Ethical Hacking

Wade Mackey

Ethical Hacking

MIS 5211.001 ■ Fall 2019 ■ Wade Mackey

Percy Jacob Rwandarugali

Evil Corp: US charges Russians over hacking attacks

by Leave a Comment

US authorities have filed charges against two Russian nationals alleged to be running a global cyber crime organisation named Evil Corp.

An indictment named Maksim Yakubets and Igor Turashev – who remain at large – as figures in a group which used malware to steal millions of dollars in more than 40 countries.

Those affected by the hacks include schools and religious organisations.

It is also alleged that Mr Yakubets worked for Russian intelligence.

Speaking at a news conference, Assistant Attorney General Brian Benczkowski said the attacks were among “the worst computer hacking and bank fraud schemes of the past decade”.

Mr Yakubets is accused of leading Moscow-based Evil Corp, while Mr Turashev allegedly acted as an administrator. The pair are thought to be in Russia.

https://www.bbc.com/news/world-us-canada-50677512

Chinese residents worry about rise of facial recognition

by Leave a Comment

A survey by a Beijing research institute indicates growing pushback against facial recognition in China.

Some 74% of respondents said they wanted the option to be able to use traditional ID methods over the tech to verify their identity.

Worries about the biometric data being hacked or otherwise leaked was the main concern cited by the 6,152 respondents.

Facial recognitions systems are being rolled out in stations, schools, and shopping centres across the country.

The survey, first reported in the West by The Financial Times, was released on Thursday by the Nandu Personal Information Protection Research Centre.

It has been described as being one of the first major studies of its kind into public opinion on the subject in mainland China.

Some 80% of respondents said they were concerned that facial recognition system operators had lax security measures.

 

https://www.bbc.com/news/technology-50674909

 

Amazon gets closer to getting Alexa everywhere

by Leave a Comment

“I test my own technology – with all of them being called Alexa, I see which one is waking up and whether it is the right device,” says the chief scientist of the AI division responsible for the tech.

That’s a lot of Alexa. But, it seems, still not enough.

In a one-on-one interview with the BBC, Mr Prasad discussed plans for Alexa to both become smarter and to follow users wherever they go. This is known in the trade as ubiquitous ambient computing, and Amazon hopes to corner the market.

In the US, it already sells an Echo system that plays Alexa through a car’s speakers. And Mr Prasad says he also wants the virtual assistant to accompany users as they walk about too.

To achieve this, he explains, the tech needs to get better at contextual reasoning.

“If you are in a store and you say, ‘Where are the tomatoes?’ it will need to have the context,” he says.

https://www.bbc.com/news/technology-50392077

Google Confirms Android Camera Security Threat: ‘Hundreds Of Millions’ Of Users Affected

by Leave a Comment

The security research team at Checkmarx has made something of a habit of uncovering alarming vulnerabilities, with past disclosures covering Amazon’s Alexa and Tinder. However, a  discovery of vulnerabilities affecting Google and Samsung smartphones, with the potential to impact hundreds of millions of Android users, is the biggest to date. What did the researchers discover? Oh, only a way for an attacker to take control of smartphone camera apps and remotely take photos, record video, spy on your conversations by recording them as you lift the phone to your ear, identify your location, and more. All of this performed silently, in the background, with the user none the wiser.

https://www.forbes.com/sites/daveywinder/2019/11/19/google-confirms-android-camera-security-threat-hundreds-of-millions-of-users-affected/#753bfbe64f4e

AI tool to predict life expectancy in heart failure patients

by Leave a Comment

New York, Researchers have developed an artificial intelligence (AI) tool to predict life expectancy in heart failure patients.

The machine learning algorithm based on de-identified electronic health, records data of 5,822 hospitalised or ambulatory patients with heart failure at UC San Diego Health in the US.

“We wanted to develop a tool that predicted life expectancy in heart failure patients, there are apps where algorithms are finding out all kinds of things, like products you want to purchase,” said Avi Yagil, Professor at University of California.

“We needed a similar tool to make medical decisions. Predicting mortality is important in patients with heart failure. Current strategies for predicting risk, however, are only modestly successful and can be subjective,” Yagil added.

From this model, a risk score was derived that determined low and high risk of death by identifying eight readily available variables collected for the majority of patients with heart failure:Diastolic blood pressure, Creatinine, Blood urea nitrogen, White blood cell count, Platelets, Albumin and Red blood cell distribution.

https://cio.economictimes.indiatimes.com/news/enterprise-services-and-applications/ai-tool-to-predict-life-expectancy-in-heart-failure-patients/72056335

Just a Third of Global Firms Are PCI DSS Compliant

by Leave a Comment

The number of global organizations fully compliant with PCI DSS regulations has fallen for the second year in a row to just under 37%, according to a new report from Verizon.

The firm’s annual Payment Security Report (PSR) has tracked compliance levels for several years. This year’s was compiled from 302 PCI DSS engagements by Verizon Qualified Security Assessors (QSAs) with a range of organizations, including Fortune 500 and large multinationals firms, in over 60 countries.

The global compliance figure fell from 53% in last year’s report — a significant drop. APAC organizations appeared to be the best prepared, with 70% fully compliant. The figure fell to 48% in Europe and a disappointing 20% in the Americas.

Rodolphe Simonetti, global managing director for security consulting at Verizon, warned that while 2010-16 saw an increase in compliance levels, the trend is now reversing.

Featuring data from Verizon’s Threat Research Advisory Center (VTRAC), the report claimed that a compliance program without proper controls has a 95% chance of not being sustainable and is therefore a major target for attack.

“Many organizations spend a lot of time and money creating data protection compliance programs, but often these are ineffective — looking good on paper but not able to withstand the scrutiny of a professional security assessment,” Simonetti explained.

Facebook content moderation firm Cognizant quits

by Leave a Comment

It follows an investigation by The Verge into working conditions and the mental health of employees working at an Arizona moderation center on behalf of the social network.

Cognizant also has workers in India, Europe and Latin America.It is believed its decision will result in around 6,000 job cuts.

The firm told the BBC: “We have determined that certain content work in our digital operations practice is not in line with our strategic vision for the company and we intend to exit this work over time. This work is largely focused on determining whether certain content violates client standards – and can involve objectionable materials.

“Our other content-related work will continue. In the meantime, we will honor our existing obligations to the small number of clients affected and will transition, over time, as those commitments begin to wind down. In some cases, that may happen over 2020, but some contracts may take longer.”

In response, Facebook’s Arun Chandra said: “We respect Cognizant’s decision to exit some of its content review services for social media platforms.

https://www.bbc.com/news/technology-50247540

Georgia ‘I’ll Be Back’ Cyber Attack Terminates TV, Takes Down 15,000 Websites

by Leave a Comment

A “massive” cyber-attack against multiple targets in Georgia has taken place on October 28, as the BBC and other media reported.

Not only has this seen thousands of websites impacted but two Georgian TV broadcasters, Imedi TV and Maestro, were temporarily taken offline as well. Critical national infrastructure, however, would appear not to have been affected.

7.5 Million Records of Adobe Creative Cloud User Data Exposed

by Leave a Comment

Adobe secured a database with 7.5 million records belonging to Adobe Creative Cloud users. The cache was not protected in any way, allowing anyone access to client information if they knew how to find it. Although the details included are not highly sensitive, they could be used to launch better-crafted phishing campaigns against customers whose data was exposed.

https://www.bleepingcomputer.com/news/security/75-million-records-of-adobe-creative-cloud-user-data-exposed/

Senior Infosec Staffer Resigns, Says White House On Track To Be Hacked Again

by Leave a Comment

A senior member of the White House cybersecurity staff delivered his resignation as part of a scathing memo this week. Among other things, he claims security is taking a back seat to convenience at 1600 Pennsylvania Avenue.

That staffer was Dimitrios Vastakis, whose official title was branch chief of the White House computer network defense. His resignation this week is just the latest in a string of worrying departures by members of the White House infosec team.

Vastakis was originally part of the Office of the Chief Information Security Officer (OCISO). That Office was created just 5 years ago – after it was discovered that hackers linked to Russian intelligence agencies breached White House systems.

In a short amount of time, the staff of the OCISO made dramatic improvements to the White House systems known collectively as the Presidential Information Technology Community (PITC).

https://www.forbes.com/sites/leemathews/2019/10/23/senior-infosec-staffer-resigns-says-white-house-on-track-to-be-hacked-again/