ITACS 5211: Introduction to Ethical Hacking

Wade Mackay

Mengxue Ni

Nine in Ten NHS Trusts Still on Windows XP

by Leave a Comment

Security experts have warned that patient data is at risk after it was revealed that 90% of NHS Trusts in England are still running the unsupported Windows XP operating system. A Freedom of Information Act request from Citrix also found that just over half are not sure when they’ll upgrade to a newer system, while 14% think they’ll do so by the end of the year and 29% said the migration would happen some time in 2017. Unless these systems are being protected by virtual patching, they’ll be far more exposed to the threat of attack as Microsoft stopped issuing security updates for government PCs in April 2015. Many healthcare organizations have single purpose devices that don’t require network connection for their main purpose.

Windows XP operating system is a legacy system in my mind, support for Windows XP was ended on April 8, 2014. According to Microsoft, there will be no more security updates or technical support for the Windows XP operating system after this date. So Windows XP is very easy to be hacked today. But a lot of healthcare organizations didn’t update the systems yet. All the patients’ information remain risky before they update their operating system.

http://www.infosecurity-magazine.com/news/nine-in-ten-nhs-trusts-still-on/

Smartphone App Flaw Leaves Tesla Vehicles Vulnerable To Theft

by 5 Comments

Tesla cars can be tracked, located, unlocked and driven away by compromising the company’s smartphone app. Researchers at Norwegian app security firm Promon demonstrated how easy it appears to be to steal a Tesla. Benjamin Adolphi, mobile software developer at Promon, created a fake free Wi-Fi hotspot that featured an ad targeted at Tesla owners, offering them a free burger at a local restaurant. Owners were then prompted to download an application in order to take advantage of the offer; however, the app contained malware that “manipulated” the Tesla app to grab the owner’s username and password. An OAuth token is used to authenticate the username and password every time the user starts the app. The Tesla app is modified where code was added to steal the username and password and sent to an attacker-controlled server. In order to trigger this code, the user needs to log in again. The Tesla app can be tricked into requiring the user to log in by simply removing the stored token. In the statement to Inforsecurity, Tesla said that the issue uncovered by Promon is to do with underlying mobile application security, rather than their application.

It is great that I can control my car with my phone, but if it has the risk of someone can easily steal my car. I would rather not use the application. I think Tesla should definitely improve the security of the application instead of blaming all mobile application security problem.

Link: http://www.infosecurity-magazine.com/news/smartphone-flaw-tesla-vehicles/

Madison County Faces Day 5 of Ransomware Nightmare

by 2 Comments

Indiana’s Madison County is going on Day 5 of a ransomware nightmare. According to Madison County police, both first responders and civic officials are logging all calls for service by hand. Anderson Police, the Madison County Jail and the county court systems are locked out. “We cannot query old information to bring up prior reports or prior court records,” said Madison County sheriff Scott Mellinger, “If we want to bring somebody’s record up for something in the future, let’s say for somebody that has been arrested or somebody who is even in jail then we cannot look up information that would help us at a hearing. On the sheriff’s office side, we cannot book people into jail using the computers. We are using pencil and paper like the old days.” The IT department worked around the clock to recover files, while officers work to track down who is responsible for the attack. The only good news is that officials do not believe that people’s personal or payment information is at risk for this event.

 

Link: http://www.infosecurity-magazine.com/news/madison-county-faces-day-5-of/

Facebook Focuses on Cyber-Bullying

by 3 Comments

Facebook has redesigned its Safety Center to have a greater focus on cyber-bullying. The update brings the Bullying Prevention Hub to everyone on Facebook. The Hub is a resource for teens, parents and educators seeking guidance on how to prevent and address online trolling and other forms of cyber-bullying. The new Safety Center also walks people through the tools Facebook offers in more than 50 languages includes step-by-step videos on a variety of popular safety topics.

The chief security officer at Facebook, Alex Stamos said:” people come to Facebook to share important and personal moments in their lives, that’s why we build our services and tools to help people remain in control and protect their accounts”.

Cyber bullying is happening every day, I am very happy that Facebook starts to do something to prevent it. Many people hide behind the screen to attack others, some people suicided because of cyber bullying. I hope every social media can pay attention on it and come up with some ideas to help people who are bullying or bullied before.

Link: http://www.infosecurity-magazine.com/news/facebook-focuses-on-cyberbullying/

Blood Service Data Leak Could be Australia’s Biggest

by 2 Comments

The Australian Red Cross Blood Service has apologized after a database backup file containing over one million donor records including highly sensitive information on sexual activity was exposed to the public. What comes with the breach is a partner published 1.74 GB mysqldump file to a publicly facing website with directory browsing enabled. Which means an unnamed researcher was able to find it at random using a simple IP address scan for publicly exposed web servers returning directory listings. The data included over 1.2 million records pertaining to 550,000 blood donor applicants. The information crucially included answers to highly sensitive question on whether the applicant had engaged in “at-risk” sexual behavior over the past year. According to the statement apologizing for the incident, the Blood Service has taken immediate action to resolve the problem and informed the police and Australian Information Commissioner. They have deleted all known copies of the data. It is unclear how long the data was left publicly available, but it contains info on donors who’ve registered between 2010 and 2016.

I think this will definitely affect people who want to donate blood and people who had donated blood before. I would not donate my blood for a while since it may leak my personal information publicly. So the blood donors in Australia will decrease for a time I believe. They need to prepare for it.

 

Link: http://www.infosecurity-magazine.com/news/blood-service-data-leak-australias/

Euro Bank Robbers Blow up 492 ATMs

by 4 Comments

492 ATMs across Europe were blown up by thieves in the first half of 2016, as criminals looked to supplement their attempts at infiltrating machines via cyber-attacks. These “cash out” or “jackpotting” attacks typically involve malware which takes control of the ATM’s cash dispensing function to fill the pockets of the cyber criminals. ATM fraud alone cost European lenders €174m (£157m) in the first half of 2016, up from €156m (£141m) a year ago. This new shows criminal gangs increasingly using diverse tactics, and blending physical and online methods, to steal from banks. A report from Kaspersky Lab back in April claimed that almost all ATMs across the globe can be illegally accessed and raided without even the need to install malware – because they’re running outdated technology.

 

Link: http://www.infosecurity-magazine.com/news/euro-bank-robbers-blow-up-492-atms/

The Top 15 Countries for Safe Data Storage

by 1 Comment

The top 15 safest nations are:

  1. Switzerland (Data risk score – 1.6 percent)
  2. Singapore (1.9)
  3. Iceland (2.3)
  4. Luxembourg (2.6)
  5. Hong Kong (3.6)
  6. Taiwan (3.9)
  7. Austria (5.2)
  8. New Zealand (5.2)
  9. Portugal (6.9)
  10. Denmark (7.6)
  11. Finland (7.6)
  12. Lithuania (7.6)
  13. Norway (7.9)
  14. Sweden (7.9)
  15. South Korea (8.3)

The benchmark identified Switzerland as the least risky nation for data storage with the lowest “potential risk score” of 1.6 percent. There is a risk map (https://www.artmotion.eu/risk-map/) which includs170 countries and shows Switzerland is the safest nation and Somalia is the least safe nation. CEO of Artmotion said: “More than ever, it is important for businesses and individuals to understand the impact that location can have on the privacy and security of their data. In the age of cloud computing, it’s easy to forget that every piece of information stored still requires a physical home, and that the geographic location of that home can have a serious impact on data privacy.”

link: http://www.securitymagazine.com/articles/87494-the-top-15-countries-for-safe-data-storage

PwC: Security is No Longer an IT Cost Center

by 1 Comment

Many organizations no longer view cybersecurity as a barrier to change, nor as an IT cost. PwC conducted an information security survey 2017 that found there is a distinct shift in how organizations view cybersecurity. According to the survey, 59% of respondents said they have increased cybersecurity spending as a result of digitization of their business ecosystem. In this process, organizations not only create products, but also deliver complementary software-based services for products that extend opportunities for customer engagement and growth.

The survey also found that the majority of organizations run IT services in the cloud. Could models gain more trust and usage at present. Organizations are also embracing both managed security services and open-source software to enhance cybersecurity capabilities. More than half (53%) of respondent employ open-source software and 62% of respondents say they use managed security services for cybersecurity and privacy.

Link: http://www.infosecurity-magazine.com/news/pwc-security-is-no-longer-an-it/