https://krebsonsecurity.com/2018/09/browser-extensions-are-they-worth-the-risk/
Week 02: TCP/IP and Network Architecture
Ransomware Attack Takes Down Bristol Airport’s Flight Display Screens
https://thehackernews.com/2018/09/cyberattack-bristol-airport.html
Bristol Airport was faced with a blackout of flight information screens for two days over the weekend due to a ransomware attack. The attack affected several computers over the network, including its in-house display screens that provided information about flight arrival and departures. The airport staff had to rely on whiteboards to announce check-in, arrival and departure details. The ransomware was not paid in this case and the airport staff took down their systems while they serviced affected computers.
Chrome extension MEGA hacked affecting 1.6 million users.
Chrome extension MEGA hacked affecting 1.6 million users.
I am not familiar with MEGA but I am with cryptocurrencies and MEGA is an Chrome extension for business regarding cryptocurrencies. A trojan infected extension for chrome has effected 1.6 million users. They data susceptible extends beyond millions of worth of cryptocurrencies but also account user names and passwords for companies such as Microsoft, Github, Google, and Amazon.
It was swiftly removed from the Chrome Store and an update for MEGA was released. If you use it… better update. I would look into your accounts as well.
What is Metasploit?
Apparently Metasploit is one of the most commonly used penetration tools available. I discovered this after reading about how attackers can use Meterpreter to gain control over a user’s computer/device. Relevant to our class is the fact that the most recent version of Metasploit is in Ruby, which means that your computer must have Ruby installed in order to run this software. Good for those who have macs because I’m pretty sure they already have some version of Ruby installed on them.
The interesting bit about this is not that it’s commonly used or free, but that it seems relatively easy to download to start using. All you need is a machine with Ubuntu and a very minimal understanding of how to use the command line and you’re set. Another interesting thing to consider is that this software, while useful for testing purposes, can be exploited to do some truly alarming deeds, many of which are detailed thoroughly on the null-byte website.
https://null-byte.wonderhowto.com/how-to/hack-like-pro-getting-started-with-metasploit-0134442/
How to Hack into Someone’s Laptop Camera
Honestly this is something that I have wondered about for years now ever since the Lower Merion School District’s camera hacking controversy. Apparently it’s not that difficult to control someone’s camera after all. Step one is accidentally allowing someone to install Meterpreter on our computer, via an email attachment or something of the like. Through Meterpreter, the attacker gains access to our command shell aka our terminal. They can even run shell scripts on your computer through Meterpreter, which sends data back to the attacker in a way that doesn’t risk detection. Once meterpreter is installed, the attacker can list our devices’ cameras and access them via the command line. That simple.
https://null-byte.wonderhowto.com/how-to/hack-like-pro-secretly-hack-into-switch-on-watch-anyones-webcam-remotely-0142514/
https://null-byte.wonderhowto.com/how-to/hack-like-pro-hacking-samba-ubuntu-and-installing-meterpreter-0135162/
British Airways Hacked – 380,000 Payment Cards Compromised
British Airways, who describes itself as “The World’s Favorite Airline,” has confirmed a data breach that exposed personal details and credit-card numbers of up to 380,000 customers and lasted for more than two weeks.
The airline advised customers who made bookings during that 15 days period and believe they may have been affected by this incident to “contact their banks or credit card providers and follow their recommended advice.”
The company also said that saved cards on its website and mobile app are not compromised in the breach. Only cards that have been used by users to make booking payments during the affected period are stolen.
https://thehackernews.com/2018/09/british-airways-data-breach.html
Webserver serving swap files – vulnerability
https://webdevetc.com/blog/how-to-get-someones-database-credentials-while-they-are-editing-config-files-on-a-live-server
When editing on a web-server in production with an editor like Vim, that editor will create a swap file which could mistakenly be served to the public. Therefore it is
A) important to restrict the filetype that is being served (you can do this in .htaccess or php config (NodeJS doesn’t have this problem since files are served from the public folder only and html is templated first)).
B) do not edit on a production server, instead use a staging tool like Git.
Network Architecture:Hard-Coded Password in Cisco Software Lets Attackers Take Over Linux Servers
A critical vulnerability has been discovered in Cisco Prime Collaboration Provisioning software that could allow a local attacker to elevate privileges to root and take full control of a system. The vulnerability (CVE-2018-0141) is due to a hard-coded password for Secure Shell (SSH), which could be exploited by a local attacker to connect to the PCP’s Linux operating system and gain low-level privileges.
This vulnerability has been fixed in Cisco Secure ACS 5.8.0.32.9 Cumulative Patch. The company is strongly encouraging users to update their software to the latest versions as soon as possible, as there are no workarounds to patch these vulnerabilities.
https://thehackernews.com/2018/03/cisco-pcp-security.html
IoT – Threat in Network attack surface
Since last week was TCP/IP, I decided to post something on IoT. It is little old article but it has a snippet of code that can be used to control the coffee machine in your home using desktop computer instead of using the android phone app of the coffee machine. It is interesting. Take a look at
https://qz.com/901823/the-easy-way-your-smart-coffee-machine-could-get-hacked-and-ruin-your-life/
6 Ways to Fight Election Hacking and Voter Fraud, According to an Expert Panel
In this article, the author introduces about 6 ways to fight election hacking and voter fraud.
- Use paper ballots to establish a backup record of each vote. Using this way because even though devices and computers do not connect to internet, it is still hard to protect them from cyber threats. Therefore, each computer should generate paper records for votes.
- Outlaw any kind of internet voting – from now. Some states allow people to vote online, or vote by sending emails. It is not secure for data. Hacker could intercept these information and make changes. Therefore, internet voting should be terminated.
- Verify election results. All elective results should be audited publicly and transparently to make sure the results are accurately. Risk limiting audits should be conduct to double check the vote validation.
- Crosscheck voter registrations nationwide to weed out duplicates. All states should compare the registration database to make sure there is no duplicated vote in different states.
- Make voting by mail more secure. Mailing voting is securer than internet voting. Even though that has a risk of theft, the government has a system for people to verify their mails have been delivered.
- Spend more to make elections trustworthy. The government should spend more money on United States Election Assistance Commission. People can use that money to improve management and securer technologies.
Link: https://www.nytimes.com/2018/09/06/us/election-security-expert-panel.html?rref=collection%2Ftimestopic%2FComputer%20Security%20(Cybersecurity)&action=click&contentCollection=timestopics®ion=stream&module=stream_unit&version=latest&contentPlacement=1&pgtype=collection
I read an article titled – Browser Extensions: Are They Worth the Risk – where the author states, cyber criminals hacked browser extension of a popular file site- Mega.n, for google chrome so that usernames and passwords submitted through the browser were copied and forwarded to some scamp server in Ukraine. To avoid these kind of scenarios, limit the exposure to these attacks by getting rid of extensions that are no longer useful or actively maintained by developers since browser extensions can systematically fall into wrong hands. Browser extensions can be especially handy and useful, but negotiated extensions can give attackers access to all data on your computer and the websites we visit. In this case, the extension gets negotiated when someone with legitimate rights to alter its code gets phished or hacked which can be nightmares for users. If using multiple extensions, adopt a risk-based approach or limiting one’s reliance on third-party browser extensions reduces the risk significantly