-
Shi Yu Dong wrote a new post on the site MIS 5212-Advanced Penetration Testing 6 years, 8 months ago
“Finland’s 3rd Largest Data Breach Exposes 130,000 Users’ Plaintext Passwords”
Finland’s citizens had their credentials compromised in a large data breach. Hackers attacked a new Business Center in Helsinki, […]
-
Richard Mu wrote a new post on the site MIS 5212-Advanced Penetration Testing 6 years, 8 months ago
It was recently discovered that new Android Trojan variants, dubbed as “Naver Defender,” were being distributed as a fake anti-virus application. Uncovered by security researchers at Cisco Talos, them malware […]
-
Great Post! Very Interesting.
-
his is absolutely incredible. I wonder how many users have already used the fake antivirus application and how many systems have already been attacked with this. North Korea’s involvement is even more shocking considering that it is already cornered by most countries for its economic decisions.
-
-
Shi Yu Dong wrote a new post on the site MIS 5212-Advanced Penetration Testing 6 years, 8 months ago
An interesting read that I found talked about how Memcached servers can be quickly hijacked and compromised by to launch large DDoS attacks. Utilizing IT spoofing and a poorly implemented UDP causes the servers to […]
-
Shi,
Quite an interesting article that talks about how Memcached servers can be hacked using large DDoS attacks. As far as I know, prevention against DDoS is still under research and in fact many organizations still do not have the best practices to prevent such attacks. Such situations can only be avoided by having a centralized monitoring and triggering system to check port status of all devices rather than doing it manually.
-
-
Shi Yu Dong wrote a new post on the site MIS 5212-Advanced Penetration Testing 6 years, 9 months ago
Fresno State data breach, 15,000 affected!!
This article relates to the data breach of the California State University, Fresno. According to the article, “the personal information of more than 15,000 p […]
-
Shi Yu Dong wrote a new post on the site MIS 5212-Advanced Penetration Testing 6 years, 9 months ago
Massive 1.7Tbps DDoS reflection/amplification attack was conducted against one of its unnamed US-based customer’s website.
Attackers exploited vulnerability of many internet facing “Memcached” servers, open- […]
-
Richard Mu wrote a new post on the site MIS 5212-Advanced Penetration Testing 6 years, 10 months ago
Developers of Drupal recently patched two critical vulnerabilities this week in its content management system platform. The first critical vulnerability is a comment reply form bug in Drupal version 8 that granted […]
-
Shi Yu Dong wrote a new post on the site MIS 5212-Advanced Penetration Testing 6 years, 10 months ago
Computer Security Firm “CrowdStrike” performed research and analysis of recent attacks (NotPetya, WannaCry) targeting U.S. organizations that caused million of dollars in losses. Especially, it has been fou […]
-
Shi Yu Dong wrote a new post on the site MIS 5212-Advanced Penetration Testing 6 years, 10 months ago
“Hackers Can Now Steal Data Even From Faraday Cage Air-Gapped Computers”
In Wireless Network Security, given the nature of physics related to Wireless Signal propagation in the air, exposure of Wireless Rad […]
-
Richard Mu wrote a new post on the site MIS 5212-Advanced Penetration Testing 6 years, 10 months ago
The Sacramento Bee, a newspaper that is published in Sacramento, was recently hit with a ransomeware in two of its databases that were on a third -party server. It was first discovered by an employee followed by a […]
-
Hi Richard,
The one good thing that the company did I feel was to immediately inform the users about the leak. However, I am not quite sure how protected the 3rd party database were. I feel organizations should have their in-house database for most of the critical transactions and customer information, rather than outsourcing it to 3rd party server for cost saving purposes. This is primarily the reason the above incident has happened.
-
-
Shi Yu Dong wrote a new post on the site MIS 5212-Advanced Penetration Testing 6 years, 10 months ago
Unpatched DoS Flaw Could Help Anyone Take Down WordPress Websites
According to this article “Unpatched DoS Flaw Could Help Anyone Take Down WordPress Websites”, it describes that a simple but serious app […]
-
Shi,
Nice summary of the article. I am quite surprised that WordPress allows execution of the PHP file at run time by changing the parameters. A similar kind of flaw was witnessed a couple of years back when users can potentially change variable parameters of images in WordPress sites and identify information of websites without security logins. The patch needs to be done as soon as possible before it affects users. I am pretty sure a large percentage of SMBs use WordPress for their business needs.
-
-
Richard Mu wrote a new post on the site ITACS 5211: Introduction to Ethical Hacking 7 years ago
It was recently discovered that a popular Captch WordPress plugin that was sold to an undisclosed buyer, has been modified and had a backdoor installed. The backdoor allows the plugin author to remotely gain […]
-
Richard Mu wrote a new post on the site ITACS 5211: Introduction to Ethical Hacking 7 years ago
In a recently online leaked database, it has been discovered that the popular keyboard app, Ai.type, has been collecting a large amount of sensitive details on users. The information that has been collected was […]
-
Part of the problem is that app developers know that very few users understand/read the ToS when they accept “Share my information” on these sorts of apps. I have been trying to educate my friends and family to take a more skeptical view of these kinds of things. That great maxim “If you are not paying for it, you’re not the customer; you’re the product being sold” is a good place to start.
-
-
Shi Yu Dong wrote a new post on the site ITACS 5211: Introduction to Ethical Hacking 7 years ago
According to this article, it describes that a former National Security Agency employee named Nghia Hoang Pho pleaded guilty on Friday to Illegally talking classified documents home which were later stolen by […]
-
Will follow up this story in April…
-
Shi Yu,
This is an individual action of someone who is either careless or who doesn’t know what he is doing. his action shows there are government policies that need to be changed and obligate employees to be careful with such sensitive files.
This is a very educative article that I am sure it will teach a lesson to so many people the consequences of taking government documents home. -
It is definitely an interesting read. I wonder what was the motivation of the NSA employee to take the classified documents.
-
-
Richard Mu wrote a new post on the site ITACS 5211: Introduction to Ethical Hacking 7 years ago
Recently discovered by Google Play Protect, a machine learning and app usage analysis, helped researchers at Google identify an Android spyware that was stealing information on users. The targeted devices were […]
-
Richard – That’s really shocking to know. Spyware has become so common and these attacks question our security practices. It’s surprising that Android Spyware could actually do this. I doubt if the spyware can also have access to mobile’s internal data and contact information? If yes, then I believe many users would be subjected to this attack.
-
Richard,
Thank you for the article. My question at this point will be; why there use this methods only in African countries?The answer to this question is very simple, there are no regulations or law that protect people in those countries. Which means they can be good targets for so many cyber attackers.
-
-
Shi Yu Dong wrote a new post on the site ITACS 5211: Introduction to Ethical Hacking 7 years ago
According to the article, an Iranian web developer named Pouya Darabi discovered and reported a critical vulnerability in Facebook systems that could have allowed anyone to delete any photo from the social […]
-
Quick response by Facebook to fix the bug and it’s interesting to see bug bounty hunters.
-
Interresting…..it s good that they fix it.
-
That’s quite an interesting news and I am surprises to see such flaws from world’s largest social networking community. This is pure case of internal system fix and stands a good example for many businesses related to this. It’s good that it was reported on time before any potential violation occurred and extracted personal images.
-
-
Richard Mu wrote a new post on the site ITACS 5211: Introduction to Ethical Hacking 7 years, 1 month ago
It was discovered that all OnePlus devices that are running OxygenOS have a backdoor that allows anyone to gain root access. The application left available to be accessed is known as EngineerMode. A diagnostic […]
-
Shi Yu Dong wrote a new post on the site ITACS 5211: Introduction to Ethical Hacking 7 years, 1 month ago
According to the article, a BBC journalist has discovered a security flaw in the office collaboration tool Huddle that leads to private documents being exposed to unauthorized parties. A huddle is an online tool […]
-
Richard Mu wrote a new post on the site ITACS 5211: Introduction to Ethical Hacking 7 years, 1 month ago
Security researchers have found weakness “in the Institute of Electrical and Electronics Engineers (IEEE) P1735 cryptography standard that can be exploited to unlock, modify or steal encrypted system-on-chip […]
-
Richard,
I think this kind of leak is very normal, the Institute of Electrical and Electronics Engineers (IEEE) has to update the software on the encrypted system-on-ship with a new version that can be stronger. I am not too sure how much recent this technology, but it will be a big issue if it has been in the IT world for a long time. I like your article and I think it shows how much so many organizations don’t keep patching their products to prevent attackers from reaching their goals.
-
-
Shi Yu Dong wrote a new post on the site ITACS 5211: Introduction to Ethical Hacking 7 years, 1 month ago
This article describes that researchers have found a critical vulnerability that users could leak their real IP addresses to potential attackers when they use TOR anonymity browser. Tor (The Onion Router) is free […]
-
Shi Yu Dong wrote a new post on the site ITACS 5211: Introduction to Ethical Hacking 7 years, 1 month ago
According to the article, research finds that the iPhone has a serious privacy concern that allows IOS app developers to take your photographs and record your live video using both front and back cameras without […]
-
Shi Yu,
your article is very similar to many articles who came one after Iphone 6 came out with the fingerprint login button. Everyone was talking back then about how Apple was collecting fingerprints of millions of customers all over the world. However, the people knew that an important sensitive information (Fingerprint) can be used against them at anytime and they kept using apple logins.
I do believe that this time again, the people will purchase more new IPhones and will activate their cameras to login using the Face-ID feature even tho they pictures of them and the people around them will be taken without their permissions.
-
- Load More
Thanks for sharing the article. This is pretty scary and quite concerning too especially because of the problems in the maritime waters. This type of cross-country digital hacks have become quite common now a days where countries are willing to do anything to get data for their own benefit. It is high time that countries have strong defense mechanisms and legal actions for such acts. You right pointed out that the legal rules between China and the US failed here. Such laws need to be scrutinized further