Hi, below is the ppt and executive summary for the OS analysis assignment.
Thousands of Hacked Routers Used for WordPress Attacks
The company, WordFence, reported that tens of thousands of routers, associated with the state-owned telecom company Telecom Algeria, have been hacked and used to launch attacks on wordpress sites. The researchers from the firm also identified up to 27 ISPs from various countries to have their routers involved in this hacking. The vulnerability was the result of ISPs listening on port 7547, used to manage customer’s devices, were running a vulnerable web server, AllegroSoft RomPager. WordFence has reported to have seen more than 90k unique IP address from a total of 28 ISPs to have become compromised.
http://www.securityweek.com/thousands-hacked-routers-used-wordpress-attacks
Cyberspies Target Middle East With Windows, Android Malware
A cyber group has been targeting Middle Eastern organization using Windows and Android malware. The group, discovered by Chinese security firm and researchers from Palo Alto Networks, have been targeting educational and military organizations from Palestine to Egypt. The main method of delivering the malware was through fake news websites and phishing emails containing bit.ly shortened links. The malware enables hackers to steal passwords, take screenshots, and log keystrokes. The exact count of victims haven’t been determined, but researchers from Palo Alto have come to a conclusion that these attacks were mostly done by a group of attackers, instead of a lone wolf.
http://www.securityweek.com/cyberspies-target-middle-east-windows-android-malware
Senators reintroduce a bill to improve cybersecurity in cars
The Security and Privacy of Your Car (SPY Car) bill has been reintroduced by Senators from Massachusetts and Connecticut. This bill introduces a number of security measures that would beef up the cybersecurity of cars. Some of these initiatives includes: critical systems to be isolated from non-critical systems, breach detection with reporting capabilities, and a “cyber dashboard” that displays a scorecard of how secure the car is. Another piece of this bill is the requirement for manufactures to explain what type of driving data is being collected and how it is being used.
Personally, I am behind this bill. As cars become more connected to the network, even if they are not “electric cars,” cybersecurity should be the focus by all manufacturers. The one thing I like about this bill, the protection of the driver’s privacy is included (with the data collection disclosure requirement), and not the just the cybersecurity of the car itself.
https://techcrunch.com/2017/03/23/senators-reintroduce-a-bill-to-improve-cybersecurity-in-cars/
Healthcare firms plan to increase security spending
81% of healthcare companies are looking to increase their investing in cyber security, an increase from 60% last year. As most of us have probably heard, there has been a wave of recent ransomware and cyber security attacks against the health care industry. Although seeing breaches of healthcare companies in the news might make it seem like the companies are enduring waves of attacks, only “18% of global healthcare companies said they had a breach in the past 12 months,” much less than the “43% of companies in the retail sector.”
In addition to the increase spending, there has been increased regulations and audits around the security of the healthcare companies’ information systems. Recently, the Children’s Medical Center of Dallas was penalized $3.2 million for not adhering to the recommendation of encrypting patient records. In another example, Memorial Healthcare System had to pay $5 million dollars for data breaches.
Healthcare companies are becoming cognizant of the lack of information system controls, driving compliance to become the focus in security spending. This is an important point, as by increasing controls, healthcare companies will be taking a pro-active approach in dealing with cyber security, instead of the standard reactive one.
Metasploit Assignment – Ahmed Alkaysi
Hi, below is my Powerpoint and Executive summary for the Metasploit assignment.
PowerPoint – PPT Metasploit – Alkaysi
Executive Summary – Metasploit Executive Summary – Alkaysi
Insecure Android apps put connected cars at risk
In this article, it is discussed how many of the Android apps that are used to locate and unlock their vehicles are missing many security features. Some of these features include: obfuscation, which is used to make it harder for hackers to reverse engineer the code, code integrity checks, encryption of credentials, and a check to see if the phone is running rooted. Another security flaw is a lack of check to see if there is an overlay on top of the app that displays a fake login, used to expose the login credentials.
The article states that while these types of apps might not enable theft, it could make the job easier. Some of the apps have the ability to unlock the car and disable the alarms. Also, per Kaspersky, “Accessing the car and deliberate tampering with its elements may lead to road accidents, injuries, or death.” As cars become more connected and transitioning to be an IoT, security will become paramount.
http://www.csoonline.com/article/3171671/security/insecure-android-apps-put-connected-cars-at-risk.html
Recent WordPress vulnerability used to deface 1.5 million pages
A vulnerability in WordPress’ Rest API has been exploited by up to 20 hackers, which has impacted 1.5 million WordPress sites. Majority of these attacks occurred after WordPress disclosed the vulnerability. The vulnerability allows “unauthenticated attackers to modify the content of any post or page within a WordPress site.” Before WordPress publicly disclosed the vulnerability, they patched the issue in a Jan. 26 fix, however, a large amount of sites do not automatically install these patches, as administrators want to test the code before installing. As a result, after WordPress publicly disclosed the issue, the attackers were in a rush to impact as many vulnerable sites as possible, resulting in up to 800k sites to be violated in only 48 hrs. Although there are efforts by the web servers to block or filter the attacks, ultimately, if the a WordPress site is not updated to the latest release, it will continue being vulnerable.
Hackers are seeking out company insiders on the black market
Security firms RedOwl and IntSights have noticed a trend of online black market dealers attempting to recruit “company employees for insider trading and cashing out stolen credit card numbers.” These dealers run forums on the dark web, which is accessible using the Tor browser. The dealers identify employees that could use for insider trading purposes, and after colluding with the employee to retrieve the insider information, they help forum members make “educated stock market bets..” Some of the members make more than $5000 a month using this tactic.
In some cases, the hackers provide the employees with cyber tools to steal data from the company they work for. Security firms have suggested that companies take insider threats more seriously, and that they should implement IT security systems that monitor employees for “unwanted behaviors without violating their privacy.”
http://www.csoonline.com/article/3164543/security/hackers-are-seeking-out-company-insiders-on-the-black-market.html
Charger Android Ransomware Infects Apps on Google Play
A new ransomware, called ‘Charger’ embedded in an Android app threatens to sell the victim’s private info on the black market if they don’t pay. After the user the app, EnergyRescue, the app asks for admin permissions. After receiving the permission, the device is locked and information such as social network details, bank accounts, credit cards, and info about friends and families are claimed to have been compromised. The ransom is set to about .2 BTC, equivalent to $180.
In order for the malware to stay hidden, strings are encoded into binary arrays (making it harder for inspection), code is loaded from “encrypted resources dynamically”, and “checks whether it runs in an emulator” before the routine is run. This makes it difficult for detection due to the inability for most detection engines to “penetrate and inspect dynamically-loaded code.”
http://www.securityweek.com/charger-android-ransomware-infects-apps-google-play