ITACS 5211: Introduction to Ethical Hacking

Wade Mackey

Shi Yu Dong

Here’s the NSA employee who kept top secret documents at home

by 3 Comments

According to this article, it describes that a former National Security Agency employee named Nghia Hoang Pho pleaded guilty on Friday to Illegally talking classified documents home which were later stolen by Russian hackers. The article also mentions that according to authorities, the Kaspersky Labs’ antivirus software was allegedly used which is another way for Russian hackers to steal top secret NSA document and hacking exploits from Pho’s PC in 2015.

 

https://thehackernews.com/2017/12/nghia-hoang-pho-nsa.html

Another Facebook Bug Allowed Anyone to Delete your Photos

by 3 Comments

 

According to the article, an Iranian web developer named Pouya Darabi discovered and reported a critical vulnerability in Facebook systems that could have allowed anyone to delete any photo from the social media platform. Darabi analyzed the vulnerability and found that when creating a new poll, anyone can easily replace the image ID in the request sent to the Facebook server with the images ID of any photo on the social media network. The researcher said he received $10,000 as his bug bounty reward from Facebook after he responsibly reported this vulnerability to the social media network on November 3. Facebook patched this issue on November 5.

 

https://thehackernews.com/2017/11/facebook-delete-photos.html

Huddle’s highly secure work tool exposed KPMG and BBC files

by Leave a Comment

According to the article, a BBC journalist has discovered a security flaw in the office collaboration tool Huddle that leads to private documents being exposed to unauthorized parties. A huddle is an online tool that lets work colleagues share content and as states that Huddle is the global leader in secure content collaboration. The BBC journalist believes that there is an access control problem with Huddle which allows the BBC journalist has the full access to KPMG account and put out the information about clients and financial documents.

http://www.bbc.com/news/technology-41969061?intlink_from_url=http://www.bbc.com/news/topics/62d838bb-2471-432c-b4db-f134f98157c2/cybersecurity&link_location=live-reporting-story

Warning: Critical Tor Browser Vulnerability Leaks Users’ Real IP Address—Update Now

by 1 Comment

This article describes that researchers have found a critical vulnerability that users could leak their real IP addresses to potential attackers when they use TOR anonymity browser. Tor (The Onion Router) is free software for enabling anonymous communication and was initially a worldwide network of servers developed with the U.S Navy that enabled people to browse the internet anonymously. Now it’s a non-profit organization whose main purpose it the research and development of online privacy tools. According to the article, the security researcher Filippo Cavallarin mentions that the vulnerability resides in FireFox that eventually affects Tor Browser since the privacy-aware service that allows users to surf the web anonymously uses FireFox at its core. The security researcher also describes that the vulnerability currently only effect for MacOS and Linux users only. However, the research warning Tor users to be aware of this vulnerability.

https://thehackernews.com/2017/11/tor-browser-real-ip.html

iPhone Apps with Camera Permissions Can Secretly Take Your Photos Without You Noticing

by 1 Comment

According to the article, research finds that the iPhone has a serious privacy concern that allows IOS app developers to take your photographs and record your live video using both front and back cameras without any notification or your consent. This permissions system is not a bug or a flaw instead it is a feature, and it works exactly in the way Apple must design it. The problem with this permissions system is that any malicious app could take advantage of this feature to silently record user’s activities.

https://thehackernews.com/2017/10/iphone-camera-spying.html

Unpatched Microsoft Word DDE Exploit Being Used In Widespread Malware Attacks

by Leave a Comment

According to the security researcher, it describes that hackers could leveraging an old Microsoft Office feature called Dynamic Data Exchange to perform malicious code execution on the targeted device without requiring Macros enable or memory corruption. Dynamic Data Exchange is one of the several methods that Microsoft uses to allow two running applications to share the same data which including MS Excel, MS Word, Quattro Pro and other applications. The Dynamic Data Exchange technique displays no “security” warnings to victims and victims can lose their personal information due to lack of security.

 

https://thehackernews.com/2017/10/ms-office-dde-malware-exploit.html

Yet Another Linux Kernel Privilege-Escalation Bug Discovered

by Leave a Comment

Recently, security researchers have discovered a new privilege-escalation vulnerability in Linux kernel that could allow a local attacker to execute code on the affected systems with elevated privileges. In the article, it describes that an attacker with local access to the targeted system, they can execute a maliciously crafted application on a targeted system which allows the attackers to elevate his privilege to root on the targeted system. Besides that, the article also mentions that the vulnerability affects major distributions of the Linux operating system including RedHat, Debian, Ubuntu, and Suse.

 

https://thehackernews.com/2017/10/linux-privilege-escalation.html

Warning: Millions of P0rnHub Users Hit With Malvertising Attack

by 1 Comment

 

According to researchers from the cybersecurity firm Proof point, they recently discovered a large-scale malvertising campaign that exposed millions of internet users in the United States, Canada, the UK and Australia to malware infections. The malware campaign is being conducted by a hacking group called KovCoreg which is well known for distributing Kovter ad fraud malware. Recently KovCoreG hacking group initially took advantage of P0rnHub website to distribute fake browser to tricked internet users and steal their personal information for illegal use. The hacking group also tricked users into installing the Kovtar malware onto their systems so that they can continue to find out more useful information for the users.

 

https://thehackernews.com/2017/10/online-malvertising-attack.html

Millions of Up-to-Date Apple Macs Remain Vulnerable to EFI Firmware Hacks

by Leave a Comment

 

According to the article, it describes that researchers from security firm Duo Labs analyzed over 73,000 Macs system and discovered that a surprising number of Apple Mac computers either fails to install patches for EFI firmware vulnerabilities or doesn’t receive any update at all. The Apple uses Intel-designed Extensible Firmware Interface (EFI) for computers that work at a lower level than a computer’s OS and controls the boot process. However, the researchers found out that Apple limits the EFI updates to their Mac systems. Furthermore, the article mentions, Apple does not even warn its users of the failed EFI update process or technical glitch, which leaving millions of Macs users vulnerable to sophisticated and advanced persistent cyber attacks

 

https://thehackernews.com/2017/09/apple-mac-efi-malware.html

Email phishing scam targeting Netflix customers’ bank account

by 1 Comment

A new email scam is targeting Netflix Users in order to obtain access to their bank account information. According to the article, Netflix customers have been received a fake email that appears to come from Netflix, and the email is requiring the customer to be reactive their Netflix account. Besides that, there a link in the email takes users to a fake Netflix page where the users are invited to input bank information.

http://www.ehackingnews.com/2017/09/email-phishing-scam-targeting-netflix.html