“OceanLotus” targets BMW and Hyundai networks

December 10, 2019 By Jaimin Pandya Leave a Comment

APT hacker group “OceanLotus” apparently compromised network systems of automaker BMW and Hyundai by installing some hacking tool which would control and spy their systems. What they did was nothing new but it was sophisticated.

According to the article

“Created Fake Websites

To get access to other computers, the hackers created a fake website that gave the impression of belonging to the BMW branch in Thailand, as they can monitor networks and find out which folders and files that users logged in.

Hackers Observed for Months

The security team at BMW allowed hackers to stay active with an intention to know more details like, who they were, how many systems they managed to compromise, and what kind of data they were after.

Based on sources, no sensitive information was accessed by hackers during the incident and no primary computers were compromised.

BMW declined to provide additional information on the attack.

“We have implemented structures and processes that minimize the risk of unauthorized external access to our systems and allow us to quickly detect, reconstruct, and recover in the event of an incident,” BMW said in a statement.”

Source Article: https://www.cisomag.com/apt-hacker-group-targets-bmw-and-hyundai-networks/

Week 14 Presentation and Video

December 9, 2019 By Wade Mackey Leave a Comment

Intro-to-Ethical-Hacking-Week-14

https://capture.fox.temple.edu/Mediasite/Play/63abf86c86f943eb85d5d510d1fc81231d

Week 13 Presentation and Video

December 9, 2019 By Wade Mackey Leave a Comment

Intro-to-Ethical-Hacking-Week-13

https://community.mis.temple.edu/mis5211sec001fall2019/

Suspect can’t be compelled to reveal “64-character” password, court rules

December 1, 2019 by Christopher James Lukens Leave a Comment

In a case of child pornography the suspect was not required to turn over his 64 character password. The lower court wanted to use the “forgone conclusion exception” to make him divulge the password. The forgone conclusion exception forced suspects to hand over paper documents and hadn’t been used in the case of a password yet. The PA supreme court ruled that it couldn’t be used because the 5th amendment protection of self-incrimination. Overall a very interesting read and has set an interesting precedent.

https://arstechnica.com/tech-policy/2019/11/police-cant-force-child-porn-suspect-to-reveal-his-password-court-rules/

A list of major security incidents of this decade!

December 1, 2019 by Jaimin Pandya Leave a Comment

As we get closer to the end of the year and more importantly end of this most technologically advanced decade, here is a highlight of the all the major security cyber security incidents or events of 2010s. I found this article interesting because I wasnt truly aware of some of these incidents that had taken place in the earlier parts of this decade. In last 5 years alone, we have seen some monstrous data breaches, lots of hacking, cyber espionage and what not. It has truly been quite a decade from a cyber security perspective. This is a very detailed article with an insanely long list of data breaches and hacking incidents.

Source Link: https://www.zdnet.com/article/a-decade-of-hacking-the-most-notable-cyber-security-events-of-the-2010s/

OnePlus Suffers New Data Breach Impacting Its Online Store Customers

November 25, 2019 by Numneung Koedkietpong Leave a Comment

The vulnerability in the online website was found in OnePlus, Chinese smartphone maker. They announced this issue to customers via email and also published on the website. They discovered the weakness which unauthorized person were able to access personal information of their customers such as names, contact numbers, and emails. However, the private information like payment information and password were not compromised. As a result, the company has finally decided to launch an official bug bounty program, allowing researchers and hackers to get paid for responsibly reporting severe vulnerabilities before hackers could do any further damage.

https://thehackernews.com/2019/11/oneplus-store-data-breach.html

Here’s how online scammers prey on older Americans, and what they should know to fight back

November 24, 2019 by Rami Saba Leave a Comment

Elderly individuals are more likely to be targeted by online financial fraud and also lose a higher amount than average. Cybercrimes against the elderly have increased 5x since 2014 and cost more than $650 million in losses per year. A new study suggests changes to how the FBI collects information and responds to online crimes targeting elderly and provides suggestions for those living on bank balances, pensions and retirement funds to better protect their assets from online frauds. The study showed older adults were more tech savvy than expected, but they had problems with FBI forms that require victims of scams to report their experiences online. The forms timed out too fast and didn’t allow participants to upload screenshots of conversations (something the older adults preferred). They also felt embarrassed to report- they didn’t want to bother family members or sound like they didn’t understand the technology.

Some preventative measures that are helpful to seniors:

Different passwords for each site, but if they can’t remember them, it’s safer to have different passwords written down in a drawer than the same password across all the sites.
Only enter sensitive infoformation on “secure” websites
Log out of accounts on shared computers
Use VPNs when using public Wi-Fi
Report online scams

https://www.cnbc.com/2019/11/23/new-research-pinpoints-how-elderly-people-are-targeted-in-online-scams.html

1.2 Billion Records Found Exposed Online in a Single Server

November 24, 2019 by Michael Kalai Leave a Comment

1.2 Billion Records Found Exposed Online in a Single Server

Here’s the next jumbo data leak, complete with Facebook, Twitter, and LinkedIn profiles.

“While the collection is impressive for its sheer volume, the data doesn’t include sensitive information like passwords, credit card numbers, or Social Security numbers. It does, though, contain profiles of hundreds of millions of people that include home and cell phone numbers, associated social media profiles like Facebook, Twitter, LinkedIn, and Github, work histories seemingly scraped from LinkedIn, almost 50 million unique phone numbers, and 622 million unique email addresses.”

https://www.wired.com/story/billion-records-exposed-online/

Ransomware attack in Louisiana: Public agencies hit; officials didn’t pay ransom

November 21, 2019 by Michael Kalai Leave a Comment

Ransomware attack in Louisiana: Public agencies hit; officials didn’t pay ransom

It affected many public-facing websites and services.

“The IT team noticed the irregular pattern, saw that it was the Ryuk virus, which encrypts files, and didn’t read the ransom note, said Jacques Berry, spokesman for the Division of Administration. Instead, the team found where virus was attached to the programs and shutdown computers to avoid infecting other systems, Berry said.”

Amazon gets closer to getting Alexa everywhere

November 21, 2019 by Percy Jacob Rwandarugali Leave a Comment

“I test my own technology – with all of them being called Alexa, I see which one is waking up and whether it is the right device,” says the chief scientist of the AI division responsible for the tech.

That’s a lot of Alexa. But, it seems, still not enough.

In a one-on-one interview with the BBC, Mr Prasad discussed plans for Alexa to both become smarter and to follow users wherever they go. This is known in the trade as ubiquitous ambient computing, and Amazon hopes to corner the market.

In the US, it already sells an Echo system that plays Alexa through a car’s speakers. And Mr Prasad says he also wants the virtual assistant to accompany users as they walk about too.

To achieve this, he explains, the tech needs to get better at contextual reasoning.

“If you are in a store and you say, ‘Where are the tomatoes?’ it will need to have the context,” he says.

https://www.bbc.com/news/technology-50392077

The Department of Homeland Security Will Teach You Computer Hacking For Free

November 21, 2019 by Andrew P. Sardaro Leave a Comment

I Found this article on military.com, under Veteran Jobs. The Department of Homeland Security (DHS) will provide cybersecurity training to all veterans through a program called Federal Virtual Training Environment (FedVTE).

The program offers 800 plus hours, including topics such as Ethical Hacking and surveillance, Malware analysis, and Mobile Forensics. The program will prepare veterans for industry-standard certifications such as the CISSP and are free.

This is a great initiative, gets more people involved in the cybersecurity field, and helps veterans obtain a skillset to secure a position in the civilian workforce.

https://www.military.com/veteran-jobs/federal-government-will-teach-you-computer-hacking-free.html

67 per cent of industrial organizations do not report cybersecurity incidents

November 21, 2019 by Penghui Ai Leave a Comment

A recent Kaspersky survey has discovered that two-thirds (67 per cent) of industrial organizations do not report cybersecurity incidents to regulators. They perhaps to avoid regulatory punishments and public disclosure that can harm their reputation.

However, it is not compliant with the regulations and ethically illegal for sure. This behavior does not help the company has more quality of cyber security that defense the cyber-attack. The investments on cybersecurity have not been taken seriously for some small business, which make small companies easier to become the target of hackers.

https://www.deccanchronicle.com/technology/in-other-news/311019/67-per-cent-of-industrial-organizations-do-not-report-cybersecurity-in.html

CISA RELEASES CYBER ESSENTIALS FOR SMALL BUSINESSES AND GOVERNMENTS

November 21, 2019 by Penghui Ai Leave a Comment

The Cybersecurity and Infrastructure Security Agency (CISA) discharged its Cyber Essentials, a beginning stage for small businesses and government organizations to comprehend and address cybersecurity risk as other risks. Cyber Essentials expects to prepare smaller associations that have never been a part of the national dialogue on cybersecurity with fundamental steps and assets to improve their cybersecurity.

Each of the six Cyber Essentials includes a list of actionable items anyone can take to reduce cyber risks. These are:

Drive cybersecurity strategy, investment and culture;
Develop heightened level of security awareness and vigilance;
Protect critical assets and applications;
Ensure only those who belong on your digital workplace have access;
Make backups and avoid loss of info critical to operations; and
Limit damage and restore normal operations quickly.

https://www.cisa.gov/cisa/news/2019/11/06/cisa-releases-cyber-essentials-small-businesses-and-governments

Main Content