• Log In
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Home
  • About
  • Structure
  • Gradebook

ITACS 5211: Introduction to Ethical Hacking

Wade Mackey

Week 08: Social Engineering, Encoding and Encryption

Five cyber security threats to be aware of

November 26, 2018 by Manogna Alahari 1 Comment

https://www.iol.co.za/business-report/technology/five-cyber-security-threats-to-be-aware-of-17396238

Phishing: Phishing emails look like they are from a recognized source and target you into giving them things like your banking details or login credentials to valuable data sources hence double check the address of the sender, and usually a phishing email is not 100% correct.

Mobile security: Mobile apps are full of spyware, which takes your data and shares it in the background without you having any knowledge that your data is being shared. Also,before you download an app check the permissions it is asking for

Passwords: many people use the same password for many other different sites, and hackers would have access to many of your profiles.

Public and private wifi: Do not use public wifi to access sensitive information such as mobile account because you could connect someone else’s computer and they are collecting people’s information.

Be aware: Beware, cyber-criminals are using face to face or telephone conversations, pretending to be a customer or a person wanting to do business with you to information that they can use.

Three important things that a social engineering attacker harvest on

November 15, 2018 by Jayapreethi Selvaraju Leave a Comment

https://www.fraudconferencenews.com/home/2018/4/10/cybersecurity-expert-speaks-on-social-engineering-techniques-and-gdpr-vulnerabilities

This article has interesting comments about user behavior. and it says that the three “hot states” that fraudsters tap into when attempting their scams in the hopes of clouding your better judgment:

  1. Authority: When an email looks like it comes from your boss or someone with a lot of authority or gravitas, you don’t want to challenge them.
  2. Curiosity: When social engineers mention salaries and bonuses, or when you receive an email from a friend with pictures of wild party a few weeks ago, you may act on your curiosity.
  3. Temptation: When we are made to feel sexually interested in something, we don’t think about a dangerous situation we could be getting ourselves into.

Peek Inside a Professional Carding Shop

October 24, 2018 by Anthony Quitugua 1 Comment

This is a great synopsis of how fraudsters buy and sell stolen credit car credentials.  It’s a good read, and kind of scary when you see how easy and well organized they are.

 

https://krebsonsecurity.com/2014/06/peek-inside-a-professional-carding-shop/

Nearly Half of Americans Willing to Give Brands a Pass for a Data Breach

October 24, 2018 by Connor Fairman 1 Comment

I chose this article because I thought it was funny how the title seems to directly contradict the argument of the last article I posted, which stated that Americans are avoiding companies that get hacked in greater numbers than before. On the other hand, the article focuses on companies that experience data breaches, and not necessarily the theft of customer funds or payment information. This seems to support my suspicion that people care a lot more about a hack involving their wallet, and care much less about hackers gaining access to their personal information.

https://www.securitymagazine.com/articles/89487-nearly-half-of-americans-willing-to-give-brands-a-pass-for-a-data-breach

83% Avoid a Business Following Breach and 21% Never Return

October 24, 2018 by Connor Fairman Leave a Comment

This is a statistic that frankly surprises me. I don’t know anyone that has actually quit Facebook or any other company after their breaches. On the other hand, this is almost refreshing. In an ideal world, companies that aren’t responsible should get punished by losing their customers. Perhaps this applies to different industries, and not to others at all. For example, it would make sense for people to take breaches particularly seriously when their credit cards are concerned. So, it could be expected that people would avoid shopping websites after a breach. On the other hand, maybe people don’t fully grasp the importance of a breach of a social media platform that collects data about them.

https://www.securitymagazine.com/articles/89501-avoid-a-business-following-breach-and-21-never-return

Dark web criminals are selling legitimate passport scans for as little as $14

October 24, 2018 by Raaghav Sharma Leave a Comment

Cybercriminals are now selling legitimate passports alongside identity verification documents on the dark web. This kind of data could be used by cybercriminals to steal identities, open bank accounts and more. Security experts found that passport scans were being sold on multiple popular dark web markets such as Dream Market, Berlusconi Market, Wall Street Market, and Tochka Free Market.

While the average price of a digital passport scan was around $14, those interested in purchasing a physical passport had to cough up a whopping $13,000. According to researchers at Comparitech, who discovered this dark market sales trend, all of these fake passports – both digital and physical – can be bought using cryptocurrencies like Bitcoin or Monero.

These passports can be used by crooks to open bank accounts, as some banks now require only two ID proof documents. These fake bank accounts can also be used for other illicit transactions in a “bank drop” scam.

https://cyware.com/news/dark-web-criminals-are-selling-legitimate-passport-scans-for-as-little-as-14-b2df2d2d

The Cybersecurity 202: Tim Cook’s sharp rebuke of ‘data industrial complex’ draws battle lines in privacy debate

October 24, 2018 by Connor Fairman Leave a Comment

This is a broader conversation about the implications of private companies collecting tons of data about its users. Tim Cook criticizes companies like Facebook that profit off of selling its users’ data to advertisers and other parties. He also touches upon the risk associated with protecting that much sensitive data about users that could be used to embarrass, blackmail, and threaten people. I’m curious to see if in the future the United States will enact “right to be forgotten” legislation like we have seen in Europe.

https://www.washingtonpost.com/news/powerpost/paloma/the-cybersecurity-202/2018/10/24/the-cybersecurity-202-tim-cook-s-sharp-rebuke-of-data-industrial-complex-draws-battle-lines-in-privacy-debate/5bcf55c41b326b559037d293/?utm_term=.c4954b693ae2

Security firm finds county election websites lack cybersecurity protections

October 24, 2018 by Connor Fairman 2 Comments

This is a rather alarming piece that explains that county election sites lack the cybersecurity protections that they need. It’s pretty crazy that they are not up to higher standards, based off of issues with our own election and events worldwide that highlight the susceptibility of these machines.

https://thehill.com/policy/cybersecurity/412993-security-firm-finds-county-election-sites-lack-cybersecurity-protections

Magecart Hackers Now Targeting Vulnerable Magento Extensions

October 24, 2018 by Satwika Balakrishnan Leave a Comment

 

Magecart is a hacker group specializing in skimming credit card information from unsecured payment forms on websites. This hacker group had previously compromised large websites including British Airways and Ticketmaster. They have now turned to vulnerable Magento extensions. As part of this, these attackers insert a small piece of JavaScript code onto the compromised website to steal all of the credit card information.

The hackers conduct a thorough reconnaissance and only then do they inject their code since each attack is specifically tailored for the targeted site. They make sure that their code blends in with the rest of the domain’s resources, thus making them hard to detect.

https://www.securityweek.com/magecart-hackers-now-targeting-vulnerable-magento-extensions

The Latest in Phishing: October 2018

October 24, 2018 by Haitao Huang 4 Comments

 

  • The number of fake support accounts targeting Proofpoint’s global customer base rose 37% from Q1 to Q2 2018.
  • More than 65% of the companies that were targeted by email fraud in Q1 had the identities of more than five employees spoofed.
  • The number of email fraud attacks per targeted company was 25% higher in Q2 than in Q1, with the government and retail sectors experiencing the largest increase in email fraud attempts.
  • Malicious phishing message volume increased 36% between Q1 and Q2 2018.
  • Ransomware was back on the scene in Q2 but is still lagging from a volume perspective, accounting for just a little more than 11% of total malicious messages during the measurement period.
  • Proofpoint researchers also detected a 30% increase in phishing links on social media.

https://www.wombatsecurity.com/blog/the-latest-in-phishing-october-2018

  • Page 1
  • Page 2
  • Page 3
  • Go to Next Page »

Primary Sidebar

Weekly Discussions

  • Uncategorized (14)
  • Week 01: Overview (7)
  • Week 02: TCP/IP and Network Architecture (18)
  • Week 03: Reconnaisance (17)
  • Week 04: Vulnerability Scanning (19)
  • Week 05: System and User Enumeration (17)
  • Week 06: Sniffers (17)
  • Week 07: NetCat and HellCat (15)
  • Week 08: Social Engineering, Encoding and Encryption (21)
  • Week 09: Malware (14)
  • Week 10: Web Application Hacking (17)
  • Week 11: SQL Injection (15)
  • Week 12: Web Services (25)
  • Week 13: Evasion Techniques (8)
  • Week 14: Review of all topics (15)

Copyright © 2025 · Magazine Pro Theme on Genesis Framework · WordPress · Log in