Ethical Hacking

Wade Mackey

Ethical Hacking

MIS 5211.001 ■ Fall 2019 ■ Wade Mackey

Main Content

“OceanLotus” targets BMW and Hyundai networks

By Leave a Comment

APT hacker group “OceanLotus” apparently compromised network systems of automaker BMW and Hyundai by installing some hacking tool which would control and spy their systems. What they did was nothing new but it was sophisticated.

According to the article

Created Fake Websites

To get access to other computers, the hackers created a fake website that gave the impression of belonging to the BMW branch in Thailand, as they can monitor networks and find out which folders and files that users logged in.

Hackers Observed for Months

The security team at BMW allowed hackers to stay active with an intention to know more details like, who they were, how many systems they managed to compromise, and what kind of data they were after.

Based on sources, no sensitive information was accessed by hackers during the incident and no primary computers were compromised.

BMW declined to provide additional information on the attack.

“We have implemented structures and processes that minimize the risk of unauthorized external access to our systems and allow us to quickly detect, reconstruct, and recover in the event of an incident,” BMW said in a statement.”

Source Article: https://www.cisomag.com/apt-hacker-group-targets-bmw-and-hyundai-networks/

 

NordVPN confirms it was hacked

by Leave a Comment

In March 2018 one of NoedVPN’s data centers in Finland was “accessed with no authorization,” said NordVPN spokesperson Laura Tyrell. The attacker gained access to the server, which had been active for about a month.  They exploited an insecure remote management system left by the data center provider; NordVPN said it was unaware that such a system existed.  This is such a breakdown of physical security and poor patch management. IT is also disturbing that they are reporting in October 2019 for an incident in march.

 

NordVPN confirms it was hacked

Facebook Bounty Program

by Leave a Comment

Facebook is looking to step up its application security through a bounty program aimed at identifying vulnerabilities in third-party apps. This move is in addition to their Data Abuse bounty program launched last year which rewarded testers who identified 3rd-party apps collecting data and passing it off to non-authorized parties.

Facebook security has taken a hit in the past year due to improper use of collected data and account hacking. Well, Mr. Zuckerberg looks to be making a public relations and financial effort to curtail the recent security issues by enticing third-party developers to design apps with security and set up a vulnerability disclosure programs. He will pay white-hat researchers to identify third-party apps with vulnerabilities, even if app developers don’t have a bounty program.

https://thehackernews.com/2019/10/facebook-apps-bug-bounty.html

U.S. Government Still Uses Suspect Chinese Cameras

by Leave a Comment

The United states banned the use of equipment from certain Chinese vendors but many of the cameras, around 2,700, are still in use. Its been difficult for government agencies to replace due to cost and technical challenges in some cases. This is great example of how tough vulnerability management and remediation can be when its at such a large scale. In some cases IT officials don’t think its a big deal and have been slow to remove cameras from their networks also showing how high level buy in is necessary in a process like remediation. In other cases they haven’t been replaced because they’re the cameras watching a bowling alley and not a nuclear facility so the risks are lower than the cost of replacing the cameras so nothing has been done about it.

https://www.wsj.com/articles/u-s-government-still-uses-suspect-chinese-cameras-11571486400

Avast says hackers breached internal network through compromised VPN profile

by Leave a Comment

The breach occurred because the attacker compromised an employee’s VPN credentials, gaining access to an account that was not protected using a multi-factor authentication solution. The hacker successfully escalated privileges of the compromised credentials. I found it interesting that Avast allowed the hacker to roam free for weeks in order to track their whereabouts and figure out their intentions. They were able to gather that the intruder was extremely sophisticated and tried to cover their tracks to not be detected.

https://www.zdnet.com/article/avast-says-hackers-breached-internal-network-through-compromised-vpn-profile/

 

Baltimore Reportedly Had No Data Backup Process for Many Systems

by Leave a Comment

https://www.darkreading.com/attacks-breaches/baltimore-reportedly-had-no-data-backup-process-for-many-systems/d/d-id/1335953

This was an interesting read about a recent ransomware attack to hit the Baltimore government. Apparently, the attack resulted in large losses of key/critical data, that was only stored on user’s local computers. There are a few issues here and the article dives into each of them. First, why were users storing critical/key data locally on their computers? This data should have been stored in a centralized location. Second, this obviously was not a one-off situation. For the government to lose a lot of this data, it was not just a few people not following policies. This was a systemic method for storing and manipulating data. Is the IT department to blame for not implementing a workstation backup solution, to address this systemic problem? The data stored centrally was able to recover from the ransomware attack, but the workstation data was not.

SIM Cards in 29 Countries Vulnerable to Remote Simjacker Attacks

by Leave a Comment

The article states about “SimJacker” vulnerability which attackers are able to remotely attack to mobile phone. This involves a SMS containing a specific type of spyware-like code being sent to a mobile phone to exploit the presence of a particular piece of software of S@T Browser on the SIM card. This weakness has spread over 29 countries including North America, South America, Africa, Europe, and Asia.  In addition, there is android application like SnoopSnitch to detect the attack according to suspicious binary SMS and  the SIMalliance has also improved some updates to  S@T browser specifications to increase the security of the SIM toolkits.

Source: https://thehackernews.com/2019/10/simjacker-vulnerability-exploit.html

Samsung: Anyone’s thumbprint can unlock Galaxy S10 phone

by Leave a Comment

A flaw that means any fingerprint can unlock a Galaxy S10 phone has been acknowledged by Samsung.

It promised a software patch that would fix the problem.

The issue was spotted by a British woman whose husband was able to unlock her phone with his thumbprint when it was stored in a cheap case.

When the S10 was launched, in March, Samsung described the fingerprint authentication system as “revolutionary”.

Air gap

The scanner sends ultrasounds to detect 3D ridges of fingerprints in order to recognise users.

Samsung said it was “aware of the case of S10’s malfunctioning fingerprint recognition and will soon issue a software patch”.

South Korea’s online-only KaKao Bank told customers to switch off the fingerprint-recognition option to log in to its services until the issue was fixed.

Previous reports suggested some screen protectors were incompatible with Samsung’s reader because they left a small air gap that interfered with the scanning.

Thumb print

The British couple who discovered the security issue told the Sun newspaper it was a “real concern”.

Google expands Chrome’s Site Isolation feature to Android users

by Leave a Comment

I am not an android user but it is interesting to know that some methods were taken to prevent cross-sit scripting. Tech company started to focus on mobile device security more nowadays, because mobile device is more portable and versatile, which is convenient to the customers but, at the same time, makes them more vulnerable to and brings more angle of flaws to attackers. When using incognito and private mode is not enough to protect PII of customer, more isolated solution should be implemented to build barriers.

zdnet.com

Hack the Army’ Bug Bounty Challenge

by Leave a Comment

I posted earlier this month How the US Air Force at this year’s Defcon conference brought along an F-15 fighter jet data system to be evaluated for vulnerabilities. The US Air Force is changing the way it looks at cybersecurity and is embracing external cybersecurity experts to assist in securing military technology. They also agreed to allow a number of researches to attempt to hijack an orbiting satellite. https://www.wired.com/story/air-force-defcon-satellite-hacking/

Well, another branch of the US Military is changing its way of working in a silo and embracing external input. The Department of Defense (DoD) , the Defense Digital Service (DDS), and HackerOne are launching the second Hack the Army bug bounty challenge. The bug bounty challenge allows external hackers to attack 60 plus public web assets to determine if vulnerabilities exist and improve the DoD’s cyber defenses. Hackers participating in the bug bounty challenge are individuals invited by HackerOne and active U.S. military members and government civilians.

From the article, “It is our duty to ensure our citizens are protected from cyber threats, and finding new and innovative ways to do so is vital,” said Romero. “Our adversaries are determined and creative, so we must be every bit more of both. This latest HackerOne Challenge allows us to continue to harden the Army’s attack surfaces with the talent and diverse perspectives of HackerOne’s vetted hacker community.”

https://www.meritalk.com/articles/second-hack-the-army-bug-bounty-challenge-underway/

US Claims Cyber strike on Iran

by Leave a Comment

The US is claiming they launched a cyber attack against Iran’s propaganda infrastructure.One official claimed the attack affected physical hardware but no further details were provided. The attack was in retaliation for Iran’s suspected attack on the Aramco Abqaiq oil refinery a few weeks ago. Iran is denying the cyber attack ever took place. This would be the second Cyber attack the US has claimed against Iran after the US original attacked their computing infrastructure used to plan attacks on tankers in the Persian gulf.

https://arstechnica.com/information-technology/2019/10/us-claims-cyber-strike-on-iran-after-attack-on-saudi-oil-facility/