Ethical Hacking

Wade Mackey

Ethical Hacking

MIS 5211.001 ■ Fall 2019 ■ Wade Mackey

Percy Jacob Rwandarugali

Cyware Weekly Threat Intelligence, October 14 – October 18, 2019

by Leave a Comment

This link gives weekly news about cyber security, this includes the good and bad stuff.

The Good
Another week has almost come to an end, and it was quite an eventful one in cyberspace. Let’s begin our weekly roundup with the positive cybersecurity advancements. The Medical Imaging & Technology Alliance (MITA) has released a cybersecurity playbook on medical device security and risk management processes. The Healthcare and Public Health Sector Coordinating Council (HSCC) has published guidance focusing on supply chain cybersecurity risk management. Meanwhile, Microsoft and NIST are working on a new guide to make enterprise patch management easier.

 

 

https://cyware.com/weekly-threat-briefing/cyware-weekly-threat-intelligence-october-14-october-18-2019-ddd4

Samsung: Anyone’s thumbprint can unlock Galaxy S10 phone

by Leave a Comment

A flaw that means any fingerprint can unlock a Galaxy S10 phone has been acknowledged by Samsung.

It promised a software patch that would fix the problem.

The issue was spotted by a British woman whose husband was able to unlock her phone with his thumbprint when it was stored in a cheap case.

When the S10 was launched, in March, Samsung described the fingerprint authentication system as “revolutionary”.

Air gap

The scanner sends ultrasounds to detect 3D ridges of fingerprints in order to recognise users.

Samsung said it was “aware of the case of S10’s malfunctioning fingerprint recognition and will soon issue a software patch”.

South Korea’s online-only KaKao Bank told customers to switch off the fingerprint-recognition option to log in to its services until the issue was fixed.

Previous reports suggested some screen protectors were incompatible with Samsung’s reader because they left a small air gap that interfered with the scanning.

Thumb print

The British couple who discovered the security issue told the Sun newspaper it was a “real concern”.

This huge Android trojan malware campaign was discovered after the gang behind it made basic security mistakes

by Leave a Comment

Cyber attackers infected 800,000 users with banking information stealing malware – but mistakes have allowed researchers to look behind the scenes of a successful hacking campaign.

A giant botnet and banking trojan malware operation has infected hundreds of thousands of Android users since at least 2016 – but mistakes by the group have revealed details of the campaign and how they operate.

Dubbed the Geost botnet after a name repeatedly found in the attackers’ command and control servers, the operation has been discovered by researchers from Czech Technical University, UNCUYO University in Argentina, and cybersecurity company Avast, who detailed their findings at the Virus Bulletin 2019 conference in London.

The campaign is believed to have infected up to 800,000 Android users and has potentially provided the attackers with access to bank accounts along with information about the names of victims, their type of phone and their location.

https://www.zdnet.com/article/a-huge-android-trojan-malware-campaign-was-discovered-after-the-gang-behind-it-made-basic-security-mistakes/

Microsoft releases required security updates for all versions of Windows 10

by Leave a Comment

We’re just five days away from Patch Tuesday, the day that Microsoft will release new updates for all supported versions of Windows. Apparently, the company just couldn’t wait, as it released a whole round of updates today.

Unlike most non-Patch Tuesday updates, these are actually mandatory. That means that your PC will install it automatically at some point. The updates are billed as security updates, fixing an issue where print jobs might fail. Here’s the highlight:

  • Updates an intermittent issue with the print spooler service that may cause print jobs to fail.

Here’s the full list of fixes:

  • Addresses an intermittent issue with the print spooler service that may cause print jobs to fail. Some apps may close or generate errors, such as the remote procedure call (RPC) error.
  • Addresses an issue that may result in an error when you install Features On Demand (FOD), such as .Net 3.5. The error is, “The changes couldn’t be complete. Please reboot your computer and try again. Error code: 0x800f0950.”

 

https://www.neowin.net/news/microsoft-releases-required-security-updates-for-all-versions-of-windows-10/

Microsoft thinks a dual-screen Android phone can take on Apple and Samsung

by Leave a Comment

I have never really been a fan of Microsoft in the cell phone business but I will definitely want to own this gadget. I just hope they get it right this time around.

More than two decades ago, Microsoft started designing software for mobile devices. Two years ago, it gave up on phones, conceding that Google and Apple had won the OS battle. On Wednesday, Microsoft reversed course, unveiling a dual-screen smartphone. But rather than push a homegrown operating system in phones, Microsoft has taken up rival Google’s Android software, which powers over 2.5 billion devices around the world.

During an event Wednesday in New York, Microsoft showed off its new Surface Duo, as well as a dual-screen computer called the Surface Neo. The Surface Duo sports two 5.6-inch displays that swing 360 degrees around a hinge and combine to make an 8.3-inch display. The company didn’t give many details about the device but touted the ability to do things like view your inbox on one half of the device while responding to a specific email on the other.

“We started really with the goal of how can we help make people more productive,” Yusuf Mehdi, corporate vice president for Microsoft’s modern life, search and devices group, said in an interview after Wednesday’s event. “If you’re going to have a device that fits in your pocket, and you can do phone calls and you want to run apps … it made sense for us to choose” Android.

https://www.cnet.com/news/microsoft-thinks-a-dual-screen-android-phone-can-take-on-apple-and-samsung/

New Cybersecurity Companies Have Their Heads In The Cloud

by 1 Comment

Privacy has become a big deal. Government regulators are moving to squash indiscretions and protect consumers while preserving constitutional liberties … a tall task.The Federal Trade Commission recently announced wide-ranging monetary settlements with Facebook  and Equifax to resolve ongoing investigations.Facebook will pay $5 billion for its part in the Cambridge Analytica data scandal. State attorneys general asserted that lax standards at the social media giant allowed political operatives to weaponize fake news accounts and influence the 2016 presidential election.

 

https://myaccount.google.com/privacycheckup?utm_source=paid-media&utm_medium=1043393&utm_campaign=P-S-campaign&utm_content=441554961&dclid=COrf4peX–QCFdVDNwodG64KKg&pli=1

A cyber security chief’s 8 tips on how to protect yourself online as data breaches continue

by Leave a Comment

Encryption is viewed by many as “bulletproof” technology to protect data from cyber thieves. Organizations swear by it, and consumers feel overly confident knowing that their recent transactions and personal data are encrypted. Despite the confidence around this “go to” technology, time has shown that encryption is just not enough. In fact, it’s failing us.

High-profile data breaches, including Thursday’s DoorDash breach, continue. While the details of the Doordash incident — which included the last four digits of payment cards for some consumers, as well as names, emails, delivery addresses and phone numbers — require further analysis, other recent corporate hacks shows us that encryption either did absolutely nothing to prevent hackers from infiltrating systems or, worse, helped disguise cybercriminals while wreaking havoc in organizations’ systems.

https://www.cnbc.com/2019/09/27/cybersecurity-chiefs-8-tips-to-protect-yourself-online.html

Chinese theft of trade secrets on the rise, the US Justice Department warns

by Leave a Comment

hey guys,

1. I found this article interesting, Is it safe to say that the term “war” is being redefined to cyber warfare rather the REAL wars?

Further more, Could the greatest danger today be seen in terms of “information security” because stealing trade secrets may give financial/economical advantage to the other country and hence increase its military might. Could this aspect of cyber crime play a pivotal role to a country’s rise in dominance?

 

…“We expect other nations will want to become self-sufficient in critical technologies. That’s what we’d expect of a responsible government,” he said. “The issue isn’t that China has set out to do that. It’s that part of their industrial policy, part of the way they try to accomplish that, is state-sponsored theft or creating an environment that rewards or turns a blind eye to it.”

 

https://www.cnbc.com/2019/09/23/chinese-theft-of-trade-secrets-is-on-the-rise-us-doj-warns.html

Google Warns LastPass Users Were Exposed To ‘Last Password’ Credential Leak

by 1 Comment

Google Project Zero is a team of highly talented security analysts with a brief to uncover zero-day vulnerabilities. If a vulnerability is found, Project Zero reports to the vendor concerned and starts a 90-day countdown for a fix to be issued before full public disclosure is made. LastPass is also in the security business, being one of the most popular password management solutions with more than 16 million users, including 58,000 businesses. Project Zero has just disclosed that a security vulnerability left some of those 16 million users exposed to the risk of credential compromise as, in an ironic twist, LastPass could leak the last password used to any website visited.

https://www.forbes.com/sites/daveywinder/2019/09/16/google-warns-lastpass-users-were-exposed-to-last-password-credential-leak/#5e161ec64600

 

 

Apple, angry at Google, hits back at hack claims

by Leave a Comment

Last week Google disclosed a large-scale hacking effort that it said targeted users of Apple devices. It was a bombshell story.

But now Apple has gone on the attack – angry in public, and absolutely incensed in private at what is being seen as something of a stitch up. Google is standing by its research.

In a statement posted on Friday, Apple took issue with Google’s characterization that this was a broad attack on all iPhone users.

“Google’s post, issued six months after iOS patches were released, creates the false impression of ‘mass exploitation’ to ‘monitor the private activities of entire populations in real time,’ stoking fear among all iPhone users that their devices had been compromised,” it reads.

“This was never the case.”

Apple’s bone of contention isn’t so much about what Google’s Project Zero team included in its report. Rather, Apple is upset about what was left out. The view from Cupertino is that Google’s business interests in China led it to pull back on describing the attack as being targeted at the persecuted Uighur community.

 

Link: https://www.bbc.com/news/technology-49617081