Wenatchee Valley College - CTS Discussion Board

You are not logged in. Would you like to login or register?

1 of 1

Security Class » Security Class Article #6 - Due Monday December 3rd » 11/30/2018 11:30 am

RolandS
Replies: 12

Go to post

Microsoft warned users that two apps made by the headphone manufacturer Sennheiser exposed digital certificates.  Since the certificate and private key were the same for anyone who installed these apps, the private key could be decrypted and could be used for phishing, spoofing, or man-in-the-middle attacks.
https://threatpost.com/microsoft-warns-of-two-apps-that-expose-private-keys/139457/
-RolandS

Security Class » Security Discussion Article #3 - Due Monday the 29th.... » 10/29/2018 9:22 am

RolandS
Replies: 10

Go to post

There was a new vulnerability found in the X server, a part of the GUI for many Linux distros. If X server is running as a root, a logged in user can gain access to administrator permissions. This venerability has been around for around two years apparently. The attacker must first gain access to the system before this exploit can be used. They do not have to be at the physical console though, as this exploit can be used with remote connecting in SSH. Link to the original article below:
https://threatpost.com/x-org-flaw-allows-privilege-escalation-in-linux-systems/138624/

Roland Smith

Security Class » Security Discussion Topic #2 Due Monday the 15th » 10/12/2018 10:46 am

RolandS
Replies: 15

Go to post

An undocumented group given tracked under the name 'Gallmaker' by Symantec has been attacking oversea embassies of an unnamed Eastern European country and Middle Eastern military and defense organizations. The group has been active since at least December or 2017. Gallmaker does not use any malware in their attacks, only publicly available tools. Since they only operate within the memory, they're difficult to detect. Adding to this, they sometimes delete their tools from the machines, making it even harder to detect them.
Article: https://www.securityweek.com/cyberspy-group-gallmaker-targets-military-government-organizations
-Roland Smith

Security Class » Security Discussion Article #1 - Post reply to this article » 10/05/2018 9:30 am

RolandS
Replies: 17

Go to post

Tiny microchips found on motherboards made by Super Micro Computer Inc. (aka Supermicro) for Elemental Technologies were not part of the original design and gave attacker a stealthy door into network system. The chips were supposedly inserted at factories in China. This was discovered when Amazon began to consider acquiring Elemental Technologies in 2015 and began a detailed looks at their hardware security. Servers from Elemental can be found be found in Department of Defense data centers, In CIA drone operations, and on naval warships. Elemental is only one of many customers of Supermicro. Link to the article here: https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies

1 of 1

Board footera

 

Powered by Boardhost. Create a Free Forum