MIS 5212-Advanced Penetration Testing

MIS 5212 - Section 001 - Wade Mackey

Fox School of Business

Mauchel Barthelemy

Russia Spread Fake News And Disinformation In Sweden, Report Finds

by Leave a Comment

Fake News has been a major topic during the 2017 post-American Presidential election season due of its potential roles in the voting outcomes. This is an area that Facebook, Google and other major technology companies decide to tackle because of the negative impact Fake News plagues to their reputations. Fake News emerges as a new form of manipulation to control elections, vehiculate propagandas, and so forth.

In the wake of combating Fake News, Russia seems to show signs as one of the government systems to take full advantage of Fake News. In the line of this idea, Huffington Post’s Willa Frej writes “Russia Spread Fake News And Disinformation In Sweden, Report Finds.” In the Article, the reporter elaborates that experts determined that a series of forged letters, Fake News items tactics have peppered the Swedish information landscape started three years ago, after the Russian annexation of Crimea from Ukraine.

You may access the full article via the link below.

http://www.huffingtonpost.com/entry/russia-sway-public-opinion-sweden_us_58753219e4b02b5f858b8f0d?utm_hp_ref=cyber-security

 

Online shoppers are losing trust in e-commerce, study finds

by Leave a Comment

Global survey from the Center for International Governance Innovation reveals that almost half of all respondents say they don’t trust online shopping. This must be perceived positively from a cyber security standpoint. The general consumers starting to put more pressure on e-commerce organizations to implement superior security technologies to protect people’s privacy. Government regulators/agencies and IT companies must be transparent to explain what/how they will work together to do more for the common good of handling/protecting customers’ information.

http://www.techrepublic.com/article/online-shoppers-are-losing-trust-in-e-commerce-study-finds/

How to Prevent CEO Fraud

by Leave a Comment

This is something that was made aware at my job that I believe is relevant to what we are learning in this program. It addresses social engineering in a high-level strategy by hackers. The security division shared some important notes with good suggestions that can help other companies too. They explain that as technology becomes more advanced, so do the schemes cyber thieves put together. They went on to add that, “One of those is around CEO Fraud.  This is where the cyber thief will use sophisticated social engineering tactics to trick employees into wiring funds to fraudulent accounts.” These tactics include receiving a phone call from someone acting as if he/she is part of senior executives.

All, especially large organizations, should be prudent. For example, a cyber thief could also try to use an executive’s email addresses to reach out to an employee asking to transfer large amount of money. Another instance includes an employee received a call from someone pretending to be the CEO of a company asking for money.

As a solution, employees must forward all suspicious emails to the appropriate security team(s). Moreover, it is highly recommended to ask whoever tries to call customer service for their phone number to call them back, then pass that information to a appropriate manager. Chances are hackers will not provide one. Social engineering attack is on the rise, so it is in all companies’ best interests to educate employees proper techniques to minimize the chances of being compromised.

http://www.cio.com/article/3136159/security/how-to-prevent-ceo-fraud.html

Windows users might want to turn off their computers this weekend, warns security researcher who’s only being ‘somewhat glib’

by Leave a Comment

A hacker group by the name of Shadow Brokers has released tools that can ease the process of hacking into Windows computers and other Microsoft products. According to Business Insider’s Julie Bort, the author of this article, “The hacking tools are allegedly part of the arsenal that was said to be stolen from the NSA last summer.” We are starting to experience the ripple effect of what was created for spying purposes. This is the sort of things government agencies, organizations, IT Security professionals and people in general will have to deal with when the right tools fall into the wrong hands. It is odd that an agency created tools to spy; nevertheless, failed to properly protect those tools against spying. Solution? Create tools to defend as strong and effective as those created to attack.

http://www.businessinsider.com/hackers-release-nsas-secret-hacking-tools-for-windows-2017-4

HackerOne CEO: The tech industry has some ‘catching up to do’ on software security

by Leave a Comment

This article offers one the best approaches against cyber criminals. In fact, the “bug bounty” concept that Tech Republic’s Matt Asay explains in this piece may be yet the best answer many organizations have been waiting for. In a few words, the “bug bounty” program is an approach of a common platform like HackerOne, working for major companies to get them access to thousands of hackers who are vetted and scored according to HackerOne CEO, Marten Mickos. In other words, this is a strategy to enable companies immediate access to a diverse group of ethical hackers. Remember that for each vulnerability that gets fixed, that system is more secure. Another benefit of this program is that malicious attackers tend to stay away from systems that are much tougher to break into.

Marten also describes the traits of a highly productive bug hunter. According to the CEO, “The most important characteristic is curiosity.” After that comes creativity and the ability to write elegant reports that the receiving security team can quickly understand and assess.

This is an excellent piece of writing that I would advise even IT Security executives to read because it offers good and simple solutions against malicious hackers.

http://www.techrepublic.com/article/hackerone-ceo-the-tech-industry-has-some-catching-up-to-do-on-software-security/

1) Cheney: Russian Cyberattack On Election Could Be Viewed As ‘Act Of War’ | 2) 4 myths — and facts — about online security

by 2 Comments

Below are two interesting topics with potentials to create a lot of controversies beyond cyber security.

Cheney: Russian Cyberattack On Election Could Be Viewed As ‘Act Of War’

Cyber Security was one of the main topics and concerns during the past U.S. elections. Numerous claims were made that Russia interfered the previous elections to favor Donald Trump over Hillary Clinton by hacking systems linked to the Democratic party. Should the U.S. perceived this as an “Act Of War,” as Former Vice President Dick Cheney stated if those claims are proven to be true? I understand that Cyberattacks should be taken as serious as any other form of attacks; however, what about other cyberattacks linked to other countries such as: China, Iran, North Korea, and so forth? Shouldn’t they also be viewed through the same lens?

I think specific characteristics should be developed before viewing a Cyberattack originated from another country as an “Act Of War.” For example, is it government sponsored, can it create mass destruction, are infrastructure direct targets, etc. Otherwise, this could create a lot of confusion moving forward because we now live in a world where cyberattacks are occurring more often than ever.

http://www.huffingtonpost.com/entry/cheney-russian-hacking-war_us_58d9d67be4b00f68a5ca35ef?utm_hp_ref=cyber-security

4 myths — and facts — about online security

Allow me to go straight to the point. The four myths are:

  1. Emails are always secure
  2. “Private browsing” is always private
  3. Turning off GPS means no one can track me
  4. My password is enough to protect me

These are excellent points, but are all of them still myths? I would say one of them is. Yes, most people still believe that “Private browsing” is always private. Anything accessed via a web browser is stored, but with traceable history, even if browsing history is deleted. All that is needed are the right skills with the right tools. On the other hand, I don’t believe many people continue to see emails as secured as in the past. Also, it should be clear to everyone that password alone is not enough. The reason I say these is because every now and then there is a high-profile story about group of hackers attacking someone, an organization, or another country. Moreover, should I get started with the whole circus about Hillary Clinton’s emails? Lastly, latest Yahoo controversy eliminated the belief of whoever still was thinking emails are always secure and password is good enough to protect.

Turning off GPS means no one can track someone. This could be true, but to a certain extent. It depends on the device, tool and the network.

http://money.cnn.com/2017/03/22/technology/cybersecurity-misconceptions-pew/index.html

How to protect all your accounts online

by Leave a Comment

The author of this article, David Nield, did a wonderful job explaining how users can take advantage of all security features from all major technology platforms. Google, Apple, Facebook, Microsoft, Twitter, you name it. One of the things that caught my attention is that all of them have one thing in common, two-step verification. I’m sure all of you are aware that two-factor verification is a simple method requiring more than username and a password to successfully log-into an online account.

One the other hand, it looks like not all companies implement similar policies, and sometimes employ distinct ways to protect consumers within their platforms. When I first read the title of the article, I had the impression the author was going to focus on one major way, probably from one central technology platform, to protect all my online accounts. That was not the case. Rather, David wrote about each company separately to explain all features available that consumers can utilize to protect themselves online. Give it a read as there might be certain feature(s) that could be unfamiliar and from which you could enhance your online safety.

http://www.popsci.com/protect-your-accounts-online

WikiLeaks Releases CIA Hacking Tools, FBI Probes

by Leave a Comment

Another month another WikiLeaks revelation, and cybersecurity is right in the middle of it all. As you probably already heard this past week, WikiLeaks released what many believe to be CIA’s tools arsenal to hack to into pretty much anything. Samsung smart TVs, iOS phones, Android smart devices, messaging App services, etc. You name it and WikiLeaks says that the CIA has technology capabilities to hack into it. Nothing has yet been confirmed from the CIA about those claims, nobody should expect them to, but those are among what Snowden talked about in the past.

Google confirmed that recent WikiLeaks information are not serious cybersecurity threats. In other words, nothing surprising from a security perspective. Google is not saying that you should not be surprised that the CIA is spying on you. The search giant is trying to explain that WikiLeaks’ claims are fundamental technologies against which companies and consumers should be able to protect themselves if WikiLeaks is telling the truth. I am looking forward to see how this matter is evolving.

https://www.bloomberg.com/news/videos/2017-03-10/wikileaks-releases-cia-hacking-tools-fbi-probes

 

Everything You Need to Know About Cloudbleed, the Latest Internet Security Disaster

by 1 Comment

Change your passwords now! Believe that this is the best way to start warning you about what I’m about to tell you. In case you have not heard, Heartbleed 2.0 is here and it is called Cloudbleed. This is the latest vulnerability researchers uncovered within Cloudflare’s systems. According to Adam Clark Estes, a Gizmodo writer, Cloudflare is one of the world’s largest internet security companies and its clients list includes companies like Uber, OKCupid, 1Password, FitBit and so on. As the author suggests, do not try to find out the complete list of affected websites because it is safer to change all your passwords since it is something people should do regularly anyway.

It has been reported that Cloudflare’s backed websites had been leaking data for several months before the bug was noticed. it will take some time before the level of destruction caused by Cloudbleed is determined. In the meantime, Cloudflare finds itself in a race to rush and hunt down all data stored elsewhere before hackers find them. It will be interesting to learn the evolvement’s nature of Cloudbleed. Again, the best defense against this so far is to change your passwords and apply two-factor authentication wherever possible.

http://gizmodo.com/everything-you-need-to-know-about-cloudbleed-the-lates-1792710616