• Log In
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Ethical Hacking

Wade Mackey

Ethical Hacking

MIS 5211.001 ■ Fall 2019 ■ Wade Mackey
  • Home
  • About
  • Syllabus
  • Gradebook

Uncategorized

Wawa says data breach exposed credit card information at potentially all locations

December 19, 2019 by Rami Saba Leave a Comment

I just read this article and thought I’d share since it’s relative to us in the PA area.  Wawa just announced it found malware on its payment processing servers and that it had affected customer payment information since March 4th.  The malware is believed to have been present on most of the 850 store locations by April 22nd.  It exposed credit and debit card numbers, expiration dates, and cardholder names on payment cards used in-store and at gas pumps.  They discovered the malware on December 10th and had it contained by the 12th.  An external forensics firm was hired and is currently investigating to support their review.

Here’s what to do if affected:
“Wawa customers can call 1-844-386-9559 to ask questions and get free credit monitoring and identity-theft protection if their personal information was affected. Consumers should also review payment card account statements for any unauthorized charges.”

https://www.inquirer.com/business/wawa-data-breach-credit-debit-card-numbers-exposed-20191219.html

Filed Under: Uncategorized Tagged With:

New Linux Bug Lets Attackers Hijack Encrypted VPN Connections

December 6, 2019 by Numneung Koedkietpong Leave a Comment

The article states IT vulnerabilities related to Linux and Unix operating system which allow attackers to remote and spy with encrypted VPN connections. This is called CVE-2019-14899. The attackers also use virtual network private protocols like OpenVPN, WireGuard, and IKEv2/IPSec. With this attack, hackers are able to

  • determine the virtual IP address of a victim assigned by the VPN server,
  • determine if there is an active connection to a given website,
  • determine the exact seq and ack numbers by counting encrypted packets and/or examining their size, and
  • inject data into the TCP stream and hijack connections.

Source: https://thehackernews.com/2019/12/linux-vpn-hacking.html

Filed Under: Uncategorized, Week 13: WPA2 Enterprise and Beyond WiFi Tagged With:

OnePlus Suffers New Data Breach Impacting Its Online Store Customers

November 25, 2019 by Numneung Koedkietpong Leave a Comment

The vulnerability in the online website was found in OnePlus, Chinese smartphone maker. They announced this issue to customers via email and also published on the website. They discovered the weakness which unauthorized person were able to access personal information of their customers such as names, contact numbers, and emails. However, the private information like payment information and password were not compromised. As a result, the company has finally decided to launch an official bug bounty program, allowing researchers and hackers to get paid for responsibly reporting severe vulnerabilities before hackers could do any further damage.

https://thehackernews.com/2019/11/oneplus-store-data-breach.html

Filed Under: Uncategorized, Week 13: WPA2 Enterprise and Beyond WiFi Tagged With:

Here’s how online scammers prey on older Americans, and what they should know to fight back

November 24, 2019 by Rami Saba Leave a Comment

Elderly individuals are more likely to be targeted by online financial fraud and also lose a higher amount than average.  Cybercrimes against the elderly have increased 5x since 2014 and cost more than $650 million in losses per year.  A new study suggests changes to how the FBI collects information and responds to online crimes targeting elderly and provides suggestions for those living on bank balances, pensions and retirement funds to better protect their assets from online frauds.   The study showed older adults were more tech savvy than expected, but they had problems with FBI forms that require victims of scams to report their experiences online.  The forms timed out too fast and didn’t allow participants to upload screenshots of conversations (something the older adults preferred).  They also felt embarrassed to report- they didn’t want to bother family members or sound like they didn’t understand the technology.

Some preventative measures that are helpful to seniors:

  • Different passwords for each site, but if they can’t remember them, it’s safer to have different passwords written down in a drawer than the same password across all the sites.
  • Only enter sensitive infoformation on “secure” websites
  • Log out of accounts on shared computers
  • Use VPNs when using public Wi-Fi
  • Report online scams

https://www.cnbc.com/2019/11/23/new-research-pinpoints-how-elderly-people-are-targeted-in-online-scams.html

Filed Under: Uncategorized Tagged With:

Windows users, beware: This fake update could lock up your PC, or worse Updating to Windows 10? Don’t fall victim to this spam email attack.

November 20, 2019 by Rami Saba Leave a Comment

A new phishing attack that tries to convince the target to open a malicious attachment is being sent through email.  The email identifies itself as being sent from Microsoft with subject lines “Install Latest Microsoft Windows Update now!” or “Critical Microsoft Windows Update!” and has the “latest critical update” as an attachment.  The file that appears to have a .jpg file extension is really  a .NET downloader that delivers malware to your machine.  More specifically, it installs ransomware called bitcoingenerator.exe.  It encrypts the recipient’s files and leaves a text file named “Cyborg_DECRYPT.txt” on their desktop.  A message within it asks for $500 in bitcoin to unlock the files.  Windows users should note that Microsoft will never send a security patch via email.

https://www.cnet.com/news/windows-users-beware-this-fake-update-could-lock-up-your-pc-or-worse/

Filed Under: Uncategorized Tagged With:

Beware, online shoppers! Cybercriminals have registered over 100,000 look-alike domains that resemble popular retail websites

November 20, 2019 by Rami Saba Leave a Comment

Cybercriminals have registered over 100,000 look-alike domains that mimic popular retail websites.  The fakes sites use valid TLS certificates to make them appear safe and trusted.  The number of fake sites has doubled since 2018 and are created to target 20 retailers in the U.S., U.K., Germany, France and Australia.  One of the U.S. retailers has over 49,500 look-alike domains targeting it alone.  Retailers and customers should be vigilant in protecting themselves.

https://cyware.com/news/beware-online-shoppers-cybercriminals-have-registered-over-100000-look-alike-domains-that-resemble-popular-retail-websites-8798ad36

Filed Under: Uncategorized Tagged With:

Article 8: Google Maps Tests a Social Networking Feature

November 18, 2019 by Imran Jordan Kharabsheh Leave a Comment

Google has begun rolling out a pilot program that will allow Google Maps users visiting specific regions to “follow” that region’s top local guides who recommend, review and spread information on businesses and locations they visit. These “top local guides” are users of the community who actively and frequently review local businesses as a part of Google Maps’ new rewards program. The countries that this is rolled out for so far include London, Delhi, Mexico City, New York, San Francisco and Tokyo, with more to come if the trial proves succesful.

Source: https://tech.slashdot.org/story/19/11/18/2123252/google-maps-tests-a-social-networking-feature

Filed Under: Uncategorized, Week 08: Malware Tagged With:

APIs and Cybercrime: The State in 2019 So Far

November 17, 2019 by Rami Saba Leave a Comment

Cybercriminals are targeting Application Programming Interfaces (APIs) as they become more popular.  This year alone there have been several APIs targeted to gain unauthorized data access.  APIs are a set of protocols that allow different programs communicate with each other.  They are being used in many places and without careful API management, they will continue being used maliciously worldwide.

LandMark White Limited – February 2019
Justdial unprotected API – April 2019
GateHub – June 2019
Venmo – June 2019

https://cyware.com/news/apis-and-cybercrime-the-state-in-2019-so-far-b73a675a

Filed Under: Uncategorized Tagged With:

How to Maintain Data Privacy During Software Development

November 16, 2019 by Daniel Bavaro Leave a Comment

This article lists off some popular security models that companies can pull from when building software for a certain market sector. Also in the article, it describes the importance of having a multidisciplinary software development team. If everybody thinks the same and has similar goals, then the software will have security holes. The article suggests having people on the team that are focused on: data privacy, user design, quality assurance, software security and testing. All of these people can have useful input that can direct the path of the project.

https://www.business.com/articles/how-to-maintain-data-privacy-during-software-development/

Filed Under: Uncategorized Tagged With:

Manage Cloud Security

November 14, 2019 by Xiduo Liu Leave a Comment

This article outlines some of the biggest challenges providers are facing. One of the biggest divides from the survey results is who owns the responsibility. Is it the customer or is the cloud service provider. There is no one solution fits all, the answer is it depends on the situation. the article also laid out different aspects to consider when choosing a cloud service provider: physical security, compliance, etc.

Creating a responsibility matrix to highlight the roles and responsibilities prior to finalizing any contractual agreements is a great way to fall back onto once an incident has happened, roles and responsibilities are clearly defined.

Filed Under: Uncategorized Tagged With:

  • Page 1
  • Page 2
  • Page 3
  • Interim pages omitted …
  • Page 6
  • Go to Next Page »

Primary Sidebar

Weekly Discussions

  • Uncategorized (55)
  • Week 01: Overview (6)
  • Week 02: TCP/IP and Network Architecture (2)
  • Week 03: Reconnaisance (7)
  • Week 04: Network Mapping and Vulnerability Scanning (4)
  • Week 05: Metasploit (9)
  • Week 06: More Metasploit (8)
  • Week 07: Social Engineering (11)
  • Week 08: Malware (19)
  • Week 09: Web Application Hacking (14)
  • Week 10: SecuritySheperd (12)
  • Week 11: Intro to Dark Web and Intro to Cloud (10)
  • Week 12: Introduction to Wireless Security with WEP and WPA2 PSK (6)
  • Week 13: WPA2 Enterprise and Beyond WiFi (11)
  • Week 14: Jack the Ripper, Cain and Able, and Ettercap (9)

Copyright © 2025 · Course News Pro on Genesis Framework · WordPress · Log in