• Log In
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Ethical Hacking

Wade Mackey

Ethical Hacking

MIS 5211.001 ■ Fall 2019 ■ Wade Mackey
  • Home
  • About
  • Syllabus
  • Gradebook

Main Content

“OceanLotus” targets BMW and Hyundai networks

December 10, 2019 By Jaimin Pandya Leave a Comment

APT hacker group “OceanLotus” apparently compromised network systems of automaker BMW and Hyundai by installing some hacking tool which would control and spy their systems. What they did was nothing new but it was sophisticated.

According to the article

“Created Fake Websites

To get access to other computers, the hackers created a fake website that gave the impression of belonging to the BMW branch in Thailand, as they can monitor networks and find out which folders and files that users logged in.

Hackers Observed for Months

The security team at BMW allowed hackers to stay active with an intention to know more details like, who they were, how many systems they managed to compromise, and what kind of data they were after.

Based on sources, no sensitive information was accessed by hackers during the incident and no primary computers were compromised.

BMW declined to provide additional information on the attack.

“We have implemented structures and processes that minimize the risk of unauthorized external access to our systems and allow us to quickly detect, reconstruct, and recover in the event of an incident,” BMW said in a statement.”

Source Article: https://www.cisomag.com/apt-hacker-group-targets-bmw-and-hyundai-networks/

 

Week 14 Presentation and Video

December 9, 2019 By Wade Mackey Leave a Comment

Intro-to-Ethical-Hacking-Week-14

https://capture.fox.temple.edu/Mediasite/Play/63abf86c86f943eb85d5d510d1fc81231d

Week 13 Presentation and Video

December 9, 2019 By Wade Mackey Leave a Comment

Intro-to-Ethical-Hacking-Week-13

https://community.mis.temple.edu/mis5211sec001fall2019/

New ‘unpatchable’ iPhone exploit may allow permanent jailbreaking on hundreds of millions of iOS devices

September 27, 2019 by Andrew P. Sardaro Leave a Comment

Why is this exploit significant? It cannot be addressed with a software update, only a hardware revision can address this. Named “checkm8,” the exploit is a bootrom vulnerability (initial code that iOS devices load when they boot up) that gives hackers access to iOS devices on a level that Apple cannot block. The iOS hacker claims the exploit is permanent and can be used to create a jailbreak on all iOS devices ranging from iPhone 4s (A5 chip) to iPhone 8 and iPhone X (A11 chip). The exploit does not impact the latest two chipsets, A12 and A13.

When reading further, the jailbreak itself is not there yet, a lot of fear theory around what it could do. The article goes on to state that jailbreakers deem this to be a tethered exploit, meaning it can only be used/activated via USB and a computer. It could be a game-changer If this exploit tool leads to an untethered jailbreak which could then be applied to hundreds of missions of iOS devices.

https://thehackernews.com/2019/09/bootrom-jailbreak-ios-exploit.html

Filed Under: Week 05: Metasploit Tagged With:

Microsoft to block 38 additional file extensions in Outlook for Web

September 27, 2019 by Andrew P. Sardaro Leave a Comment

I have always been a proponent for using web-based Outlook instead of the local thick client for performance, data consistency, and troubleshooting reasons. Security is another reason to make the switch. Microsoft Outlook for Web will now block an additional 38 file extensions in email attachments. Blocking these extensions protect its email users from becoming a victim of malicious scripts or executables attached or embedded in emails.

Some common extensions currently blocked in the list of 104 include .exe, .url, .com, .cmd, .asp, .lnk, .js, .jar, .tmp, .app, .isp, .hlp, .pif, .msi, .msh.

The new 38 blacklisted extensions are affiliated with the following programs:

  • Python scripting language: “.py”, “.pyc”, “.pyo”, “.pyw”, “.pyz”, “.pyzw”
  • PowerShell scripting language: “.ps1”, “.ps1xml”, “.ps2”, “.ps2xml”, “.psc1”, “.psc2”, “.psd1”, “.psdm1”, “.psd1”, “.psdm1”
  • Digital certificates: “.cer”, “.crt”, “.der”
  • Java programming language: “.jar”, “.jnlp”
  • Various applications: “.appcontent-ms”, “.settingcontent-ms”, “.cnt”, “.hpj”, “.website”, “.webpnp”, “.mcf”, “.printerexport”, “.pl”, “.theme”, “.vbp”, “.xbap”, “.xll”, “.xnk”, “.msu”, “.diagcab”, “.grp”

These are not extensions I see a normal end user sending as part of their daily operations, this blacklisting change should be transparent to users. For any reason, the Exchange admin can whitelist a blacklisted extension.

https://thehackernews.com/2019/09/email-attachment-malware.html

Filed Under: Week 05: Metasploit Tagged With:

DoorDash Data Breach

September 26, 2019 by Jaimin Pandya 1 Comment

Data breach seems to be a trend this month. Doordash, a food delivery company, confirmed data breach this afternoon in which over 4 million people which includes employees, customers, and merchant’s data have been reported stolen. Apparently it happened over 5 months ago and the company came out with this news today. According to TechCrunch – “The breach happened on May 4, the company said, but added that customers who joined after April 5, 2018 are not affected by the breach.

It’s not clear why it took almost five months for DoorDash  to detect the breach.

DoorDash spokesperson Mattie Magdovitz blamed the breach on “a third-party service provider,” but the third-party was not named. “We immediately launched an investigation and outside security experts were engaged to assess what occurred,” she said.

Users who joined the platform before April 5, 2018 had their name, email and delivery addresses, order history, phone numbers and hashed and salted passwords stolen.

The company also said consumers had the last four digits of their payment cards taken, though full numbers and card verification values (CVV) were not taken. Both delivery workers and merchants had the last four digits of their bank account numbers stolen.”

More than 100,000 driver licenses have been stolen as well. What boggles me is that the company failed to take proper steps after their customers had complained about their accounts getting hacked.

Source Link: https://techcrunch.com/2019/09/26/doordash-data-breach/

Filed Under: Week 05: Metasploit Tagged With:

Week 5 Prsentation and Video Link

September 26, 2019 by Wade Mackey Leave a Comment

Intro-to-Ethical-Hacking-Week-5

https://capture.fox.temple.edu/Mediasite/Play/6f2d7fe678cd4897a09e3f308554a45f1d

Filed Under: Week 05: Metasploit Tagged With:

Microsoft Is Still Rattled Over U.S. ‘Sneak-and-Peek’ Searches

September 26, 2019 by Jiahao Karl Li Leave a Comment

The article reviewed the battle between Microsoft and the U.S. Government since 2016 about disclosing “secrecy order” from government’s demand to obtain data from Microsoft’s customers. Microsoft is attempting to challenge the federal orders to retain its discipline towards customers’ privacy. In the case of 2016, the U.S. government was investigating a money fraud associated to two email account. Microsoft stopped the them before they moved forwards to obtain orders from the federal judges, as stated by the Dev Stahlkopf, Microsoft’s general counsel.

 

https://www.bloomberg.com/news/articles/2019-09-25/microsoft-is-still-rattled-over-u-s-sneak-and-peek-searches

Filed Under: Uncategorized Tagged With:

1-Click iPhone and Android Exploits Target Tibetan Users via WhatsApp

September 25, 2019 by Numneung Koedkietpong Leave a Comment

The article states the mobile hacking campaign which the main target is Tibetan groups. The victims, especially in high management level, received a malicious link via WhatsApp application in both Iphone and Andriod platforms between November 2018 and May 2019. The Canadian researchers found that hackers (Poison Carp) use MOONSHINE spyware which allows them to gain full unauthorized access to victim devices and they are able to steal private data via applications like Gmail and Twitter.

Source: https://thehackernews.com/2019/09/iphone-android-hacking-tibet.html

Filed Under: Uncategorized Tagged With:

The NSA Is Running a Satellite Hacking Experiment

September 23, 2019 by William Ha Leave a Comment

According to the article, it is difficult to tell whether a satellite has been hacked because there’s so much data to review that they really don’t know if something is going wrong. Satellites that orbit outside of a certain area or exhibit unusual behavior could indicate a compromise but humans don’t always notice it and don’t have the ability to make a determination quickly because there is so much data. As 5G is becoming more relevant, many more satellites are going into orbit. However, there hasn’t been an any evidence of improvements in satellite security. The NSA is trying to determine if small satellite behaviors can be categorized as good, bad or something else by using artificial intelligence. They are also trying to see if malware can be deployed to a satellite from the ground station. Cyber attacks are possible on satellites and ground stations because they are essentially just computers with special software. Hopefully these experiments reveal ways to address any threats and vulnerabilities in satellite systems.

https://www.defenseone.com/technology/2019/09/nsa-running-satellite-hacking-experiment/160009/

 

Filed Under: Uncategorized Tagged With:

Chinese theft of trade secrets on the rise, the US Justice Department warns

September 23, 2019 by Percy Jacob Rwandarugali Leave a Comment

hey guys,

1. I found this article interesting, Is it safe to say that the term “war” is being redefined to cyber warfare rather the REAL wars?

Further more, Could the greatest danger today be seen in terms of “information security” because stealing trade secrets may give financial/economical advantage to the other country and hence increase its military might. Could this aspect of cyber crime play a pivotal role to a country’s rise in dominance?

 

…“We expect other nations will want to become self-sufficient in critical technologies. That’s what we’d expect of a responsible government,” he said. “The issue isn’t that China has set out to do that. It’s that part of their industrial policy, part of the way they try to accomplish that, is state-sponsored theft or creating an environment that rewards or turns a blind eye to it.”

 

https://www.cnbc.com/2019/09/23/chinese-theft-of-trade-secrets-is-on-the-rise-us-doj-warns.html

Filed Under: Uncategorized Tagged With:

IT Firm Manager Arrested in the Biggest Data Breach Case of Ecuador’s History

September 23, 2019 by Penghui Ai 1 Comment

Ecuador authorities have captured its senior manager of IT counseling firm Novaestrat after the individual subtleties of nearly the whole population left uncovered online in what is the biggest data breach in the nation’s history.
The source of this breach is Novaestrat’s unsecured Elasticsearch server based in Miami. It contained 18GB reserve of information of government vaults, an automotive association, and an Ecuadorian national bank.
As a component of the investigation, Ecuadorian authorities said they had captured the administrator of Novaestrat William Roberto G, and held onto electronic hardware, PCs, stockpiling gadgets, and documentation during an attack at his home.
Given the security concerns encompassing the occurrence, the nation’s Minister of Telecommunications said legitimate actions would be made against the influenced foundations to endorse privately owned businesses in charge of damaging protection and publicizing individual data without approval.
The Minister of Telecommunications additionally said it is intending to pass another information security law in the nation, which they have been working for as far back as eight months, to ensure the individual information of its residents.

https://thehackernews.com/2019/09/ecuador-data-breach.html

Filed Under: Week 05: Metasploit Tagged With:

VMware issues patches for vSphere ESXi and vCenter Server

September 22, 2019 by Jaimin Pandya 2 Comments

Since Rami posted about a newer version of VMware getting released, I figured I’d put it out there. Anyone running the above mentioned versions may want to apply 4 patches that were addressed by VMware this past week. I will list them out below:

CVE-2019-5534 covers an issue where virtual machines deployed in an Open Virtualization Format (OVF) could expose login information via the virtual machine’s vAppConfig properties. This can be resolved by updating to the latest version.

CVE-2019-5532 covers a situation where a malicious user with access to the log files containing vCenter OVF-properties of a virtual machine deployed from an OVF may be able to view the credentials used to deploy the OVF. This is typically done through the root account of the virtual machine. A patched version is now available for upload.

CVE-2019-5531 involves an information disclosure vulnerability in clients arising from insufficient session expiration that would allow an attacker with physical access or an ability to mimic a websocket connection to a user’s browser to possibly obtain control of a VM Console after the user has logged out or their session has timed out. A patched version is now available for upload.

CVE-2017-16544 is a vulnerability in ESXi where it contains a command injection vulnerability due to the use of vulnerable version of busybox that does not sanitize filenames. An attacker may exploit this issue by tricking an ESXi Admin into executing shell commands by providing a malicious file, VMware wrote. A patched version is now available for upload.

Source Link: https://www.scmagazine.com/home/security-news/vulnerabilities/patches-issued-for-vmwares-vsphere-esxi-vmware-vcenter-server/

Filed Under: Uncategorized Tagged With:

  • « Go to Previous Page
  • Page 1
  • Interim pages omitted …
  • Page 11
  • Page 12
  • Page 13
  • Page 14
  • Page 15
  • Interim pages omitted …
  • Page 18
  • Go to Next Page »

Primary Sidebar

Weekly Discussions

  • Uncategorized (55)
  • Week 01: Overview (6)
  • Week 02: TCP/IP and Network Architecture (2)
  • Week 03: Reconnaisance (7)
  • Week 04: Network Mapping and Vulnerability Scanning (4)
  • Week 05: Metasploit (9)
  • Week 06: More Metasploit (8)
  • Week 07: Social Engineering (11)
  • Week 08: Malware (19)
  • Week 09: Web Application Hacking (14)
  • Week 10: SecuritySheperd (12)
  • Week 11: Intro to Dark Web and Intro to Cloud (10)
  • Week 12: Introduction to Wireless Security with WEP and WPA2 PSK (6)
  • Week 13: WPA2 Enterprise and Beyond WiFi (11)
  • Week 14: Jack the Ripper, Cain and Able, and Ettercap (9)

Copyright © 2025 · Course News Pro on Genesis Framework · WordPress · Log in