Shi Yu Dong

“Finland’s 3rd Largest Data Breach Exposes 130,000 Users’ Plaintext Passwords”

April 12, 2018 by Shi Yu Dong 1 Comment

“Finland’s 3rd Largest Data Breach Exposes 130,000 Users’ Plaintext Passwords”

Finland’s citizens had their credentials compromised in a large data breach. Hackers attacked a new Business Center in Helsinki, a company that provides business consulting and planning and stole over 130,000 user’s credentials which were stored website database in plain-text without using any cryptographic hash.

Take-away: As part of their Incident Response plan, they reported the incidence to Helsinki Police authorities and publicly responded with their comments and steps taken towards investigating this data breach.

Ref. Link:
https://thehackernews.com/2018/04/helsingin-uusyrityskeskus-hack.html

Dobbs Journal. Memcached servers can be hijacked for massive DDoS attacks

March 28, 2018 by Shi Yu Dong 1 Comment

An interesting read that I found talked about how Memcached servers can be quickly hijacked and compromised by to launch large DDoS attacks. Utilizing IT spoofing and a poorly implemented UDP causes the servers to be put at risk because attackers will send a packet to the server, which will in turn greatly increase the size and forward the attack to the intended target. The fix only involved disabling the UDP port, but the question is, how many servers are out there with this setting unknowingly enable and stand at a huge vulnerability.

https://www.networkworld.com/article/3258772/security/memcached-servers-can-be-hijacked-for-massive-ddos-attacks.html

Fresno State data breach, 15,000 affected!!

March 19, 2018 by Shi Yu Dong Leave a Comment

Fresno State data breach, 15,000 affected!!

This article relates to the data breach of the California State University, Fresno. According to the article, “the personal information of more than 15,000 people” have been compromised. The information includes, “names, addresses, phone numbers, dates of birth, full or last four digits of Social Security numbers, credit-card numbers, driver’s license numbers, passport numbers, user names and passwords, health-insurance numbers, and personal health information.” The cause of the data beach is due to the stolen external hard drive. The university believes that the hard drive was stolen during the winter break.
Further, another article suggested, ‘School officials began contacting affected individuals on Tuesday. Free credit monitoring for one year will be offered to people whose Social Security number, financial account information or driver’s license number was exposed.”

https://www.scmagazine.com/fresno-state-data-breach-15000-affected/article/749459/
http://sanfrancisco.cbslocal.com/2018/03/06/fresno-state-university-data-breach-stolen-hard-drive/

Memcached UDP Reflections Set New Record

March 19, 2018 by Shi Yu Dong Leave a Comment

Massive 1.7Tbps DDoS reflection/amplification attack was conducted against one of its unnamed US-based customer’s website.

Attackers exploited vulnerability of many internet facing “Memcached” servers, open-source memory caching system, by sending a forged request to the targeted Memcached server on port 11211 using a spoofed IP address that matches the victim’s IP. Requests sent to memcached servers triggered tens of thousands of times bigger response against the targeted IP address, resulting in a powerful DDoS attack.

The United States is “vulnerable” to cybersecurity attacks said by the co-founder of the computer security firm CrowdStrike

February 22, 2018 by Shi Yu Dong Leave a Comment

Computer Security Firm “CrowdStrike” performed research and analysis of recent attacks (NotPetya, WannaCry) targeting U.S. organizations that caused million of dollars in losses. Especially, it has been found that U.S. administration as top intelligence group is most vulnerable as they can’t keep up with network security threats.

Next-Gen Firewalls with capabilities of Application layer inspection, SSL inspection, Identity Awareness, IDS/IPS, Application/URL Proxy functions play an important role in protecting not only perimeter of the organization but also internal resources by looking deep into malicious requests and traffic originated from either internal or external networks,

https://latesthackingnews.com/2018/02/18/united-states-vulnerable-cybersecurity-attacks-said-co-founder-computer-security-firm-crowdstrike/

“Hackers Can Now Steal Data Even From Faraday Cage Air-Gapped Computers”

February 15, 2018 by Shi Yu Dong Leave a Comment

“Hackers Can Now Steal Data Even From Faraday Cage Air-Gapped Computers”

In Wireless Network Security, given the nature of physics related to Wireless Signal propagation in the air, exposure of Wireless Radio Frequency waves beyond intended security perimeter such as building or room had always been an issue. When signal is bleeding outside of building and is reachable from a cafe shop across the street, it must be considered as a big problem because a a hacker can perform malicious activities while drinking coffee in a cafe shop across the street without even necessity to get into the building. While this is an issue, companies for many years have been accepting this fact “as-is” and protected wireless access by applying best industry practices (such as Changing Passcode every 3-6 months) and implementing appropriate wireless security to prevent from malicious eavesdropping.

While general wireless security solutions work for most organizations, some organizations may need to have workstation completely isolated from network communications. A “Faraday Cage” is what usually used to achieve complete isolation from network by containment of any signal transmission within the cage where critical workstation reside.

https://thehackernews.com/2018/02/airgap-computer-hacking.html

Unpatched DoS Flaw Could Help Anyone Take Down WordPress Websites

February 10, 2018 by Shi Yu Dong 1 Comment

Unpatched DoS Flaw Could Help Anyone Take Down WordPress Websites

https://thehackernews.com/2018/02/wordpress-dos-exploit.html

According to this article “Unpatched DoS Flaw Could Help Anyone Take Down WordPress Websites”, it describes that a simple but serious application-level denial of service (DoS) vulnerability has been discovered in WordPress CMS platform that could allow anyone to take down most WordPress websites. This vulnerability was discovered by Israeli who is a security researcher at Barak Waily blog website. He states that the vulnerability resides in the way “load-scripts.PHP,” which is a built-in script in WordPress CMS to processes user-defined requests. Load-scripts.php file is been designed for admin users to help a website improve performance. However, there is a vulnerability that user can force to load-scripts.php to get all possible JavaScript files from this user.