• Log In
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Ethical Hacking

Wade Mackey

Ethical Hacking

MIS 5211.001 ■ Fall 2019 ■ Wade Mackey
  • Home
  • About
  • Syllabus
  • Gradebook

Main Content

“OceanLotus” targets BMW and Hyundai networks

December 10, 2019 By Jaimin Pandya Leave a Comment

APT hacker group “OceanLotus” apparently compromised network systems of automaker BMW and Hyundai by installing some hacking tool which would control and spy their systems. What they did was nothing new but it was sophisticated.

According to the article

“Created Fake Websites

To get access to other computers, the hackers created a fake website that gave the impression of belonging to the BMW branch in Thailand, as they can monitor networks and find out which folders and files that users logged in.

Hackers Observed for Months

The security team at BMW allowed hackers to stay active with an intention to know more details like, who they were, how many systems they managed to compromise, and what kind of data they were after.

Based on sources, no sensitive information was accessed by hackers during the incident and no primary computers were compromised.

BMW declined to provide additional information on the attack.

“We have implemented structures and processes that minimize the risk of unauthorized external access to our systems and allow us to quickly detect, reconstruct, and recover in the event of an incident,” BMW said in a statement.”

Source Article: https://www.cisomag.com/apt-hacker-group-targets-bmw-and-hyundai-networks/

 

Week 14 Presentation and Video

December 9, 2019 By Wade Mackey Leave a Comment

Intro-to-Ethical-Hacking-Week-14

https://capture.fox.temple.edu/Mediasite/Play/63abf86c86f943eb85d5d510d1fc81231d

Week 13 Presentation and Video

December 9, 2019 By Wade Mackey Leave a Comment

Intro-to-Ethical-Hacking-Week-13

https://community.mis.temple.edu/mis5211sec001fall2019/

NordVPN confirms it was hacked

October 23, 2019 by Michael Kalai Leave a Comment

In March 2018 one of NoedVPN’s data centers in Finland was “accessed with no authorization,” said NordVPN spokesperson Laura Tyrell. The attacker gained access to the server, which had been active for about a month.  They exploited an insecure remote management system left by the data center provider; NordVPN said it was unaware that such a system existed.  This is such a breakdown of physical security and poor patch management. IT is also disturbing that they are reporting in October 2019 for an incident in march.

 

NordVPN confirms it was hacked

Filed Under: Week 08: Malware Tagged With:

Facebook Bounty Program

October 22, 2019 by Andrew P. Sardaro Leave a Comment

Facebook is looking to step up its application security through a bounty program aimed at identifying vulnerabilities in third-party apps. This move is in addition to their Data Abuse bounty program launched last year which rewarded testers who identified 3rd-party apps collecting data and passing it off to non-authorized parties.

Facebook security has taken a hit in the past year due to improper use of collected data and account hacking. Well, Mr. Zuckerberg looks to be making a public relations and financial effort to curtail the recent security issues by enticing third-party developers to design apps with security and set up a vulnerability disclosure programs. He will pay white-hat researchers to identify third-party apps with vulnerabilities, even if app developers don’t have a bounty program.

https://thehackernews.com/2019/10/facebook-apps-bug-bounty.html

Filed Under: Week 08: Malware Tagged With:

U.S. Government Still Uses Suspect Chinese Cameras

October 22, 2019 by Christopher James Lukens Leave a Comment

The United states banned the use of equipment from certain Chinese vendors but many of the cameras, around 2,700, are still in use. Its been difficult for government agencies to replace due to cost and technical challenges in some cases. This is great example of how tough vulnerability management and remediation can be when its at such a large scale. In some cases IT officials don’t think its a big deal and have been slow to remove cameras from their networks also showing how high level buy in is necessary in a process like remediation. In other cases they haven’t been replaced because they’re the cameras watching a bowling alley and not a nuclear facility so the risks are lower than the cost of replacing the cameras so nothing has been done about it.

https://www.wsj.com/articles/u-s-government-still-uses-suspect-chinese-cameras-11571486400

Filed Under: Week 08: Malware Tagged With:

Avast says hackers breached internal network through compromised VPN profile

October 21, 2019 by William Ha Leave a Comment

The breach occurred because the attacker compromised an employee’s VPN credentials, gaining access to an account that was not protected using a multi-factor authentication solution. The hacker successfully escalated privileges of the compromised credentials. I found it interesting that Avast allowed the hacker to roam free for weeks in order to track their whereabouts and figure out their intentions. They were able to gather that the intruder was extremely sophisticated and tried to cover their tracks to not be detected.

https://www.zdnet.com/article/avast-says-hackers-breached-internal-network-through-compromised-vpn-profile/

 

Filed Under: Week 08: Malware Tagged With:

Baltimore Reportedly Had No Data Backup Process for Many Systems

October 19, 2019 by Daniel Bavaro Leave a Comment

https://www.darkreading.com/attacks-breaches/baltimore-reportedly-had-no-data-backup-process-for-many-systems/d/d-id/1335953

This was an interesting read about a recent ransomware attack to hit the Baltimore government. Apparently, the attack resulted in large losses of key/critical data, that was only stored on user’s local computers. There are a few issues here and the article dives into each of them. First, why were users storing critical/key data locally on their computers? This data should have been stored in a centralized location. Second, this obviously was not a one-off situation. For the government to lose a lot of this data, it was not just a few people not following policies. This was a systemic method for storing and manipulating data. Is the IT department to blame for not implementing a workstation backup solution, to address this systemic problem? The data stored centrally was able to recover from the ransomware attack, but the workstation data was not.

Filed Under: Uncategorized Tagged With:

SIM Cards in 29 Countries Vulnerable to Remote Simjacker Attacks

October 17, 2019 by Numneung Koedkietpong Leave a Comment

The article states about “SimJacker” vulnerability which attackers are able to remotely attack to mobile phone. This involves a SMS containing a specific type of spyware-like code being sent to a mobile phone to exploit the presence of a particular piece of software of S@T Browser on the SIM card. This weakness has spread over 29 countries including North America, South America, Africa, Europe, and Asia.  In addition, there is android application like SnoopSnitch to detect the attack according to suspicious binary SMS and  the SIMalliance has also improved some updates to  S@T browser specifications to increase the security of the SIM toolkits.

Source: https://thehackernews.com/2019/10/simjacker-vulnerability-exploit.html

Filed Under: Uncategorized, Week 08: Malware Tagged With:

Samsung: Anyone’s thumbprint can unlock Galaxy S10 phone

October 17, 2019 by Percy Jacob Rwandarugali Leave a Comment

A flaw that means any fingerprint can unlock a Galaxy S10 phone has been acknowledged by Samsung.

It promised a software patch that would fix the problem.

The issue was spotted by a British woman whose husband was able to unlock her phone with his thumbprint when it was stored in a cheap case.

When the S10 was launched, in March, Samsung described the fingerprint authentication system as “revolutionary”.

Air gap

The scanner sends ultrasounds to detect 3D ridges of fingerprints in order to recognise users.

Samsung said it was “aware of the case of S10’s malfunctioning fingerprint recognition and will soon issue a software patch”.

South Korea’s online-only KaKao Bank told customers to switch off the fingerprint-recognition option to log in to its services until the issue was fixed.

Previous reports suggested some screen protectors were incompatible with Samsung’s reader because they left a small air gap that interfered with the scanning.

Thumb print

The British couple who discovered the security issue told the Sun newspaper it was a “real concern”.

Filed Under: Week 08: Malware Tagged With:

Google expands Chrome’s Site Isolation feature to Android users

October 17, 2019 by Jiahao Karl Li Leave a Comment

I am not an android user but it is interesting to know that some methods were taken to prevent cross-sit scripting. Tech company started to focus on mobile device security more nowadays, because mobile device is more portable and versatile, which is convenient to the customers but, at the same time, makes them more vulnerable to and brings more angle of flaws to attackers. When using incognito and private mode is not enough to protect PII of customer, more isolated solution should be implemented to build barriers.

zdnet.com

Filed Under: Week 08: Malware Tagged With:

Hack the Army’ Bug Bounty Challenge

October 17, 2019 by Andrew P. Sardaro Leave a Comment

I posted earlier this month How the US Air Force at this year’s Defcon conference brought along an F-15 fighter jet data system to be evaluated for vulnerabilities. The US Air Force is changing the way it looks at cybersecurity and is embracing external cybersecurity experts to assist in securing military technology. They also agreed to allow a number of researches to attempt to hijack an orbiting satellite. https://www.wired.com/story/air-force-defcon-satellite-hacking/

Well, another branch of the US Military is changing its way of working in a silo and embracing external input. The Department of Defense (DoD) , the Defense Digital Service (DDS), and HackerOne are launching the second Hack the Army bug bounty challenge. The bug bounty challenge allows external hackers to attack 60 plus public web assets to determine if vulnerabilities exist and improve the DoD’s cyber defenses. Hackers participating in the bug bounty challenge are individuals invited by HackerOne and active U.S. military members and government civilians.

From the article, “It is our duty to ensure our citizens are protected from cyber threats, and finding new and innovative ways to do so is vital,” said Romero. “Our adversaries are determined and creative, so we must be every bit more of both. This latest HackerOne Challenge allows us to continue to harden the Army’s attack surfaces with the talent and diverse perspectives of HackerOne’s vetted hacker community.”

https://www.meritalk.com/articles/second-hack-the-army-bug-bounty-challenge-underway/

Filed Under: Week 08: Malware Tagged With:

US Claims Cyber strike on Iran

October 17, 2019 by Christopher James Lukens Leave a Comment

The US is claiming they launched a cyber attack against Iran’s propaganda infrastructure.One official claimed the attack affected physical hardware but no further details were provided. The attack was in retaliation for Iran’s suspected attack on the Aramco Abqaiq oil refinery a few weeks ago. Iran is denying the cyber attack ever took place. This would be the second Cyber attack the US has claimed against Iran after the US original attacked their computing infrastructure used to plan attacks on tankers in the Persian gulf.

https://arstechnica.com/information-technology/2019/10/us-claims-cyber-strike-on-iran-after-attack-on-saudi-oil-facility/

Filed Under: Week 08: Malware Tagged With:

  • « Go to Previous Page
  • Page 1
  • Interim pages omitted …
  • Page 7
  • Page 8
  • Page 9
  • Page 10
  • Page 11
  • Interim pages omitted …
  • Page 18
  • Go to Next Page »

Primary Sidebar

Weekly Discussions

  • Uncategorized (55)
  • Week 01: Overview (6)
  • Week 02: TCP/IP and Network Architecture (2)
  • Week 03: Reconnaisance (7)
  • Week 04: Network Mapping and Vulnerability Scanning (4)
  • Week 05: Metasploit (9)
  • Week 06: More Metasploit (8)
  • Week 07: Social Engineering (11)
  • Week 08: Malware (19)
  • Week 09: Web Application Hacking (14)
  • Week 10: SecuritySheperd (12)
  • Week 11: Intro to Dark Web and Intro to Cloud (10)
  • Week 12: Introduction to Wireless Security with WEP and WPA2 PSK (6)
  • Week 13: WPA2 Enterprise and Beyond WiFi (11)
  • Week 14: Jack the Ripper, Cain and Able, and Ettercap (9)

Copyright © 2025 · Course News Pro on Genesis Framework · WordPress · Log in