Burp Suite exercise
Quest Diagnostics Investigating Data Breach Affecting More Than 30,000
Quest Diagnostics, a company based in Madison, New Jersey that provides laboratory services came out on November 26, 2016 and said that a breach leaked patient information for 30,000 clients. They stated none of the information was credit cards or social security numbers.
Source: Article
Full List of all Slide Decks
intro-to-ethical-hacking-week-2 intro-to-ethical-hacking-week-1 intro-to-ethical-hacking-week-3 intro-to-ethical-hacking-week-4 intro-to-ethical-hacking-week-5 intro-to-ethical-hacking-week-6 intro-to-ethical-hacking-week-7 intro-to-ethical-hacking-week-8 intro-to-ethical-hacking-week-9 intro-to-ethical-hacking-week-10 intro-to-ethical-hacking-week-11 intro-to-ethical-hacking-week-12 intro-to-ethical-hacking-week-13 intro-to-ethical-hacking-week-14
Ransomware Under Development Gives Option to Pay or Infect Others
Malware researchers recently discovered a particularly dastardly new type of ransomware, still under development. It gives its victims the option to either pay up or infect others to get the decryption keys to their data. At the very least, it sounds like an evil social experiment.
https://threatpost.com/ransomware-gives-free-decryption-keys-to-victims-who-infect-others/122395/
Nessus Scan – Metasploitable
Nine in Ten NHS Trusts Still on Windows XP
Security experts have warned that patient data is at risk after it was revealed that 90% of NHS Trusts in England are still running the unsupported Windows XP operating system. A Freedom of Information Act request from Citrix also found that just over half are not sure when they’ll upgrade to a newer system, while 14% think they’ll do so by the end of the year and 29% said the migration would happen some time in 2017. Unless these systems are being protected by virtual patching, they’ll be far more exposed to the threat of attack as Microsoft stopped issuing security updates for government PCs in April 2015. Many healthcare organizations have single purpose devices that don’t require network connection for their main purpose.
Windows XP operating system is a legacy system in my mind, support for Windows XP was ended on April 8, 2014. According to Microsoft, there will be no more security updates or technical support for the Windows XP operating system after this date. So Windows XP is very easy to be hacked today. But a lot of healthcare organizations didn’t update the systems yet. All the patients’ information remain risky before they update their operating system.
http://www.infosecurity-magazine.com/news/nine-in-ten-nhs-trusts-still-on/
5-Year-Old Linux Kernel Local Privilege Escalation Flaw Discovered
Fresh off the heals of another Linux vulnerability discovered about a month ago, another flaw has been discovered. CVE-2016-8655 is a flaw that could allow a local user to gain root access privileges to the Linux operating system. This flaw effects almost every Linux distribution that is available.
A patch was released last week, so users are encouraged to patch their Linux distributions.
I always find Linux flaws to be of particular interest. I think Linux has that inherent stigma that it’s for “techies” and you have to be super technical to get it to work. And, I think part of that is true, Linux is probably more prevalent among the “techie” users. So, it always amazes me that flaws, like the one above are found 5 years later.
Mystery device could let criminals get in your car in seconds
If you still do your shopping in stores, there is reason to be cautious this holiday shopping season when parking your car. A device has surfaced that intercepts clones the signal sent from a key fab and allows an individual to gain access to your automobile. In some cases, it also allows the thief to start the car and drive away!
I’ve always wondered how high the risk was to intercepting signals from key fabs. Personally, I’m not very concerned because I’ve transferred the risk of loss to my insurance company. Also, I don’t drive the most desirable vehicle. Still, it’s important that we all be aware of our surroundings and these security vulnerabilities, even when we aren’t online.
http://www.today.com/money/mystery-device-could-let-criminals-get-your-car-seconds-t105627
IBM Watson security program goes for trail with 40 firms bringing up the question -Will Future cyber security will be mainly automated, based on Artificial Intelligence ?
IBM has announced that 40 companies around the world have signed up for its IBM Watson for Cyber Security Beta Program.
The companies will test the ability of IBM’s cognitive computing technology to help in the battle against cyber crime. The trial will include representatives of the banking, healthcare, insurance, education and other key industry sectors.
Watson for Cyber Security uses technologies such as machine learning and natural language processing, which is being trained to understand the language of security.IBM claims the combined technologies will help security analysts make better, faster decisions from vast amounts of data, including unstructured data that has been “dark” to security defenses until now.On other hand some threat intelligence experts have cautioned against the total reliance on cognitive technology could be dangerous
Intel Security is pursuing this hybrid approach and is working with a select group of customers to develop systems to enable human machine teaming to get the best of both worlds in applying cyber threat intelligence
http://www.computerweekly.com/news/450404252/40-firms-to-trial-IBM-Watson-cognitive-computing-for-cyber-security
Backdoor accounts found in 80 Sony IP security camera models
Network security cameras that were created by Sony could have been compromised with botnet malware if their firmware is not updated to the latest version. This was detected by SEC Consult, they found two backdoor accounts that existed in 80 models of professional Sony security cameras. Some of these devices were used at government agencies. Sony was notified about the vulnerability in October and released firmware updates for all the affected camera models on November 28th.