• Log In
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Security Architecture

MIS 5214 - Section 001 - David Lanter

Security Architecture

MIS 5214.001 ■ Spring 2023 ■ David Lanter
  • Homepage
  • Instructor
  • Syllabus
  • Schedule
    • First Half of the Semester
      • Unit 01 – Threat Environment
      • Unit 02 – System Security Plan
      • Unit 03 – Planning and Policy
      • Unit 04 – Cryptography
      • Unit 05 – Secure Networks
      • Unit 06 – Firewalls
      • Unit 07 – Mid-Term Exam
    • Second Half of the Semester
      • Unit 08 – Access Control
      • Unit 9 Host Hardening
      • Unit 10 Application Security
      • Unit 11 Data Protection
      • Unit 12 – Incident and Disaster Response
  • Deliverables
    • Assignments
    • Case Studies
      • Case Study 1 – A High Performance Computing Cluster Under Attack: The Titan Incident
      • Case Study 2 – Data Breach at Equifax
    • Participation
    • Team Project
  • Harvard Coursepack
  • Zoom Meeting

In The News

January 18, 2023 by David Lanter 15 Comments

Contribute a link and a brief summary.

Filed Under: 02 - System Security Plan Tagged With:

Reader Interactions

Comments

  1. Chinenye Marylyn Akinola says

    January 20, 2023 at 12:10 am

    European Businesses Admit Major Privacy Skills Gap

    94% of European organizations are struggling to find skilled practitioners to take up crucial privacy-related roles, according to new research from professional association ISACA. The IT audit and governance body polled 375 privacy professionals across the region in Q4 2022, as part of a wider global study: Privacy in Practice. It found that, although European businesses recognize the importance of privacy, with 87% offering awareness training to employees, most also admit having skills gaps. The report revealed that over half (59%) of technical privacy teams in Europe are understaffed. ISACA claimed that addressing the problem is tricky, with a fifth of respondents saying it takes over six months to fill such roles, and twice that number (41%) complaining of insufficient privacy budgets.

    https://www.infosecurity-magazine.com/news/european-businesses-privacy-skills/

    Log in to Reply
  2. Pranavi Yadalam Sekhar says

    January 20, 2023 at 8:55 pm

    T-Mobile admitted that personal and account information of tens of millions of customers was accessed by a malicious actor via an API. The attack began on November 25, 2022, but was not discovered until January 5, 2023. Information compromised included customer names, billing and email addresses, phone numbers, dates of birth, T-Mobile account numbers, and information about the number of lines on the account and plan features. The company attempted to downplay the seriousness of the breach, saying nearly all of the information stolen is widely available in marketing databases or directories. T-Mobile said that passwords, payment card information, social security numbers, government ID numbers or other financial account information were not compromised.

    https://www.infosecurity-magazine.com/news/api-attacker-steals-data-37/

    Log in to Reply
  3. Frank Kofi Kpotivi says

    January 20, 2023 at 10:57 pm

    Exploits released for two Samsung Galaxy App Store vulnerabilities

    The Galaxy App Store is an alternative application store that comes pre-installed on Samsung Android devices. Several Android applications are available on both the Galaxy App Store and Google App Store, and users have the option to use either store to install specific applications.
    Two vulnerabilities were uncovered with the Galaxy App Store application:
    Two vulnerabilities in the Galaxy App Store, Samsung’s official repository for its devices, could enable attackers to install any app in the Galaxy Store without the user’s knowledge or to direct victims to a malicious web location.
    The issues were discovered by researchers from the NCC Group between November 23 and December 3, 2022.
    Hyperlink to force the GS’s webview to browse on unsafe sites (NCC Group) NCC explains that the only prerequisite for this attack is for the malicious domain to have the “player.glb.samsung-gamelauncher.com” part in it.
    An attacker can register any domain and add that part as a subdomain.
    The installation and automatic launch of apps from the Galaxy Store without the user’s knowledge may also lead to data or privacy breaches, especially if the attacker uploads a malicious app on the Galaxy Store beforehand.
    It is important to note that CVE-2023-21433 is not exploitable on Samsung devices running Android 13, even if they use an older and vulnerable version of the Galaxy Store.

    https://www.bleepingcomputer.com/news/security/exploits-released-for-two-samsung-galaxy-app-store-vulnerabilities/

    Log in to Reply
  4. Aayush Mittal says

    January 21, 2023 at 11:30 pm

    T-Mobile’s $150 Million Security Plan Isn’t Cutting It

    The mobile operator just suffered at least its fifth data breach since 2018, despite promising to spend a fortune shoring up its systems. Before the breach in Nov 2022, the company had mega breach in 2021, two breaches in 2020, one in 2019, and another in 2018. Multiple breaches suggests that T-Mobile’s defenses do not utilize modern security monitoring and threat hunting teams. The 2022 breach took place soon after company committed to a two-year, $150 million initiative to improve its digital security and data defenses. Experts suggests, the information involved in the breach could be useful to attackers for SIM swap attacks, in which they take control of victims’ phone numbers and then abuse the access to take over accounts, including by capturing two-factor authentication codes sent over SMS.
    On January 6, the US Federal Communication Commission proposed more stringent data-breach reporting criteria for the telecom industry.

    https://www.wired.com/story/tmobile-data-breach-again/

    Log in to Reply
  5. Sunam Rijal says

    January 22, 2023 at 12:03 am

    PayPal accounts breached in large-scale credential stuffing attack
    https://www.bleepingcomputer.com/news/security/paypal-accounts-breached-in-large-scale-credential-stuffing-attack/

    Cybercriminals were able to access thousands of PayPal accounts. They executed Credential Stuffing Attack. PayPal itself was not hacked. The attack in which hackers stuff the login page with numerous credentials taken elsewhere until one eventually works. As per the investigation, attackers accessed the accounts between December 6 and December 8 2022. After accessing the account, attackers potentially acquire some personal information such as user’s names, address, social security number (SSN), tax identification number (TIN), and date of birth. However, the investigation till this stage it appears that there is no evidence the login credentials were taken from PayPal’s systems.
    To protect users, PayPal reset the passwords for the affected users and enhanced security controls requiring users to set up a new account on their next login. Also PayPal is giving two years free identity monitoring services through Equifax to the affected users. PayPal also recommends at least 12-characters long and includes alphanumeric characters and symbols for password and also advises to active two-factor authentication protection.

    Log in to Reply
  6. Nishant Shah says

    January 22, 2023 at 5:12 pm

    Critical vulnerability allowed attackers to remotely unlock, control Hyundai, Genesis vehicles

    Researchers find a vulnerability in the app used for remotely controlling Hyundai and Genesis vehicles. Using a CRLF (carriage return line feeds) injection at the end of an existing victim’s email address the researchers were able to bypass the JSON Web Token (JWT) and email parameter check.

    They were able to retrieve the victim’s vehicle identification number and send an HTTP request to remotely unlock the car. A proof of concept script was created to automate HTTP responses and it allowed the researchers to remotely turn the engine on or off, remotely lock or unlock the vehicle, honk the horn, change the victim’s PIN, etc. The researchers aim was to highlight that application security for vehicles was lagging behind by a large margin.

    https://portswigger.net/daily-swig/critical-vulnerability-allowed-attackers-to-remotely-unlock-control-hyundai-genesis-vehicles

    Log in to Reply
  7. Jill Brummer says

    January 22, 2023 at 5:22 pm

    Why agencies are losing the cyber battle | Federal News Network

    In summary, the article covers reasons why defend against cyber-attacks is so challenging. Just because there are controls in place, doesn’t mean there is 100% protection. There is a possibility the controls haven’t been configured properly, the controls haven’t been tested and if not tested, don’t know if they are effective. Just because the controls are in compliance doesn’t mean they are optimized.

    Additionally, it’s discussed in the article that the zero trust model; however, can only accomplish so much in limiting risk, but with could have analysts investigating alerts that could be scoped out. There needs to be a layer approach to defense, automation, and take advantage of optimizing control.

    Log in to Reply
  8. Samuel Omotosho says

    January 22, 2023 at 6:41 pm

    Costa Rica’s government has suffered another ransomware attack just months after several ministries were crippled in a wide-ranging attack by hackers using the Conti ransomware.

    https://therecord.media/costa-ricas-ministry-of-public-works-and-transport-crippled-by-ransomware-attack/?web_view=true

    Log in to Reply
  9. Nicholas Foster says

    January 22, 2023 at 8:32 pm

    WhatsApp Hit with €5.5 Million Fine for Violating Data Protection Laws

    Meta, known for owning both Facebook and Instagram had fines imposed on their messaging application WhatsApp for violating data protection laws when processing users’ personal information. In short, Meta has already been in hot water and fined €390,000,000 for violating GDPR for serving personalized ads in Facebook and Instagram, giving the company three months to find a valid legal basis for processing personal data for behavioral advertising. This fine is for failing to clearly inform users after updates. Specifically, the article states “WhatsApp is encouraged to show how it plans to communicate any future updates to its terms of service, and to do so in a way that consumers can easily understand the implications of such updates and freely decide they want to continue using WhatsApp after these updates,”

    https://thehackernews.com/2023/01/whatsapp-hit-with-55-million-fine-for.html

    Log in to Reply
  10. Abayomi Aiyedebinu says

    January 22, 2023 at 9:56 pm

    Chick-fil-A investigates reports of hacked customer accounts.

    Chick-fil-A user accounts were being breached in credential stuffing attacks. Most of the hijacked accounts are used with disposable email addresses to buy food in widespread attacks.
    Some of the stolen accounts are being sold for $2 to $200, depending on the account balance, linked payment method, or Chick-fil-A One points (rewards points) balance. Although Chick-fil-A was warned about the attack, but they took too long to respond.

    https://www.bleepingcomputer.com/news/security/chick-fil-a-investigates-reports-of-hacked-customer-accounts/

    Log in to Reply
  11. Mengqi Xiong says

    January 23, 2023 at 5:27 pm

    Vastflux is probably one of the largest ad frauds discovered so far, mainly targeting iOS devices. There are about 1,700 spoofed apps here, 120 targeted users were spoofed in this way, and the attackers send 12 billion fake ad requests per day. Device owners could have taken action against this attack, as legitimate apps and advertising processes were affected. The attackers hijack the network advertising system so that when a phone displays an ad in an affected application, there are actually as many as 25 ads overlapping, while you only see one ad on your phone. The user’s phone battery will drain faster than usual when handling all the fraudulent ads. In addition, once the ads are gone, the attack will stop, meaning that system security controls will have a hard time tracking down the attack easily. the fraudsters evaded ad verification tags, making it harder for this scheme to be found.

    https://www.infosecurity-magazine.com/news/ad-fraud-tops-12-billion-daily-bid/

    Log in to Reply
  12. Wei Zhang says

    January 24, 2023 at 10:50 am

    A new form of malicious attack has recently emerged after malicious HTML attachments used meta-refresh to redirect end users from locally hosted HTML attachments to phishing pages hosted on the public Internet. Researchers at Avanan, a Check Point Software company, found that malicious HTM attachments were placed inside normal DocuSign documents and displayed as empty images to bypass traditional scanning services. In fact, once the attachment is clicked, the target user will automatically be redirected to the wrong URL.

    https://www.infosecurity-magazine.com/news/phishers-blank-images-hide/

    Log in to Reply
  13. Asha Kunchakarra says

    January 24, 2023 at 2:38 pm

    Mailchimp, an email marketing service provider has announced that is suffered a data breach as a result of a social engineering attack. an unauthorized actor was able to gain access to select mailchimp accounts using employee credentials that were compromised in the attack. The incident was limited to 133 accounts and there is no evidence that this compromise affected any other systems. They have apologized for the incident and stated that they are working with the users directly. This breach has come less than a year after Mailchimp has suffered a separate hack in April 2022

    https://www.infosecurity-magazine.com/news/mailchimp-hit-another-data-breach/

    Log in to Reply
  14. Elizaveta Ibeme says

    January 24, 2023 at 6:05 pm

    https://thehackernews.com/2023/01/security-navigator-research-some.html

    Recent vulnerability scans have revealed that vulnerabilities take a long time to patch. this was found to be true for data across the industries. there are on average 22 newly published vulnerabilities reported daily. vulnerability scans analyze assets in different industry areas and reveal how long any discovered vulnerability has remained unpatched on an asset. 47% of all CVEs discovered remain on an asset unpatched for five years or longer. 75% of all found vulnerabilities are 1000 days or older. it appears that older vulnerabilities are not a priority for patching. the average time it takes so page a vulnerability is 215 days.

    Log in to Reply
  15. Shepherd Shenjere says

    January 24, 2023 at 7:46 pm

    The article I chose for this week speaks about the increase of phishing attacks and how to avoid them. Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers and is commonly used by cybercriminals.

    https://www.cnbc.com/2023/01/07/phishing-attacks-are-increasing-and-getting-more-sophisticated.html

    Log in to Reply

Leave a Reply Cancel reply

You must be logged in to post a comment.

Primary Sidebar

Weekly Discussions

  • 01 – Introduction (1)
  • 01 – Threat Environment (3)
  • 02 – System Security Plan (6)
  • 03 – Planning and Policy (6)
Fox School of Business

Copyright © 2023 · Course News Pro on Genesis Framework · WordPress · Log in