• Log In
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Ethical Hacking

Wade Mackey

Ethical Hacking

MIS 5211.001 ■ Fall 2019 ■ Wade Mackey
  • Home
  • About
  • Syllabus
  • Gradebook

Main Content

“OceanLotus” targets BMW and Hyundai networks

December 10, 2019 By Jaimin Pandya Leave a Comment

APT hacker group “OceanLotus” apparently compromised network systems of automaker BMW and Hyundai by installing some hacking tool which would control and spy their systems. What they did was nothing new but it was sophisticated.

According to the article

“Created Fake Websites

To get access to other computers, the hackers created a fake website that gave the impression of belonging to the BMW branch in Thailand, as they can monitor networks and find out which folders and files that users logged in.

Hackers Observed for Months

The security team at BMW allowed hackers to stay active with an intention to know more details like, who they were, how many systems they managed to compromise, and what kind of data they were after.

Based on sources, no sensitive information was accessed by hackers during the incident and no primary computers were compromised.

BMW declined to provide additional information on the attack.

“We have implemented structures and processes that minimize the risk of unauthorized external access to our systems and allow us to quickly detect, reconstruct, and recover in the event of an incident,” BMW said in a statement.”

Source Article: https://www.cisomag.com/apt-hacker-group-targets-bmw-and-hyundai-networks/

 

Week 14 Presentation and Video

December 9, 2019 By Wade Mackey Leave a Comment

Intro-to-Ethical-Hacking-Week-14

https://capture.fox.temple.edu/Mediasite/Play/63abf86c86f943eb85d5d510d1fc81231d

Week 13 Presentation and Video

December 9, 2019 By Wade Mackey Leave a Comment

Intro-to-Ethical-Hacking-Week-13

https://community.mis.temple.edu/mis5211sec001fall2019/

“Briansclub” got hacked!

October 16, 2019 by Jaimin Pandya Leave a Comment

This story is kind of funny imo. One of the biggest marketplace for stolen credit card data called Biransclub recently got hacked which led to a theft of more than 26 million records. It’s speculated that the name Brian has been used after Brian Krebs (Krebsonsecurity.com guy). Per the article, “Last month, KrebsOnSecurity was contacted by a source who shared a plain text file containing what was claimed to be the full database of cards for sale both currently and historically through BriansClub[.]at, a thriving fraud bazaar named after this author. Imitating my site, likeness and namesake, BriansClub even dubiously claims a copyright with a reference at the bottom of each page: “© 2019 Crabs on Security.”

Multiple people who reviewed the database shared by my source confirmed that the same credit card records also could be found in a more redacted form simply by searching the BriansClub Web site with a valid, properly-funded account.

All of the card data stolen from BriansClub was shared with multiple sources who work closely with financial institutions to identify and monitor or reissue cards that show up for sale in the cybercrime underground.”

The article provides more detail on the timeline of the events.

Source Link: https://krebsonsecurity.com/2019/10/briansclub-hack-rescues-26m-stolen-cards/

Filed Under: Week 08: Malware Tagged With:

Vulnerability in iTunes and iCloud for Windows

October 16, 2019 by Xiduo Liu Leave a Comment

A zero-day vulnerability in iTunes and iCloud application was discovered by the security company Morphisec here on October 10th, 2019. The article continues to disclose additional technical details on the vulnerability. The vulnerability in the applications will not trigger an antivirus software detection as the software is signed by Apple, and is automatically flagged as okay. The root cause according to the article is known as an unquoted service path, when a developer forgets to surround a file path with quotation marks.  “When the bug is in a trusted program — such as one digitally signed by a well-known developer like Apple — attackers can exploit the flaw to make the program execute code that AV protection might otherwise flag as suspicious.”

As of today, Apple has released the patches for iTunes and iCloud for windows to close the security vulnerability.

Filed Under: Week 07: Social Engineering Tagged With:

Apple Under Fire Over Sending Some Users Browsing Data to China’s Tencent

October 15, 2019 by Penghui Ai Leave a Comment

Apple integrated the “Tencent Safe Browsing” service to power its “Fraudulent Website Warning” feature in the Safari web browser for both iOS and macOS. Just like the Safe Browsing feature in Chrome and Mozilla Firefox, Safari’s fraudulent website warning feature has also been designed to protect users from various online threats by simply checking every website they visit against a regularly updated list of malicious websites. Now having Tencent on the same list, Apple is also giving the same privileges to the Chinese company as of Google.

This article addressed people’s concerns about the safety issue of sharing their data with Tencent. It is true, but I think Apple uses business strategy because Google services are banned in China and they tried to protect Chinese users’ privacy. Apple uses a smart to comfort users’ concern by offering users the manual approach to turn off fraudulent website warnings.

https://thehackernews.com/2019/10/apple-safari-safebrowsing-tencent.html

 

Filed Under: Week 08: Malware Tagged With:

Sudo Flaw Lets Linux Users Run Commands As Root Even When They’re Restricted

October 15, 2019 by Rami Saba Leave a Comment

The “sudo” command (that lets Linux or Unix-based users run tasks with elevated permissions) had a flaw that allowed a user with sufficient sudo privileges to run commands as root even if the Runas specification explicitly disallows root access as long as the ALL keyword is listed first in the Runas specification.  This bug can be exploited by an attacker to run commands as root just by specifying the user ID “-1” or “4294967295”.  The function that converts user id into username incorrectly treats -1 or 4294967295 (its unsigned equivalent) as 0, which is the user ID of root.  Users can fix this flaw by updating the sudo package to 1.8.28 or newer.

sudo -u#-1 id -u
or
sudo -u#4294967295 id -u

Source:

https://thehackernews.com/2019/10/linux-sudo-run-as-root-flaw.html

https://www.sudo.ws/alerts/minus_1_uid.html

Filed Under: Week 08: Malware Tagged With:

Y2K Offers a Template To Squash the Cyber Bug

October 13, 2019 by Daniel Bavaro Leave a Comment

https://www.afcea.org/content/?q=node/17477/

I found this article interesting because it gives some insight into how we, as a society, can deal with the modern cyber climate/ransomware, by learning from what we did with the last major hurdle to hit the IT space: Y2K. Looking back, many say that Y2K was a “non-event” that was over-hyped. The reality is that it was a non-event, because of the massive efforts that organizations put in, to fix the problem before it happened.

“Several themes common with Y2K play out today. CIOs and CISOs need to know what applications and devices they actually have—it is time for asset discovery and documentation. It is also time to move away from an “if it isn’t broken, don’t fix it” mentality that keeps outdated equipment and software, increasing cyber risk. While Y2K was the single biggest driver for adopting packaged, off-the-shelf software, today cyber concerns are moving data to the cloud. And as with Y2K, cybersecurity has stirred up fears, becoming a board room discussion. Among C-suite executives, it has generated a lot of review and exercise of business contingency plans.

In some ways, it seems as if we are back at the same starting point as with Y2K: having to convince the powers that be that we have a continuing and growing problem amid actions that are not congruent with a holistic national or global framework to achieve the required objective. The cyber bug appears to be larger than life because we neither approach it in a synergistic way, nor are U.S. and international laws in place to address underlying causes. Lawmakers cannot even agree on common security standards for the IoT.”

Filed Under: Week 08: Malware Tagged With:

Microsoft and NIST partner on best patch management practices

October 12, 2019 by Rami Saba Leave a Comment

After the NotPetya ransomware attack of 2017, Microsoft conducted research into why large companies were being affected even though patches were already available.  Microsoft visited a significant number of customers and was surprised by how many challenges organizations faced with processes and standards.  They discovered many companies failed to install patches because they simply didn’t have a patch testing procedure in place.  Instead, they would wait a while and then ask an online forum if anyone has experienced any problems with the patches before applying them.  In addition, Microsoft has spoken with partners like the Center for Internet Security (CIS), U.S. Department of Homeland Security (DHS) Cybersecurity, and Cybersecurity and Infrastructure Security Agency (CISA).  This led Microsoft to team up with NIST and “build common enterprise patch management reference architectures and processes, have relevant vendors build and validate implementation instructions in the NCCoE lab, and share the results in the NIST Special Publication 1800 practice guide for all to benefit”.  They are also extending an invitation to other vendors so they can collaboratively work on addressing this problem.

Source: https://sdtimes.com/msft/microsoft-and-nist-partner-on-best-patch-management-practices/

Filed Under: Week 07: Social Engineering Tagged With:

FBI Issues Surprise New Cyber Attack Warning: Multi-Factor Authentication Is Being Defeated

October 12, 2019 by William Ha Leave a Comment

The title of the article makes it seem like there’s a new vulnerability or attack that can be exploited to defeat MFA. However, the article just reiterates what most of us already know; the human factor is often the easiest target for attackers. Social engineering paired with phishing attack tools, such Muraen and NecroBrowser, are being used to bypass MFA. As we learned in previous weeks, user awareness and training are some of the most effective ways to defend against these attacks.

https://www.forbes.com/sites/zakdoffman/2019/10/07/fbi-issues-surprise-cyber-attack-warningurges-new-precautions/#ea474547efba

Filed Under: Week 07: Social Engineering Tagged With:

Signal Messenger Bug Lets Callers Auto-Connect Calls Without Receivers’ Interaction

October 11, 2019 by Numneung Koedkietpong Leave a Comment

The article states the vulnerabilities found in the messenger application called “Signal Private Messenger”. Natalie Silvanovich found a logical vulnerability for Andriod which allows a caller to mandate a call to be answered at the destination without requesting receivers’ interaction. “In other words, the flaw could be exploited to turn on the microphone of a targeted Signal user’s device and listen to all surrounding conversations.”
However, this issue was already solved by releasing patch management of “Signal for Android v4.47.7”.

Source: https://thehackernews.com/2019/10/signal-messenger-bug.html

Filed Under: Uncategorized Tagged With:

Global Open Source Cybersecurity Initiative by IBM and McAfee

October 10, 2019 by Jaimin Pandya Leave a Comment

Two of the biggest companies in antivirus and tech sub domains are integrating together to provide better threat intelligence processes. One of things that article talks about is “One of the key realizations of the initiative is the time wasted on connection and integration that could be better spent creating tools to directly address pertinent security issues. With this newfound integration, the organizations hope to “develop protocols and standards which enable tools to work together and share information across vendors.

“The aim is to simplify the integration of security technologies across the threat lifecycle – from threat hunting and detection to analytics, operations, and response — so that products can work together out of the box.”

This alliance according to the article will create new sets of open source content and tools which will enable users and companies to share info and solutions.

Source Link: https://www.techrepublic.com/article/mcafee-ibm-join-forces-for-global-open-source-cybersecurity-initiative/

Filed Under: Week 07: Social Engineering Tagged With:

This huge Android trojan malware campaign was discovered after the gang behind it made basic security mistakes

October 10, 2019 by Percy Jacob Rwandarugali Leave a Comment

Cyber attackers infected 800,000 users with banking information stealing malware – but mistakes have allowed researchers to look behind the scenes of a successful hacking campaign.

A giant botnet and banking trojan malware operation has infected hundreds of thousands of Android users since at least 2016 – but mistakes by the group have revealed details of the campaign and how they operate.

Dubbed the Geost botnet after a name repeatedly found in the attackers’ command and control servers, the operation has been discovered by researchers from Czech Technical University, UNCUYO University in Argentina, and cybersecurity company Avast, who detailed their findings at the Virus Bulletin 2019 conference in London.

The campaign is believed to have infected up to 800,000 Android users and has potentially provided the attackers with access to bank accounts along with information about the names of victims, their type of phone and their location.

https://www.zdnet.com/article/a-huge-android-trojan-malware-campaign-was-discovered-after-the-gang-behind-it-made-basic-security-mistakes/

Filed Under: Week 08: Malware Tagged With:

  • « Go to Previous Page
  • Page 1
  • Interim pages omitted …
  • Page 8
  • Page 9
  • Page 10
  • Page 11
  • Page 12
  • Interim pages omitted …
  • Page 18
  • Go to Next Page »

Primary Sidebar

Weekly Discussions

  • Uncategorized (55)
  • Week 01: Overview (6)
  • Week 02: TCP/IP and Network Architecture (2)
  • Week 03: Reconnaisance (7)
  • Week 04: Network Mapping and Vulnerability Scanning (4)
  • Week 05: Metasploit (9)
  • Week 06: More Metasploit (8)
  • Week 07: Social Engineering (11)
  • Week 08: Malware (19)
  • Week 09: Web Application Hacking (14)
  • Week 10: SecuritySheperd (12)
  • Week 11: Intro to Dark Web and Intro to Cloud (10)
  • Week 12: Introduction to Wireless Security with WEP and WPA2 PSK (6)
  • Week 13: WPA2 Enterprise and Beyond WiFi (11)
  • Week 14: Jack the Ripper, Cain and Able, and Ettercap (9)

Copyright © 2025 · Course News Pro on Genesis Framework · WordPress · Log in