Network security cameras that were created by Sony could have been compromised with botnet malware if their firmware is not updated to the latest version. This was detected by SEC Consult, they found two backdoor accounts that existed in 80 models of professional Sony security cameras. Some of these devices were used at government agencies. Sony was notified about the vulnerability in October and released firmware updates for all the affected camera models on November 28th.
What Trump can do about Cyber Security
The writer of this article focusing on the three areas (energy, telecommunications, and finance) that are vital and vulnerable to cyber attacks that President Elect Trump should immediately address once he officially becomes President.
https://www.bloomberg.com/view/articles/2016-11-30/what-trump-can-do-about-cybersecurity
Burp Suite Analysis- Comcast Corporation
Google brands malicious websites with ‘repeat offender’ warnings
Google in a fight to protect the users who use their browser, has now a safe browsing arsenal to protect them from using websites with malware and unwanted software. Google will flag the websites as unsafe using a big red warning sign in the browser. Sites will have apply to google to get the warning lifted. Site owners will not be able to apply for a repeal of the warning for 30 days. The red large warning sign will remain until after the repeal process.
Google discloses major Windows bug
This is a good article for this week’s lesson. The Google Threat analysis group disclosed a critical vulnerability in Windows in a public post on the company’s security blog. The vulnerability allows hackers to escape from security sandboxes through a weakness in the win32k system. Google went public ten days after reporting the bug to Microsoft, before a patch could be deployed. Google has already sent out a fix to protect users that use Chrome and Windows is still vulnerable.
Nessus Vulnerability Scan Report
Temple student: I used Target gift card to get past security in 9 buildings
Since we were on the subject of social engineering of last weeks class. I thought this was an interesting article dealing with the university that we all attend. This is a case of a student using her Target gift card to get pass security. The student acted like she belonged and she was able to not get security to really look to see if she had an ID, which is needed to get in most of the buildings on campus.
Easy-to-exploit rooting flaw puts Linux PCs at risk
I thought this would be an interesting article to post because we used these tools in our virtual machines. The maintainers of the Linux distributions are patching a privilege escalation vulnerability, which is a major risk to the servers, desktops and other devices that use the operating system. The vulnerability has been named the Dirty Cow, it allows an attacker to gain to a limited user account to get root privileges and control the system.
N.S.A. Contractor steals confidential information.
This is the 2nd time in the last three years that a contractor from Booze Allen Hamilton has managed to steal highly classified information from the N.S.A. The Obama Administration has been victims to classified information being leaked to the public multiple times.
F.B.I. Impersonate Journalist and media organizations call foul
This article is about the F.B.I. impersonating a journalist in 2007 and using a tracking software to locate the individual. The media organizations did not approve of these methods that were used stating that it would taint the media’s credibility. The D.O.J. Office of the Inspector General report that was released stated that the F.B.I. did not violate any policies that were in place at the time ,but now as of June 2016 an agent has to get high-level approval pose as a journalist.