• Log In
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Home
  • About
  • Structure
  • Gradebook

ITACS 5211: Introduction to Ethical Hacking

Wade Mackey

Week 05: System and User Enumeration

How to Protect Your Online Privacy: A Practical Guide

November 15, 2018 by Jayapreethi Selvaraju Leave a Comment

https://www.technewsworld.com/story/85663.html

This article lists few key things that we can do to protect our personal devices

  1. Beware of Internet Service Providers

2. Strengthen and Protect Your Login Credentials

3. Check the WiFi You’re Using

4. Watch Your Browser

5. Use a Private Search Engine

6. Install a VPN

7. Watch Out for Phishing

8. Encrypt Your Communications

9. Watch What You Share on Social Media

10. Update Early and Often

 

4 Things You Should Include In Your Data Breach Response Plan

October 3, 2018 by Nishit Darade 1 Comment

4 Things You Should Include In Your Data Breach Response Plan
– By JAKE OLCOTT

Data breach response pages can be tens to hundreds of pages long depending on the size of your organization and the criticality of your data. Following a set data breach response template isn’t advisable because different organization have different infrastructure and their unique scenario.
The following are four must have points for a data breach response plan:

1. The type of data that constitutes a data incident.
• Incidents or breaches that involve legally protected information such as PII or PHI which requires immediate notification to affected users.
• Incidents or breaches that represent a small material loss to the company which may not require notification to stakeholders.
2. The parties responsible during a data breach.
• IT/IT Security Department
• Legal Department
• Communications Department
• HR Department
• Executives
3. The internal escalation processes:
When a data incident occurs on your network, you need a rock-solid internal escalation process established for escalating the incident up through your organization.
4. The external escalation process:
Aside from escalating a data incident inside your organization, you also need to include the external escalation process in your data breach response plan.

Reference:
1) JAKE OLCOTT, “4 Things You Should Include In Your Data Breach Response Plan,” February 16, 2017 , https://www.bitsighttech.com/blog/data-breach-response-plan-4-things-include

Bank Servers Hacked to Trick ATMs into Spitting Out Millions in Cash

October 3, 2018 by Ruby(Qianru) Yang 1 Comment

The US-CERT has released a joint technical alert from the DHS, the FBI, and Treasury warning about a new ATM scheme being used by the prolific North Korean APT hacking group known as Hidden Cobra.
Hidden Cobra, also known as Lazarus Group and Guardians of Peace, is believed to be backed by the North Korean government and has previously launched attacks against a number of media organizations, aerospace, financial and critical infrastructure sectors across the world.
The group had also reportedly been associated with the WannaCry ransomware menace that last year shut down hospitals and big businesses worldwide, the SWIFT Banking attack in 2016, as well as the Sony Pictures hack in 2014.

 

https://thehackernews.com/2018/10/bank-atm-hacking.html?m=1

Hackers Stole 50 Million Facebook Users’ Access Tokens Using Zero-Day Flaw

October 3, 2018 by Connor Fairman Leave a Comment

When you log into any social media platform, you are issued a unique app token, which is usually a hashed string. This allows us to avoid logging in everytime we want to access Facebook, LinkedIn, etc. Hashing this string is supposed to make it impossible for a hacker to brute force figure out. Yet, somehow, hackers have found a zero-day vulnerability in Facebook’s software, which has given them access to 50 million users’ tokens. With this, they presumably could access a user’s account and all of their account data. Also, when users do things on Facebook, such as make a post or like a picture, Facebook first checks their token to make sure they’re someone who is authorized to do these things. Hence, another risk, aside from data and information theft, is that hackers with these access tokens used them to do things on Facebook, like post advertisements or inflammatory posts, under someone else’s name.

https://thehackernews.com/2018/09/facebook-account-hack.html

Bank Servers Hacked to Trick ATMs into Spitting Out Millions in Cash

October 3, 2018 by Connor Fairman Leave a Comment

A North Korean hacking agency has devised a new way to trick ATMs into releasing large quantities of cash. The scheme is targets switch application servers. The switch application server is used to communicate with the bank to validate a user’s account details for a requested transaction, such as a withdrawal.

The hackers first infected these servers with malware. Next, they attempt to make a withdrawal. The malware infected server sends back a fake affirmative response which then makes the ATM think the request has been accepted. The bank never gets notified.

https://thehackernews.com/2018/10/bank-atm-hacking.html

THE FACEBOOK SECURITY MELTDOWN EXPOSES WAY MORE SITES THAN FACEBOOK

October 3, 2018 by Anthony Quitugua 1 Comment

https://www.wired.com/story/facebook-security-breach-third-party-sites/

 

FACEBOOK revealed that it had suffered a security breach that impacted at least 50 million of its users, and possibly as many as 90 million. What it failed to mention initially, but revealed in a followup call Friday afternoon, is that the flaw affects more than just Facebook. If your account was impacted it means that a hacker could have accessed any account that you log into using Facebook.

“The access token enables someone to use the account as if they were the account holder themselves. This does mean they could access other third-party apps using Facebook login,” Guy Rosen, Facebook’s vice president of product, said in a call with reporters Friday. “Developers who used Facebook login will be able to detect those access tokens have been reset.”

Complicated iOS 12 Passcode Bypass Exposes iPhone Data To Hackers

October 2, 2018 by Brock Donnelly 2 Comments

https://latesthackingnews.com/2018/10/01/complicated-ios-12-passcode-bypass-exposes-iphone-data-to-hackers/

A vulnerability has been found in iOS 12. Jose Rodriguez an avid bug uncovered found that with siri lock screen access he can bypass the passcode screen to gain access to addressbook, photos, notes and make calls. The author off the article describes the bug as complicated but from the video demonstrations it appears to be performed effortlessly. I could see performing from or writing the instructions a bear but it was performed in no time at all. Check the link to see the bug performed.

Facebook Was Hacked. 3 Things You Should Do After the Breach.

October 1, 2018 by Xinteng Chen 4 Comments

Facebook was attacked by hackers. Nearly 50 million user accounts were affected in this incident. Hackers let people see their profile which looks like their friends’ profile.  Hackers exploited a weakness in the tool to gain access to digital keys that let people access Facebook from a personal device without having to re-enter a password. The keys can be used by hackers to tack over the accounts. After the incident, there are three thins we need to do. First is to audit your devices. If you see you account login on a unfamiliar device or location, click “Remove” to remove the devices out of the account. Second is to change your password. Hackers may gain the passwords to access the accounts, so changing password is needed. Last is to turn on the two-factor authentication  Using the codes sent by text message to logon the accounts. That makes others hard to logon your account even though they have the password.

https://www.techvows.com/facebook-was-hacked-3-things-you-should-do-after-the-breach/

Week 5 Video Link

October 1, 2018 by Wade Mackey Leave a Comment

https://capture.fox.temple.edu/Mediasite/Play/59d9a020947042ff8e73851b78516a011d

Week 5 Presentation

October 1, 2018 by Wade Mackey Leave a Comment

Intro-to-Ethical-Hacking-Week-5-2

  • Page 1
  • Page 2
  • Go to Next Page »

Primary Sidebar

Weekly Discussions

  • Uncategorized (14)
  • Week 01: Overview (7)
  • Week 02: TCP/IP and Network Architecture (18)
  • Week 03: Reconnaisance (17)
  • Week 04: Vulnerability Scanning (19)
  • Week 05: System and User Enumeration (17)
  • Week 06: Sniffers (17)
  • Week 07: NetCat and HellCat (15)
  • Week 08: Social Engineering, Encoding and Encryption (21)
  • Week 09: Malware (14)
  • Week 10: Web Application Hacking (17)
  • Week 11: SQL Injection (15)
  • Week 12: Web Services (25)
  • Week 13: Evasion Techniques (8)
  • Week 14: Review of all topics (15)

Copyright © 2025 · Magazine Pro Theme on Genesis Framework · WordPress · Log in