Onapsis Bizploit v1.50 – SAP Penetration Testing Framework

Onapsis Bizploit is an SAP penetration testing framework to assist security professionals in the discovery, exploration, vulnerability assessment and exploitation phases of specialized SAP security assessment. The framework currently ships with many plugins to assess the security of SAP Business Platforms. Additional plugins are available for...

Read the full post at darknet.org.uk

Twitch-targeting botnets use infected PCs to inflate viewer audiences

With video streaming site Twitch paying lucrative wages to celebrity gamers, it was inevitable—botnet-for-hire services that use hacked computers to fraudulently inflate viewership.

According to a report published Friday by security firm Symantec, underground markets and, in some cases, sites on the open Web host several services promising to generate large viewing audiences on Twitch and other streaming sites. One such service claims that each infected computer can be commandeered to open five separate streams carried on a selected broadcaster's Twitch channels. (To keep owners of the compromised computers in the dark, the streams are hidden and muted.) Premium services also offer automated "chatters" that interject users' comments live during the streaming.

An ad for one for-hire Twitch botnet.

"While many broadcasters stream their gameplay online as a hobby, some have managed to turn it into a well-paid full time job," Symantec researcher Lionel Payet wrote. "Over the past few years, this business model has grown sharply, so it's unsurprising that scammers are piggybacking on the industry in a parallel underground economy."

Read 2 remaining paragraphs | Comments

Cyber Vulnerability in Wind Turbines

It has been reported that a wind turbine which is deployed across the energy sector worldwide has been hacked.  Due to a software bug, an attacker can get the user name and password from the browser.  This can allow admin rights to the whole system.

Why is this important?

Any vulnerability in IT systems allows attackers to access data unlawfully.  It is also a good example of how easy it is to end up with a cyber risk on your hands in critical national infrastructure.  The EU is planning a new Cyber Directive to strengthen the security obligations on “market operators” of “critical infrastructure”.  While it is great to have a Digital Agenda for cyber risk in Europe, the real issue is trying to ensure that system vulnerabilities are avoided.  We have done this for years in major IT systems.  The same thinking needs to be applied to new Internet-enabled devices and objects.  Then think about data leaks with wearable tech…!