First look at the Pwn Pad 3, the latest in mobile security mayhem

Pwnie Express, the company that began as a builder of "drop boxes" for penetration testers and white-hat corporate hackers, has been evolving toward a more full-service security auditing platform vendor over the past few years while continuing to refine its hardware and software in ways that appeal to the corporate security set. Now Pwnie has released the third generation of its flagship mobile penetration testing platform, the Pwn Pad, bringing the Android and Kali Linux-based platform a step further away from the rough-hewn penetration testing tools it began with and into the realm of something with a lot more polish—and performance.

Pwnie Express' Mobile Platform Engineer Tim Mossey and Director of Research and Development Rick Farina recently gave Ars a walk-through of the Pwn Pad 3, which has just begun shipping out to pre-order customers. We expect to do a full review of the Pwn Pad 3 soon but wanted to get an early look at what to expect. The biggest visible change is the hardware itself, as Pwnie has left the relative comfort zone of Google's reference platform Nexus tablets and moved to the more powerful Nvidia Shield. But there are some changes behind the scenes as well that make the Pwn Pad 3 act more like an actual flagship commercial product and less like something way off the corporate reservation.

Full disclosure is in order here—Ars bought hardware from Pwnie Express to support our own security testing lab, and we enlisted help from Pwnie Chief Technology Officer Dave Porcello for our joint project with National Public Radio last year. So we've had a bit of experience with Pwnie's platform in many of its incarnations. We've also worked with a number of open source penetration tools, including the Kali Linux-based NetHunter platform for Android.

Read 8 remaining paragraphs | Comments

Cisco Releases Security Updates

Original release date: June 25, 2015

Cisco has released security updates to address vulnerabilities in Web Security Virtual Appliance (WSAv), Email Security Virtual Appliance (ESAv), and Content Security Management Virtual Appliance (SMAv) software. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of the affected appliance.

US-CERT encourages users and administrators to review the Cisco Security Advisory and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

FBI says crypto ransomware has raked in >$18 million for cybercriminals

The FBI's Internet Crime Complaint Center (IC3) has issued an alert warning businesses and individuals about the continued spread of cryptographic ransomware. This malware encrypts a victim's files with a key held by criminals on a remote server, and it then extorts money from the victim to recover those files. The biggest threat among these continues to be CryptoWall, the ransomware family that first emerged last April.

So far, the FBI's IC3 has been contacted by 992 victims of CryptoWall, and their combined losses total over $18 million (~£11.4 million). That number falls far short of the actual number of victims, some of whom have not reported being affected by the malware and have simply paid up or abandoned their files. And the current cost figure does not include all of the business losses from those reporting CryptoWall incidents. Those hidden impacts can include lost productivity, the cost of bringing in IT services to clean up the mess, or the price of handling the potential breach of personal information associated with the malware.

"CryptoWall 3.0 is the most advanced crypto-ransom malware at the moment," said Stu Sjouwerman, CEO of the security training company KnowBe4, in an e-mail to Ars. "The $18 million in losses is likely much more, as many companies do not report their infections to the FBI and the downtime caused by these infections is much higher.”

Read 2 remaining paragraphs | Comments