• Log In
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Home
  • About
  • Structure
  • Gradebook

ITACS 5211: Introduction to Ethical Hacking

Wade Mackey

Raaghav Sharma

Thousands of WordPress sites backdoored with malicious code

September 22, 2018 by Raaghav Sharma 1 Comment

Thousands of WordPress sites have been hacked and compromised with malicious code this month, according to security researchers at Sucuri and Malwarebytes.

All compromises seem to follow a similar pattern –to load malicious code from a known threat actor– although the entry vector for all these incidents appears to be different.

Researchers believe intruders are gaining access to these sites not by exploiting flaws in the WordPress CMS itself, but vulnerabilities in outdated themes and plugins.

 

When they gain access to a site, they plant a backdoor for future access and make modifications to the site’s code.

https://www.zdnet.com/article/thousands-of-wordpress-sites-backdoored-with-malicious-code/

Wi-Jacking – New Wifi Attack Allow Accessing Millions of Neighbour’s WiFi Without Cracking

September 14, 2018 by Raaghav Sharma 2 Comments

ewly identified WiFi attack called Wi-Jacking allow hackers to attack millions of WiFi network and accessing the neighbor’s WiFi without any form of Cracking.

few pre-requisites for this:

  • There MUST be an active client device on the target network
  • Client device MUST have previously connected to any other open network and allowed automatic reconnection
  • Client device SHOULD* be using a Chromium-based browser such as Chrome or Opera
  • Client device SHOULD** have the router admin interface credentials remembered by the browser
  • Target network’s router admin interface MUST be configured over unencrypted HTTP

Mitigations

  • Only login to your router using a separate browser or incognito session
  • Clear your browser’s saved passwords and don’t save credentials for unsecure HTTP pages
  • Delete saved open networks and don’t allow automatic reconnection
  • As it is nearby impossible to tell if this attack has already happened against your network, change your pre-shared keys and router admin credentials ASAP. Again, use a separate/private browser for the configuration and choose a strong key.

https://gbhackers.com/wi-jacking-wifi-attack/

DEF CON 2018: Hacking Medical Protocols to Change Vital Signs

September 8, 2018 by Raaghav Sharma 1 Comment

Doug McKee, senior security researcher at McAfee’s Advanced Threat Research team, has discovered a weakness that allows data on the patient’s condition to be modified by an attacker in real-time, to provide false information to medical personnel.

Medical devices use RWHAT protocol, to monitor a patient’s condition and vital signs. Using a small Raspberry device he could trick the nurse’s station monitor into thinking it’s communicating with something other than what it is.

The best defense for a hospital is to ensure that its networks are properly set up and isolated, and that devices are patched and that default passwords are changed.

https://threatpost.com/def-con-2018-hacking-medical-protocols-to-change-vital-signs/134967/

New PHP Code Execution Attack Puts WordPress Sites at Risk

September 8, 2018 by Raaghav Sharma Leave a Comment

A new exploitation technique has been discovered that could make it easier for hackers to trigger critical deserialization vulnerabilities in PHP programming language using previously low-risk considered unserialize() PHP function.

https://thehackernews.com/2018/08/php-deserialization-wordpress.html

  • « Go to Previous Page
  • Page 1
  • Page 2

Primary Sidebar

Weekly Discussions

  • Uncategorized (14)
  • Week 01: Overview (7)
  • Week 02: TCP/IP and Network Architecture (18)
  • Week 03: Reconnaisance (17)
  • Week 04: Vulnerability Scanning (19)
  • Week 05: System and User Enumeration (17)
  • Week 06: Sniffers (17)
  • Week 07: NetCat and HellCat (15)
  • Week 08: Social Engineering, Encoding and Encryption (21)
  • Week 09: Malware (14)
  • Week 10: Web Application Hacking (17)
  • Week 11: SQL Injection (15)
  • Week 12: Web Services (25)
  • Week 13: Evasion Techniques (8)
  • Week 14: Review of all topics (15)

Copyright © 2025 · Magazine Pro Theme on Genesis Framework · WordPress · Log in