we are giving 10% discount for a conference pass if you are E Hacking News Reader! Don’t miss your chance to visit the leading Asia's Information Security Conference!

Visit our website for more information: http://nullcon.net/website/
We are looking forward to seeing you at the conference!

Twitter's bug could expose contact numbers of users

Micro-blogging website, Twitter had squashed its password recovery bug on Wednesday (February 17) which had affected its password recovery systems last week.

The bug which had affected the systems for about 24 hours had the intensity to extract a user’s personal information including the e-mail address and contact number.  

The company has notified affected users, though it’s believed to have impacted fewer than 10,000 of Twitter’s more than 320 million monthly active users.

If a user has no received a mail, then it implies that there account is safe.

The company would also call on law enforcement officials to investigate any users who they find exploited the security bug to access someone else’s account information.

The issue reminds of the practice what the company refers to as “good security hygiene,” including double authentication.

While the issue did not impact user security, it illustrates the trouble users face with protecting their own data. 

While users could have strong passwords, use two-factor authentication, and employ other security techniques but if a company’s network is hacked, there’s little customers can do but watch their information fall into the hands of malicious parties.

Banks face new APT style robbery attacks

A year after Kaspersky Lab researchers warned that cyber-criminals would start to adopt sophisticated tactics and techniques from APT groups for use in bank robberies, the company has confirmed the return of Carbanak as Carbanak 2.0 and uncovered two more groups working in the same style: Metel and GCMAN who attack financial organizations use covert APT-style reconnaissance and customized malware along with legitimate software and new, innovative schemes to cash out.

The Metel cyber-criminal group gains control over machines inside a bank that have access to money transactions. The gang can automate the rollback of ATM transactions which shows that the balance in debit card remains same regardless of number of ATM restrictions.

The group of these criminals steals money by driving around cities in Russia at night and emptying ATM machines belonging to a number of banks, repeatedly using the same debit cards issued by the compromised bank.

The researchers also uncovered that the Metel operators achieve their initial infection through specially crafted spear-phishing emails with malicious attachments, and through the Niteris exploit pack, targeting vulnerabilities in the victim’s browser. After they cross the network, the cybercriminals use legitimate and pentesting tools to move laterally, hijacking the local domain controller and eventually locating and gaining control over computers used by the bank’s employees responsible for payment card processing.

Investigation is on to know further details. So far no attacks outside Russia have been identified.

The three gangs identified are shifting toward the use of malware accompanied by legitimate software in their fraudulent operations.

Meanwhile, GCMAN successfully attacks an organization without the use of any malware, running legitimate and pentesting tools only. Kaspersky Lab experts have investigated, we saw GCMAN using Putty, VNC, and Meterpreter utilities to move laterally through the network till the attackers reached a machine which could be used to transfer money to e-currency services without alerting other banking systems.

In one attack observed by Kaspersky Lab, the cybercriminals stayed in the network for one-and-a-half years before activating the theft. Money was being transferred in sums of about $200, the upper limit for anonymous payments in Russia.

Founded in 1947, Kaspersky Lab products has released crucial Indicators of Compromise (IOC) and other data to help organizations search for traces of these attack groups in their corporate networks.

Security flaw in Trend Micro unveiled by Google security Researcher

Google security researcher, Tavis Ormandy has found bugs in Password Manager of global security software company, Trend Micro.

Password Manager is a component installed by default with Trend Micro’s Premium Security and Maximum Security home products.

Ormandy informed Trend Micro about his findings on January 05.

The bug which is primarily written in JavaScript with node.js could allow remote code execution by any website and steal all passwords of a user. He also noted that it was also possible to bypass Internet Explorer’s Mark of the web (MOTW) security feature and execute commands without letting the victim receive any notification.

Ormandy took 30 seconds to identify an API that could be leveraged for remote code execution (RCE).  Overall, Ormandy found over 70 APIs exposed to the Internet.

Exploiting a vulnerability can give an attacker deep access to a computer.

Several serious vulnerabilities have been found in the last seven months in antivirus products from vendors including Kaspersky Lab, ESET, Avast, AVG Technologies, Intel Security (formerly McAfee) and Malwarebytes.

Security bug in most popular antivirus softwares

Three most popular antivirus softwares  were  detected with the serious security flaws that could allow hackers to infiltrate the Windows computer via antivirus itself.

enSilo a security researchers have discovered  that AVG, McAfee, and Kaspersky have a common security bug.

This year in March, the security researchers at  enSilo found a security flaw in antivirus engine AVG Internet Security 2015. The security bug creates a memory space with full RWX (read-write-execute) privileges in the predictable address space that a hacker could easily force their malicious code to execute inside that memory address and have the same privileges as the antivirus process (which is system-level).

enSilo informed the AVG employees about the security flaw, and they fixed the issue within two days.

With the seriousness of the bug enSilo decided to tests the other commonly used antivirus software’s. They found the same bug in Intel Security's McAfee Virusscan Enterprise version 8.8 and Kaspersky Total Security 2015 - 15.x.

enSilo notified each company about the security bug.

"Intel Security takes the integrity of our products very seriously. Upon learning of this particular issue, we quickly evaluated the researchers' claims and took action to develop and distribute a solution addressing it," an Intel Security representative told Softpedia.

Keeping the possible widespread nature of the problem in mind, enSilo has created a free checking utility called AVulnerabilityChecker, and advised every user to check that they have all the latest updates.

"We'll continue updating this list as we receive more information," said Tomer Bitton, VP of research at enSilo, in a blog post.

"Given that this is a repetitive coding issue amongst Anti-Virus – an intrusive product, we believe that this vulnerability is also likely to appear in other intrusive products, non-security related, such as application-performing products."

Dell says "sorry" for installing vulnerable digital certificate


Dell has apologized as it confirmed via a blog post that a certificate (eDellRoot), installed on its PCs that introduced a security vulnerability.

It is said that the certificate allows attackers to cryptographically impersonate HTTPS-protected websites. However, the company has issued a software tool that removes the transport layer security credential from affected machines.

The certificate will not reinstall itself, once it is properly removed using the recommended Dell process.

“The certificate was implemented as part of a support tool and intended to make it faster and easier for our customers to service their system. Customer security and privacy is a top concern and priority for Dell; we deeply regret that this has happened and are taking steps to address it,” the company said in the blog post.

According to the blog post, Dell’s customers, Hanno Böck, Joe Nord and Kevin Hicks, aka rotorcowboy, informed the company about the presence of such certificate on its PC.

Dell has claimed that the certificate was not a malware but was there to provide the system service tag to Dell online support allowing us to quickly identify the computer model, making it easier and faster to service their customers.


“We have posted instructions to permanently remove the certificate from your system here. We will also push a software update starting on November 24 that will check for the certificate, and if detected remove it. Commercial customers who reimaged their systems without Dell Foundation Services are not affected by this issue. Additionally, the certificate will be removed from all Dell systems moving forward,” the company added.