• Log In
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Ethical Hacking

Wade Mackey

Ethical Hacking

MIS 5211.001 ■ Fall 2019 ■ Wade Mackey
  • Home
  • About
  • Syllabus
  • Gradebook

Week 09: Web Application Hacking

Small and Medium-sized businesses at risk of E-Skimming attacks

October 26, 2019 by Andrew P. Sardaro Leave a Comment

https://cyware.com/news/fbi-issues-warning-to-smbs-about-e-skimming-attacks-a251120c 

The FBI is warning SMBs and government agencies about the risk of e-skimming attacks for businesses that take credit card payments online.

E-Skimming, also known as Magecart attacks, occurs when malicious code is injected into a website’s POS system disguised as payment card skimmer scripts. Once the POS is compromised, hackers can then steal customers’ payment card information.

Hackers gain access to the POS server through a phishing attack, third party vendor vulnerability. Once they have access they act as a silent man in the middle and steal user credit card information to sell for profit.

The FBI recommends standard mitigation measures to protect your business from E-Skimming.

Patch Patch Patch your systems.

User education to avoid falling victim to phishing attacks

Remove any default login credentials

Segment networks to avoid easy hops for hackers

Here is an article which breaks down Magecart attack and its evolution: https://www.csoonline.com/article/3400381/what-is-magecart-how-this-hacker-group-steals-payment-card-data.html

 

Filed Under: Week 09: Web Application Hacking Tagged With:

Adobe exposed Creative Cloud accounts to the Public

October 25, 2019 by Xiduo Liu Leave a Comment

The latest data breach came from Adobe exposing 7.5 million Creative Cloud accounts to the public via a “vulnerability related to work on one of our prototype environments”. According to Adobe, the misconfigured environment has been shut down and the vulnerability has been addressed.

According to one report, the exposed data included email addresses, the Adobe products they subscribed to, account creation date, subscription, and payment status, local timezone, member ID, time of the last login, and whether they were an Adobe employee.

It is unknown if there has been unauthorized access, and the issue was discovered on 10/19 and Adobe addressed the issue on the same day.

There are no sensitive details like passwords or payment data, but the database is close to 86GB in size. Additional information and screenshots can be found here.

 

Filed Under: Week 09: Web Application Hacking Tagged With:

Some local news – Downingtown school data breach

October 25, 2019 by Jaimin Pandya Leave a Comment

A “brute-force” computer hacking. Leaked student records. A criminal investigation. References to past suicides. Suspensions. And a nationwide teen craze called Assassin. – This is what the article says. It’s a really weird and interesting case if anyone wants to read up on it. This is a local school around the area and the story has no specific background – its all over the place. It will be interesting to see how it all unfolds.

Link: https://www.inquirer.com/news/downingtown-school-district-hacking-students-assassin-game-20191025.html

Filed Under: Week 09: Web Application Hacking Tagged With:

Avast, NordVPN Breaches Tied to Phantom User Accounts

October 24, 2019 by Jiahao Karl Li Leave a Comment

Attackers are using forgotten or unknown user accounts with little more than a password to gain remote access to the internal system of Avast, antivirus and security giant, and NordVPN, virtual private networking (VPN) software provider. Both companies disclosed details about the month-long, from May to August, intrusion today.

krebsonsecurity.com

 

 

Filed Under: Week 09: Web Application Hacking Tagged With:

  • « Go to Previous Page
  • Page 1
  • Page 2

Primary Sidebar

Weekly Discussions

  • Uncategorized (55)
  • Week 01: Overview (6)
  • Week 02: TCP/IP and Network Architecture (2)
  • Week 03: Reconnaisance (7)
  • Week 04: Network Mapping and Vulnerability Scanning (4)
  • Week 05: Metasploit (9)
  • Week 06: More Metasploit (8)
  • Week 07: Social Engineering (11)
  • Week 08: Malware (19)
  • Week 09: Web Application Hacking (14)
  • Week 10: SecuritySheperd (12)
  • Week 11: Intro to Dark Web and Intro to Cloud (10)
  • Week 12: Introduction to Wireless Security with WEP and WPA2 PSK (6)
  • Week 13: WPA2 Enterprise and Beyond WiFi (11)
  • Week 14: Jack the Ripper, Cain and Able, and Ettercap (9)

Copyright © 2025 · Course News Pro on Genesis Framework · WordPress · Log in