ITACS 5211: Introduction to Ethical Hacking
Wade Mackey
Iran was hit by another malware similar to one their nuclear plant was hit with in the past called Stuxnet. This attack is most likely from Israel. Shows you how warfare has moved in to the cyber world. I think these type of attacks are only going to grow in frequency. I would also bet for everyone we hear about, there’s a handful of other ones that fly under the radar without getting any publicity.
https://securityaffairs.co/wordpress/77553/cyber-warfare-2/stuxnet-new-version-iran.html
What has the world come too! IBM is buying Red Hat? The company that used to walk hand and hand with Microsoft Windows back in the day is now moving forward with purchasing Red Hat a major Linux platform. $33.4 Billion dollars is what the deal is worth. This is going to help them get deeper into cloud an more enterprise networks. I thought this was security worthy news given linux is usually the choice of Operating System for security minded people and it’s going to push it forward in the right direction.
https://www.bloomberg.com/news/articles/2018-10-28/ibm-is-said-to-near-deal-to-acquire-software-maker-red-hat
Looks like a Telsa owner caught on camera some thieves that tried to steal his Telsa Model S car by hacking the passive entry system. Telsa has some preventative controls developed to prevent this however the guy had not implemented them. For example, there’s a way to make the user put in a PIN number to activate the car to drive. Or there’s a way to use a “Faraday pouch” to store the fob, which would have prevented the thieves from nabbing the signals that he didn’t use either.
It comes down to if you lock the doors to your house but leave the windows open you will still be vulnerable to a thief. Telsa has come up with ways to lock your doors, your windows and every other entry point but the car owners need to implement them or this can happen.
https://www.engadget.com/2018/10/22/tesla-model-s-theft-keyfob-hack/
Looks like Facebook’s answer to it’s hack that exposed millions of people’s information is to buy a cyber security company. Must be nice to be able to just throw money at a problem for it to go away! I wonder what other high profile company’s will use this tactic to battle their security issues that might come up in the future!
https://www.engadget.com/2018/10/21/facebook-may-buy-large-cybersecurity-company/
The US Government Accountability Office found that theDoD won’t admit that their systems are vulnerable! “Specifically, the report concludes that almost all weapons that the DOD tested between 2012 and 2017 have “mission critical” cyber vulnerabilities.” They believe, just like in all other industries, these systems were built without cybersecurity in mind. The found things like poor password hygiene and lack of encryption just to name a few. While testing, they were even able to take control of some of these weapon systems! Kind of scary!
https://www.wired.com/story/us-weapons-systems-easy-cyberattack-targets/
The Wi-Fi Alliance group that manages the implementation of WiFi has announced that the next version of WiFi standard will be called WiFi 6 instead of 802.11ax.
They also announced they are changing older versions to this new simplified way as well.
They are also going to have new corresponding icons to go with each one to make it easier for users.
https://thehackernews.com/2018/10/wifi-version-6.html
The governor of California just signed into law the first law in American history that ensures that IoT devices/gadgets have “reasonable” security features that “protect the device and any information contained therein from unauthorized access, destruction, use, modification, or disclosure.” I think it’s kind of sad that the law has to force vendors to build their products more securely. But if it’s going to take something like this for it to happen then so be it! Wonder how the rest of the country is going to follow and what fines and law suites are going to come about if a vendor does not comply. Will they not be able to sell their product in Cali? What if they bought it on Amazon across state lines?
https://www.cnet.com/news/california-governor-signs-countrys-first-iot-security-law/
The new MacOS Mojave was released to the public today. But it looks like there’s a zero day privilege escalation bug in it. The “entrusted” app was able to grab data from the system where you were supposed to have privileged access to access it.
https://www.bleepingcomputer.com/news/security/macos-mojave-privacy-bypass-flaw-allows-access-to-protected-files/
So it looks like there was a Virus Total Like service called “Scan4You” that would scan a malicious developers malware to see if it would be able to get past security software/AV providers. One of the gentlemen behind it was caught and sentence to jail. But interesting that they are using similar services for the opposite use of what security professionals would use tools like Virus Total for.
https://thehackernews.com/2018/09/scan4you-malware-scanner.html
It looks like Brian Kreb’s is reporting on a new initiative between the 4 major wireless carrier, AT&T, Verizon, Sprint and T-Mobile to give customers a new way to authenticate on the Internet. I have mixed feelings about this cause the carriers don’t typically do a good job with authenticating their own customers. Not sure how well this is going to work or going to be received by the general population.
https://krebsonsecurity.com/2018/09/u-s-mobile-giants-want-to-be-your-online-identity/