ITACS 5211: Introduction to Ethical Hacking

Wade Mackey

Brock Donnelly

China Used Tiny Chip to Hack Apple, Amazon

by 2 Comments

https://www.investopedia.com/news/china-used-tiny-chip-hack-apple-amazon-bloomberg/

China Used Tiny Chip to Hack Apple, Amazon

Well here is a really strange one… Bloomberg reports that a tiny chip was discovered embedded in their servers back in 2015 from tech giants Apple and Amazon. They suspect the responsible party to be Chinese spies. Bloomberg reports the chips come from a Chinese server company named Super Micro. China’s foreign ministry also issued a statement following the report, saying that “China is a resolute defender of cybersecurity.”

Here is the odd thing, Apple and Amazon are denying Bloombergs claims. Do you suppose that Apple, Amazon and the government were trying to keep this quiet to survey the spies? What are you thoughts about Apple/Amazon denying claims? Do you think Bloomberg’s reporters are lying?

Complicated iOS 12 Passcode Bypass Exposes iPhone Data To Hackers

by 2 Comments

https://latesthackingnews.com/2018/10/01/complicated-ios-12-passcode-bypass-exposes-iphone-data-to-hackers/

A vulnerability has been found in iOS 12. Jose Rodriguez an avid bug uncovered found that with siri lock screen access he can bypass the passcode screen to gain access to addressbook, photos, notes and make calls. The author off the article describes the bug as complicated but from the video demonstrations it appears to be performed effortlessly. I could see performing from or writing the instructions a bear but it was performed in no time at all. Check the link to see the bug performed.

Apple Mojave Zero-Day Flaw

by 1 Comment

https://www.zdnet.com/article/macos-mojave-zero-day-privacy-bypass-bug-revealed-on-the-day-of-download/

Talk about a zero day. Apple released their new operating system Mojave (10.14) and someone already found a way to access private data. The person who discovered this vulnerability was unable to get through to Apple’s security team. The best news is that this vulnerability does not affect the whole system but the details of what it does leave vulnerable is left to the imagination. In the video example from the link you can watch from Terminal the access and copying of the users Address Book. Apple doesn’t get caught with their pants down too often. Kudos to the discoverer.

Adobe Addresses a Number of Critical Remote Execution Vulnerabilities

by 1 Comment

https://www.zdnet.com/article/adobe-addresses-critical-vulnerabilities-in-acrobat-reader/

Looks like Adobe is under the vulnerability scan again but no it is not Flash… it’s Acrobat. 41 vulnerabilities have been found 17 of them seem capable to take control of the effected system. These vulnerabilities created a trend micro zero-day notice

The vulnerabilities impact the Windows and Mac operating systems. Acrobat DC (continuous) versions 2018.009.20050 and earlier, Acrobat 2017 versions 2017.011.30070 and earlier, Acrobat Reader 2017 versions 2017.011.30070 and earlier, and Acrobat DC (Classic Track) versions 2015.006.30394 and earlier are all affected.

It is important to update and patch as it is believed the Flash exploit is being used in the wild by North Korean cyberattackers to compromise systems. It would be fair going forward to assume that malicious attackers would also add this vulnerability regardless of their world location or government.

New Ransomware Named PyLocky Discovered

by 1 Comment

https://latesthackingnews.com/2018/09/14/new-ransomware-named-pylocky-discovered/

As the title says, Trend Micro has a newly discovered ransomware. This malware poses as another ransomware known as Locky yet seems to be just riding on Locky’s infamy coattails. This malware uses Python Scripts converted into standalone executables, lays dormant for 11.5 days or 999,999 seconds before it begins to encrypts files in 3DES… all while communicating to the control server. Yikes…

Attacks have been mostly European focused.

Chrome extension MEGA hacked affecting 1.6 million users.

by Leave a Comment

https://latesthackingnews.com/2018/09/09/mega-chrome-extension-hacked-affecting-1-6-million-users/

Chrome extension MEGA hacked affecting 1.6 million users.

I am not familiar with MEGA but I am with cryptocurrencies and MEGA is an Chrome extension for business regarding cryptocurrencies. A trojan infected extension for chrome has effected 1.6 million users. They data susceptible extends beyond millions of worth of cryptocurrencies but also account user names and passwords for companies such as Microsoft, Github, Google, and Amazon.

It was swiftly removed from the Chrome Store and an update for MEGA was released. If you use it… better update. I would look into your accounts as well.