• Log In
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Ethical Hacking

Wade Mackey

Ethical Hacking

MIS 5211.001 ■ Fall 2019 ■ Wade Mackey
  • Home
  • About
  • Syllabus
  • Gradebook

Jaimin Pandya

DoorDash Data Breach

September 26, 2019 by Jaimin Pandya 1 Comment

Data breach seems to be a trend this month. Doordash, a food delivery company, confirmed data breach this afternoon in which over 4 million people which includes employees, customers, and merchant’s data have been reported stolen. Apparently it happened over 5 months ago and the company came out with this news today. According to TechCrunch – “The breach happened on May 4, the company said, but added that customers who joined after April 5, 2018 are not affected by the breach.

It’s not clear why it took almost five months for DoorDash  to detect the breach.

DoorDash spokesperson Mattie Magdovitz blamed the breach on “a third-party service provider,” but the third-party was not named. “We immediately launched an investigation and outside security experts were engaged to assess what occurred,” she said.

Users who joined the platform before April 5, 2018 had their name, email and delivery addresses, order history, phone numbers and hashed and salted passwords stolen.

The company also said consumers had the last four digits of their payment cards taken, though full numbers and card verification values (CVV) were not taken. Both delivery workers and merchants had the last four digits of their bank account numbers stolen.”

More than 100,000 driver licenses have been stolen as well. What boggles me is that the company failed to take proper steps after their customers had complained about their accounts getting hacked.

Source Link: https://techcrunch.com/2019/09/26/doordash-data-breach/

Filed Under: Week 05: Metasploit Tagged With:

VMware issues patches for vSphere ESXi and vCenter Server

September 22, 2019 by Jaimin Pandya 2 Comments

Since Rami posted about a newer version of VMware getting released, I figured I’d put it out there. Anyone running the above mentioned versions may want to apply 4 patches that were addressed by VMware this past week. I will list them out below:

CVE-2019-5534 covers an issue where virtual machines deployed in an Open Virtualization Format (OVF) could expose login information via the virtual machine’s vAppConfig properties. This can be resolved by updating to the latest version.

CVE-2019-5532 covers a situation where a malicious user with access to the log files containing vCenter OVF-properties of a virtual machine deployed from an OVF may be able to view the credentials used to deploy the OVF. This is typically done through the root account of the virtual machine. A patched version is now available for upload.

CVE-2019-5531 involves an information disclosure vulnerability in clients arising from insufficient session expiration that would allow an attacker with physical access or an ability to mimic a websocket connection to a user’s browser to possibly obtain control of a VM Console after the user has logged out or their session has timed out. A patched version is now available for upload.

CVE-2017-16544 is a vulnerability in ESXi where it contains a command injection vulnerability due to the use of vulnerable version of busybox that does not sanitize filenames. An attacker may exploit this issue by tricking an ESXi Admin into executing shell commands by providing a malicious file, VMware wrote. A patched version is now available for upload.

Source Link: https://www.scmagazine.com/home/security-news/vulnerabilities/patches-issued-for-vmwares-vsphere-esxi-vmware-vcenter-server/

Filed Under: Uncategorized Tagged With:

Ecuador’s biggest data breach?

September 18, 2019 by Jaimin Pandya Leave a Comment

The news broke out today that an IT firm’s manager has been arrested after personal details of almost ENTIRE population of Ecuador was left exposed online. “Personal records of more than 20 million adults and children, both dead and alive, were found publicly exposed on an unsecured Elasticsearch server by security firm vpnMentor, which made the discovery during its large-scale mapping project. For a country with a population of over 16 million people, the breach exposed details of almost every Ecuadorian citizen, including President Lenín Moreno as well as WikiLeaks CEO Julian Assange, who was given political asylum in the country in 2012.” This is some serious stuff.

What happened?

Per the article “The unsecured Elasticsearch server, which was based in Miami and owned by Ecuadorian company Novaestrat, contained 18GB cache of data appeared to have come from a variety of sources including government registries, an automotive association called Aeade, and an Ecuadorian national bank called Biess. The cache reportedly contained everything from full names, gender, dates and places of birth, phone numbers and addresses, to marital statuses, national identification numbers (similar to social security numbers), employment information, and details of education. The cache also contained specific financial information related information to accounts held with the Ecuadorian national bank Biess, including person’s bank account statuses, current balances and credit type, along with detailed information about individuals’ family members.”

From what I read it seems that the government and its telecom agencies are going to take strict actions against the private companies. Ecuador is also amidst passing a new data privacy law which they have been apparently working on for almost a year now.

Source Article Link: https://thehackernews.com/2019/09/ecuador-data-breach.html

Filed Under: Uncategorized Tagged With:

SimJacker – Hacking phones via SMS!

September 14, 2019 by Jaimin Pandya 1 Comment

We vaguely talked about a vulnerability or vulnerabilities at this point in sim card which allows attackers to compromise cell phones. From thehackernwes.com I was able to track down the article which talks about it. Known as “SimJacker” the threat lies in the SIM toolkit which can be exploited no matter what type of cellphone users have. This particular type of SIM card is used in over 30 countries and more than a few dozen big operators use that. The freaky part is according to the article – “What’s worrisome? A specific private company that works with governments is actively exploiting the SimJacker vulnerability from at least the last two years to conduct targeted surveillance on mobile phone users across several countries.” The article explains what exactly the SimJacker does and how it works.

“Disclosed by researchers at AdaptiveMobile Security in new research published today, the vulnerability can be exploited using a $10 GSM modem to perform several tasks, listed below, on a targeted device just by sending an SMS containing a specific type of spyware-like code.

Retrieving targeted device’ location and IMEI information,

  • Spreading mis-information by sending fake messages on behalf of victims,
  • Performing premium-rate scams by dialing premium-rate numbers,
  • Spying on victims’ surroundings by instructing the device to call the attacker’s phone number,
  • Spreading malware by forcing victim’s phone browser to open a malicious web page,
  • Performing denial of service attacks by disabling the SIM card, and
  • Retrieving other information like language, radio type, battery level, etc.”

Kind of a long read but worth it. Alarming imo!

Source Link: https://thehackernews.com/2019/09/simjacker-mobile-hacking.html

 

Filed Under: Uncategorized Tagged With:

InnfiRAT Malware – Targets machines with cryptocurrency cred details!

September 13, 2019 by Jaimin Pandya Leave a Comment

There is a new type of specific malware in the web environment today which basically “specializes” in theft of cryptocurrency. Yes, you read that right. The malware comes packed with Trojan capabilities as one of the article mentioned and will infect itself once it has identified sources of cryptocurrency wallet data. So you may wonder how does it spread? Phishing! It is developed on .net and gets sent out via phishing emails with attachments or even drive by downloads. As soon as the malware has made it entrance onto your machine, “it will make a copy of itself and hide it in the AppData directory before writing a Base64 encoded PE file in memory to execute the main functionality of the Trojan. In the quest for cryptocurrency, InnfiRAT will scan for information relating to cryptocurrency including Bitcoin (BTC) and Litecoin (LTC) wallets by checking for %AppData%\Litecoin\wallet.dat and %AppData%\Bitcoin\wallet.dat. If they are present, the malware will siphon existing data that can be used to compromise these wallets and potentially steal virtual funds.”  Check out the link to find out more about it. Looks pretty interesting and scary! (source link: https://www.zdnet.com/article/innfirat-malware-lurks-in-your-machine-to-steal-cryptocurrency-wallet-data/)

 

Filed Under: Uncategorized Tagged With:

HackerOne – Company secures $110 mil in funding!

September 8, 2019 by Jaimin Pandya 1 Comment

I usually check TechCrunch at least twice or three times a week and I recommend my classmates to do the same because you can find all tech related news on this platform. Anyway, I came cross this article that mentions about this company called HackerOne that “ that mediates between hackers and companies interested in testing their online vulnerabilities” which managed to raise $36 million in Series D funding bringing total funding to $110 mil. The article talks briefly what the company does and how it helps their client “to help find critical security weaknesses so they can address them before players with nefarious intentions find and exploit them.” They have over 1500 customers currently (Google, AirBnB, Intel just to name a few). They are also invested in working with Facebook on some blockchain stuff which I thought was super interesting. As we all know that cybersecurity domain is one of the fastest growing domains right now and companies like BugCrowd and HackerOne further proves why. Businesses are vulnerable to data leakage and different types of attacks so there will be new mechanisms and software companies in market to battle these issues.

Link: https://techcrunch.com/2019/09/08/hackerone-just-closed-a-new-round-of-funding-that-brings-its-total-funding-to-110-million/

Filed Under: Uncategorized Tagged With:

What is Network Encryption?

September 8, 2019 by Jaimin Pandya 1 Comment

For my folks with some non-technical background, this is something related to what we discussed in our last class. The article listed here talks about the importance of Network Encryption. Although we don’t realize it but it plays a really important part every time we go online whether it be accessing bank information or browsing through websites. It goes on to explain what an Encryption Key is and the algorithms behind it along with the keys which the SSL encryption depends on. I will try to hunt down the article about the strong encryption method that requires a ton of computing power (I think it was RSA).

https://www.lifewire.com/introduction-to-network-encryption-817993

Filed Under: Uncategorized Tagged With:

  • « Go to Previous Page
  • Page 1
  • Page 2

Primary Sidebar

Weekly Discussions

  • Uncategorized (55)
  • Week 01: Overview (6)
  • Week 02: TCP/IP and Network Architecture (2)
  • Week 03: Reconnaisance (7)
  • Week 04: Network Mapping and Vulnerability Scanning (4)
  • Week 05: Metasploit (9)
  • Week 06: More Metasploit (8)
  • Week 07: Social Engineering (11)
  • Week 08: Malware (19)
  • Week 09: Web Application Hacking (14)
  • Week 10: SecuritySheperd (12)
  • Week 11: Intro to Dark Web and Intro to Cloud (10)
  • Week 12: Introduction to Wireless Security with WEP and WPA2 PSK (6)
  • Week 13: WPA2 Enterprise and Beyond WiFi (11)
  • Week 14: Jack the Ripper, Cain and Able, and Ettercap (9)

Copyright © 2025 · Course News Pro on Genesis Framework · WordPress · Log in