Brock Donnelly

Hackers Steal Over $800,000 By Dropping a Malware On Cod Community College Computer Systems

December 13, 2018 by Brock Donnelly Leave a Comment

Hackers Steal Over $800,000 By Dropping a Malware On Cod Community College Computer Systems

Has anyone noticed the large scale phishing attempt offer the last few months? Here is a story on a successful one. Attackers have tricked Cape Cod Community College via malware ingested through phishing. The malware quickly spread to the systems in the administration building. The malware targeted the college’s financial transactions. It appears as though it overwrote the URL address for the college’s bank, TD Bank, creating a fake site that looked and functioned like the financial institution. The cyber criminals managed to trick employees to approve 12 transactions totaling $807,130 however TD bank did stop three on suspicion. The college is looking into installing next-generation endpoint protection software across the campus.

New Ransomware Spreading Rapidly in China Infected Over 100,000 PCs

December 13, 2018 by Brock Donnelly Leave a Comment

https://thehackernews.com/2018/12/china-ransomware-wechat.html

This new ransomware has managed to infect 100,000 machines in 4 days and only asked for $14 US. This is an odd ransomware. it doesn’t ask for bitcoin but rather payment via a popular Chinese texting app. It also steals login and password information for such apps on the infected computers. It is an interesting newer take on ransomware. The attacker used a supply chain attack adding his malicious code to legitimate software.
The infection speed did not matter as is seem the author didn’t do a very good job hiding his tracks. He was arrested after 24 hours. Check out the article to see how he lead the authorities right to him.

New Adobe Flash Zero-Day Exploit Found Hidden Inside MS Office Docs

December 12, 2018 by Brock Donnelly Leave a Comment

https://thehackernews.com/2018/12/flash-player-vulnerability.html

Here is a complicated exploit. It starts with phishing and an email attachment. While the vulnerability resides in flash Word is necessary for the exploit and within a word doc you need a payload, in this example it is an image file. Once the document is opened the payload unpacks, uses Flash’s vulnerability and then can:

monitoring user activities (keyboard or moves the mouse)
collecting system information and sending it to a remote command-and-control (C&C) server,
executing shellcode,
loading PE in memory,
downloading files
execute code, and
performing self-destruction.

Adobe has since patch the vulnerability.

Australia Passes Anti-Encryption Bill—Here’s Everything You Need To Know

December 12, 2018 by Brock Donnelly Leave a Comment

https://thehackernews.com/2018/12/australia-anti-encryption-bill.html

This is huge! but not in a good way. Australia just passed a Bill that would force tech giants like Apple, Google, etc, to assist law enforcement in decrypting or finding other means to provide the data they government wants. Apple pushed back stating that encryption is just math and weakening that math would weaken it for everyone. This is a startling read. Everyone in our area of study should read this. Australia could be setting the tone for future legislation among world powers. The Five Eyes alliance with members United States, United Kingdom, Canada, Australia and New Zealand have recently stated, “privacy is not an absolute.”

Tone

US Postal Service Left 60 Million Users Data Exposed For Over a Year

November 28, 2018 by Brock Donnelly 1 Comment

https://thehackernews.com/2018/11/usps-data-breach.html

US Postal Service Left 60 Million Users Data Exposed For Over a Year

Even our postal service is susceptible to weak APIs…? Yeah even the government has weaknesses. What might make this worse is the cyber security researcher notified USPS of the vulnerability over a year ago and nothing was done. 60 Million USPS users data was exposed for over a year. USPS did finally do something about it and when they went to action it only took them two days. Two. 48 hours before they fixed it required a journalist contacting USPS on behalf of the researcher to initiate a response. OH, and what a silly response it is:

“We currently have no information that this vulnerability was leveraged to exploit customer records.”
“Out of an abundance of caution, the Postal Service is further investigating to ensure that anyone who may have sought to access our systems inappropriately is pursued to the fullest extent of the law.”

in other words, “we’re good” because we don’t know of any breaches.

NICE!

Top 5 Factors That Increase Cyber Security Salary The Most

November 13, 2018 by Brock Donnelly 3 Comments

Well, we should all ready this story. It is a quick read on factors for getting the most salary in cybersecurity. It looks like choosing a path that leads you towards a cybersecurity engine would be the wisest if $$$$ is on your mind.

A breakdown of these are:
Path
Experience
Location
Certification
Portfolio

https://thehackernews.com/2018/11/cyber-security-jobs-salary.html

VirtualBox Zero-Day Vulnerability and Exploit

November 13, 2018 by Brock Donnelly Leave a Comment

https://thehackernews.com/2018/11/virtualbox-zero-day-exploit.html

Here is an interesting story on Oracles Virtual box. It turns out researchers have found a weakness that allows attackers to gain root access from the guest OS and execute code on the host OS.

According to the researchers, the vulnerability allows an attacker or a malicious program with root or administrator rights in the guest OS to escape and execute arbitrary code in the application layer (ring 3) of the host OS, which is used for running code from most user programs with the least privileges.

Following successful exploitation, the researcher believes an attacker can also obtain kernel privileges (ring 0) on the host machine by exploiting other vulnerabilities.

Accused CIA Leaker Faces New Charges of Leaking Information From Prison

November 5, 2018 by Brock Donnelly Leave a Comment

https://thehackernews.com/2018/11/cia-joshuaa-wikileaks.html

Damn this dude is screwed. Regardless of the fact that Joshua Adam Schulte has been found with smuggled devices some encrypted, Joshua says he is innocent of all charges. Reading about his allegations of leaks and child pornography I began to wonder how hard it would be to have a malware to set up any individual with child porn. Really, with what we all know from this class it wouldn’t too difficult. After you gain access you just dump child pornography to you HD. That would be a hell of a CIA/FBI trick.

Critical Flaws Found in Amazon FreeRTOS IoT Operating System

October 23, 2018 by Brock Donnelly Leave a Comment

https://thehackernews.com/2018/10/amazon-freertos-iot-os.html

Looks like Amazon’s FreeRTOS a leading open source real-time operating system has several critical vulnerabilities. A researcher has found the the embedded systems that have been ported to over 40 microcontrollers, which are being used in IoT, aerospace, medical, automotive industries, have vulnerabilities could allow attackers to crash the target device, leak information from its memory, and the most worrisome, remotely execute malicious code on it, thus taking complete control over the target device. Amazon has since deployed security patches. Looks like the risk for IoT is still prevalent, even from our major vendors.

Chrome, Firefox, Edge and Safari Plans to Disable TLS 1.0 and 1.1 in 2020

October 16, 2018 by Brock Donnelly 1 Comment

Chrome, Firefox, Edge and Safari Plans to Disable TLS 1.0 and 1.1 in 2020

https://thehackernews.com/2018/10/web-browser-tls-support.html

Major companies announce they are killing TLS 1.0 and TLS 1.1 in 2020. We should already be aware of the reason behind the murder of previous TLS version but I found their statistics on TLS 1.0 and 1.1 traffic to be enlightening. I really didn’t expect such low numbers.

Today 94 percent of sites already support TLS 1.2, while only less than one percent of daily connections in Microsoft Edge are using TLS 1.0 or 1.1.

Apple also says TLS 1.2 is the standard on its platforms and represents 99.6 percent of TLS connections made from Safari, while TLS 1.0 and 1.1 account for less than 0.36 percent of all connections.

Google says that today only 0.5 percent of HTTPS connections made by Chrome use TLS 1.0 or 1.1.

You can also manually disable older TLS versions on Google Chrome by opening Settings → Advanced Settings → Open Proxy Settings → Click ‘Advanced’ Tab → Under ‘Security’ section uncheck TLS 1.0 and 1.1 and then save.

Those are some pretty small percentages.