I ran a vulnerability scan against Metasploitable 2. Here are the results.
Nessus Vulnerability Scan of Metasploitable
LinkedIn Could Soon Be Blocked in Russia
Vladimir Putin’s government is threatening to shut down business networking site LinkedIn. The threat stems from a recent law in Russia that requires all companies doing business in the country to store their data locally, something that LinkedIn does not do.The decision is driven by the fear about data privacy in the wake of Edward Snowden’s revelations about NSA snooping.
Blood Service Data Leak Could be Australia’s Biggest
The Australian Red Cross Blood Service has apologized after a database backup file containing over one million donor records including highly sensitive information on sexual activity was exposed to the public. What comes with the breach is a partner published 1.74 GB mysqldump file to a publicly facing website with directory browsing enabled. Which means an unnamed researcher was able to find it at random using a simple IP address scan for publicly exposed web servers returning directory listings. The data included over 1.2 million records pertaining to 550,000 blood donor applicants. The information crucially included answers to highly sensitive question on whether the applicant had engaged in “at-risk” sexual behavior over the past year. According to the statement apologizing for the incident, the Blood Service has taken immediate action to resolve the problem and informed the police and Australian Information Commissioner. They have deleted all known copies of the data. It is unclear how long the data was left publicly available, but it contains info on donors who’ve registered between 2010 and 2016.
I think this will definitely affect people who want to donate blood and people who had donated blood before. I would not donate my blood for a while since it may leak my personal information publicly. So the blood donors in Australia will decrease for a time I believe. They need to prepare for it.
Link: http://www.infosecurity-magazine.com/news/blood-service-data-leak-australias/
SECURITY October is National Cyber Security Awareness Month: How secure is your enterprise?
October is national cyber security awareness month. According to the author of this article, Mark Kaelin, this is an opportunity for enterprises of all sizes to take time to educate their workforce on lurking cyber security threats. We hold a “Selfies for Security Challenge” at my company in celebration of cyber security awareness this month. This is a selfie contest in which employees take selfies to display how they are protecting the company and our clients. Please share how cyber security awareness month is being celebrated this year if this is something they also do at your company or anywhere else you may know.
Nessus Scan Report
Nessus Scan Presentation – Anthony Fecondo
paper: scanning-assignment
video: Video
Nessus Scan – Loi Tran
Nessus Scan Analysis
The secret behind the success of Mirai IoT botnets
This article talks about the success of the Mirai DDoS botnets that are made up of IoT devices. The software enabling them is publically available, which makes it easier for inexperienced hackers to set them loose. The devices are mostly made up of security cameras, DVRs, and home routers.
An indicator that one of your IoT devices may be infected with Mirai is that the SSH and Telnet ports (22 and 23) are closed. Mirai does that so administrators can’t get in and nobody else can attack the machine in the same way.