Week 03: Reconnaisance

https://latesthackingnews.com/2018/09/14/new-ransomware-named-pylocky-discovered/

As the title says, Trend Micro has a newly discovered ransomware. This malware poses as another ransomware known as Locky yet seems to be just riding on Locky’s infamy coattails. This malware uses Python Scripts converted into standalone executables, lays dormant for 11.5 days or 999,999 seconds before it begins to encrypts files in 3DES… all while communicating to the control server. Yikes…

Attacks have been mostly European focused.

ewly identified WiFi attack called Wi-Jacking allow hackers to attack millions of WiFi network and accessing the neighbor’s WiFi without any form of Cracking.

few pre-requisites for this:

• There MUST be an active client device on the target network
• Client device MUST have previously connected to any other open network and allowed automatic reconnection
• Client device SHOULD* be using a Chromium-based browser such as Chrome or Opera
• Client device SHOULD** have the router admin interface credentials remembered by the browser
• Target network’s router admin interface MUST be configured over unencrypted HTTP

Mitigations

• Only login to your router using a separate browser or incognito session
• Clear your browser’s saved passwords and don’t save credentials for unsecure HTTP pages
• Delete saved open networks and don’t allow automatic reconnection
• As it is nearby impossible to tell if this attack has already happened against your network, change your pre-shared keys and router admin credentials ASAP. Again, use a separate/private browser for the configuration and choose a strong key.

https://gbhackers.com/wi-jacking-wifi-attack/

https://capture.fox.temple.edu/Mediasite/Play/ddd3cd0dc4d54b118fab6e7ba8a317a21d

Intro-to-Ethical-Hacking-Week-3

It looks like Brian Kreb’s is reporting on a new initiative between the 4 major wireless carrier, AT&T, Verizon, Sprint and T-Mobile to give customers a new way to authenticate on the Internet.  I have mixed feelings about this cause the carriers don’t typically do a good job with authenticating their own customers.  Not sure how well this is going to work or going to be received by the general population.

https://krebsonsecurity.com/2018/09/u-s-mobile-giants-want-to-be-your-online-identity/

Funny we were just talking about this yesterday in class.  A new article on a new cold boot attack popped up on my feed this morning.  It’s a variation of the old cold boot attack the Professor mentioned in class yesterday.  Researchers from the Finnish cyber-security firm F-Secure are figuring out a safeguard that was protecting computers from this attack.

https://thehackernews.com/2018/09/cold-boot-attack-encryption.html