• Log In
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Home
  • About
  • Structure
  • Gradebook

ITACS 5211: Introduction to Ethical Hacking

Wade Mackey

Critical SQLite Flaw Leaves Millions of Apps Vulnerable to Hackers

December 16, 2018 By Raaghav Sharma Leave a Comment

Cybersecurity researchers have discovered a critical vulnerability in widely used SQLite database software that exposes billions of deployments to hackers.
Dubbed as ‘Magellan‘ by Tencent’s Blade security team, the newly discovered SQLite flaw could allow remote attackers to execute arbitrary or malicious code on affected devices, leak program memory or crash applications.

Since Chromium-based web browsers—including Google Chrome, Opera, Vivaldi, and Brave—also support SQLite through the deprecated Web SQL database API, a remote attacker can easily target users of affected browsers just by convincing them into visiting a specially crafted web-page.

Since SQLite is used by everybody including Adobe, Apple, Dropbox, Firefox, Android, Chrome, Microsoft and a bunch of other software, the Magellan vulnerability is a noteworthy issue, even if it’s not yet been exploited in the wild.

Users and administrators are highly recommended to update their systems and affected software versions to the latest release as soon as they become available.

https://thehackernews.com/2018/12/sqlite-vulnerability.html

 

US Postal Service Left 60 Million Users Data Exposed For Over a Year

December 16, 2018 By Nishit Darade Leave a Comment

US Postal Service Left 60 Million Users Data Exposed For Over a Year
– Swati Khandelwal

News just came out that United States Postal Service has patched a critical security vulnerability that exposed the data of more than 60 million customers to anyone who has an account at the USPS.com website.

The vulnerability was tied to an authentication weakness in an application programming interface(API). According to the cybersecurity researcher, who has not disclosed his identity, the API was programmed to accept any number of “wildcard” search parameters, enabling anyone logged in to usps.com to query the system for account details belonging to any other user.

The vulnerability was reported almost a year ago and it took outside intervention to address this serious vulnerability. As of now there is no evidence to support that this vulnerability was taken advantage of.

Reference: https://thehackernews.com/2018/11/usps-data-breach.html

Sextortion gang found to be behind email bomb threat spree

December 15, 2018 By Connor Fairman Leave a Comment

A bunch of malicious actors who have been sending email bomb threats are believed to be the same actors who engaged in a sextortion campaign. In the bomb threat campaign, schools, government offices, and private organizations were told to send bitcoins to prevent an explosion from going off. However, this was not a financially successful endeavor for the perpetrators. In relation to our course content, this is a classic example of social engineering, not sophisticated hacking. However, as we’ve learned, social engineering attacks make up the brunt of most hacks and are extremely effective. People need to be aware of these kinds of attacks in the future so that they don’t fall for them.

 

https://www.scmagazine.com/home/security-news/sextortion-gang-found-to-be-behind-email-bomb-threat-spree/

Primary Sidebar

Weekly Discussions

  • Uncategorized (14)
  • Week 01: Overview (7)
  • Week 02: TCP/IP and Network Architecture (18)
  • Week 03: Reconnaisance (17)
  • Week 04: Vulnerability Scanning (19)
  • Week 05: System and User Enumeration (17)
  • Week 06: Sniffers (17)
  • Week 07: NetCat and HellCat (15)
  • Week 08: Social Engineering, Encoding and Encryption (21)
  • Week 09: Malware (14)
  • Week 10: Web Application Hacking (17)
  • Week 11: SQL Injection (15)
  • Week 12: Web Services (25)
  • Week 13: Evasion Techniques (8)
  • Week 14: Review of all topics (15)

Copyright © 2025 · Magazine Pro Theme on Genesis Framework · WordPress · Log in