Ethical Hacking

“OceanLotus” targets BMW and Hyundai networks

December 10, 2019 By Jaimin Pandya Leave a Comment

APT hacker group “OceanLotus” apparently compromised network systems of automaker BMW and Hyundai by installing some hacking tool which would control and spy their systems. What they did was nothing new but it was sophisticated.

According to the article

“Created Fake Websites

To get access to other computers, the hackers created a fake website that gave the impression of belonging to the BMW branch in Thailand, as they can monitor networks and find out which folders and files that users logged in.

Hackers Observed for Months

The security team at BMW allowed hackers to stay active with an intention to know more details like, who they were, how many systems they managed to compromise, and what kind of data they were after.

Based on sources, no sensitive information was accessed by hackers during the incident and no primary computers were compromised.

BMW declined to provide additional information on the attack.

“We have implemented structures and processes that minimize the risk of unauthorized external access to our systems and allow us to quickly detect, reconstruct, and recover in the event of an incident,” BMW said in a statement.”

Source Article: https://www.cisomag.com/apt-hacker-group-targets-bmw-and-hyundai-networks/

Week 14 Presentation and Video

December 9, 2019 By Wade Mackey Leave a Comment

Intro-to-Ethical-Hacking-Week-14

https://capture.fox.temple.edu/Mediasite/Play/63abf86c86f943eb85d5d510d1fc81231d

Week 13 Presentation and Video

December 9, 2019 By Wade Mackey Leave a Comment

Intro-to-Ethical-Hacking-Week-13

https://community.mis.temple.edu/mis5211sec001fall2019/

CISA Wants Feedback on Its Vulnerability Assessments

November 21, 2019 by Penghui Ai Leave a Comment

The Homeland Security Department is searching for feedback on a program that gives infrastructure operators a chance to perceive how their cyber defenses stack facing each other.

the Cybersecurity and Infrastructure Security Agency runs The vulnerability assessment program to assists members with spotting explicit weaknesses in their digital infrastructure and create techniques to close those holes.

Through the latest solicitation, authorities are explicitly searching for remarks on the program’s viability, just as measures that may improve its assessments or make it simpler for members to utilize. The general population must submit input by Dec. 14.

https://www.nextgov.com/cybersecurity/2019/11/cisa-wants-feedback-its-vulnerability-assessments/161279/

Cybersecurity experts warn of Black Friday deals email scams

November 21, 2019 by Penghui Ai Leave a Comment

BlackFriday is approaching that might makes customers crazy about looking for tons of discount information to find the best possible deals online. At the same time, retailers might send out emails of discount information to their customers. However, cybersecurity experts have warned that consumers may be vulnerable to email scams during this annual shopping event. This big event every year could be a nightmare for cybercrime victims. Users can avoid being scammed by always checking customer reviews and complaints before downloading a new app or visiting an unfamiliar site. If the Black Friday deals look too good to be true, they probably are.

Cybersecurity experts warn of Black Friday deals email scams

Macy’s suffers online Magecart card-skimming attack, data breach

November 21, 2019 by Jiahao Karl Li Leave a Comment

Macy’s has announced a data breach caused by Magecart card-skimming code being implanted in the firm’s online payment portal. The code injection, believed to have been done on October 7, impacted the Macy’s checkout page and wallet page, the latter of which is accessed through the “My Account” facility. The amounts of customers may have been embroiled in the data-stealing campaign is still under water, which lasted at least a week before Macy’s knew of its compromise. However, a Macy’s spokesperson suggests that only a “small” number of customers were involved, and they would be offered consumer protection services for free.

www.zdnet.com

Apple locks top secret-spiller out of his developer account

November 21, 2019 by Jiahao Karl Li Leave a Comment

Apple’s PR team has yet replied to the media about why Guilherme Rambo’s account remains locked. Previous, Apple took serious steps towards leaks and rumor mongers in 2007 against reporter Nick Ciarelli and in 2010 against Gizmodo.

cultofmac.com

What a week it has been for Disney Plus

November 20, 2019 by Jaimin Pandya Leave a Comment

There has been a lot of hype around Disney Plus since it launched. From their servers crashing to getting hacked they clearly had a very interesting week. The service got more than 20 million users in its first 24 hours which resulted in their website getting so much traffic that their servers crashed. A lot of users complained about not being able to access their accounts. Disney’s official statement said that there has been no breach but user accounts and information are popping up online for sale for as little as $3.

https://www.washingtonpost.com/business/2019/11/19/thousands-disney-accounts-were-hacked-sold-online-little/

Windows users, beware: This fake update could lock up your PC, or worse Updating to Windows 10? Don’t fall victim to this spam email attack.

November 20, 2019 by Rami Saba Leave a Comment

A new phishing attack that tries to convince the target to open a malicious attachment is being sent through email. The email identifies itself as being sent from Microsoft with subject lines “Install Latest Microsoft Windows Update now!” or “Critical Microsoft Windows Update!” and has the “latest critical update” as an attachment. The file that appears to have a .jpg file extension is really a .NET downloader that delivers malware to your machine. More specifically, it installs ransomware called bitcoingenerator.exe. It encrypts the recipient’s files and leaves a text file named “Cyborg_DECRYPT.txt” on their desktop. A message within it asks for $500 in bitcoin to unlock the files. Windows users should note that Microsoft will never send a security patch via email.

https://www.cnet.com/news/windows-users-beware-this-fake-update-could-lock-up-your-pc-or-worse/

Beware, online shoppers! Cybercriminals have registered over 100,000 look-alike domains that resemble popular retail websites

November 20, 2019 by Rami Saba Leave a Comment

Cybercriminals have registered over 100,000 look-alike domains that mimic popular retail websites. The fakes sites use valid TLS certificates to make them appear safe and trusted. The number of fake sites has doubled since 2018 and are created to target 20 retailers in the U.S., U.K., Germany, France and Australia. One of the U.S. retailers has over 49,500 look-alike domains targeting it alone. Retailers and customers should be vigilant in protecting themselves.

https://cyware.com/news/beware-online-shoppers-cybercriminals-have-registered-over-100000-look-alike-domains-that-resemble-popular-retail-websites-8798ad36

Google Confirms Android Camera Security Threat: ‘Hundreds Of Millions’ Of Users Affected

November 19, 2019 by Percy Jacob Rwandarugali Leave a Comment

The security research team at Checkmarx has made something of a habit of uncovering alarming vulnerabilities, with past disclosures covering Amazon’s Alexa and Tinder. However, a discovery of vulnerabilities affecting Google and Samsung smartphones, with the potential to impact hundreds of millions of Android users, is the biggest to date. What did the researchers discover? Oh, only a way for an attacker to take control of smartphone camera apps and remotely take photos, record video, spy on your conversations by recording them as you lift the phone to your ear, identify your location, and more. All of this performed silently, in the background, with the user none the wiser.

https://www.forbes.com/sites/daveywinder/2019/11/19/google-confirms-android-camera-security-threat-hundreds-of-millions-of-users-affected/#753bfbe64f4e

Article 11: Microsoft Winds Down Its Bigger Plans for Cortana With Mobile App Shutdown

November 18, 2019 by Imran Jordan Kharabsheh Leave a Comment

Microsoft’s personal assistant Cortana will no longer be supported on mobile platforms such as iOS and Android effective January 31st of 2020. This essentially means that Microsoft will be pulling out of the very competitive personal assistant industry, which is primarily dominated by Amazon’s Alexa and Apple’s Siri. This information came to light during Microsoft’s most recent Ignite conference, where they expressed their intent to shift the primary functionality of Cortana to better assist commercial users.

Source: https://slashdot.org/story/19/11/18/1611220/microsoft-winds-down-its-bigger-plans-for-cortana-with-mobile-app-shutdown

Article 10: Microsoft: We’re Changing All Your Cloud Contracts After Privacy Complaints

November 18, 2019 by Imran Jordan Kharabsheh Leave a Comment

Due to concerns raised by the European Union’s Privacy Regulators regarding potential violations of the Union’s General Data Protection Regulation, Microsoft has reviewed and changed their Online Service Terms and Conditions for Commercial users. These changes come as a result of collaborative work with the Dutch Ministry of Justice, who first raised the concerns that Microsoft was collecting data that violated the General Data Protection Regulation. In a statement regarding these changes, Microsoft’s Chief Privacy Officer stated how this is a big “positive step forward” in regards to compliance and collaboration with bodies of the European Union to safeguard their users.

Source: https://yro.slashdot.org/story/19/11/18/1735246/microsoft-were-changing-all-your-cloud-contracts-after-privacy-complaints

Main Content