Wenatchee Valley College - CTS Discussion Board

You are not logged in. Would you like to login or register?



10/14/2019 11:55 am  #1


Security Class Article #3 - Due Monday October 21st....

Post a new article each week.  Please READ the article.  Summarize it and post a link to the original.  Also, please post your name...

 

 

10/18/2019 8:09 am  #2


Re: Security Class Article #3 - Due Monday October 21st....

Montgomery County Public Schools forces password reset after Naviance hacked:

Naviance is an online college, career and life readiness solution that allows districts and schools discover student strengths and interests while helping prepare them for careers after high school. Montgomery County Public School District in Rockville, Maryland is one of the schools that utilized Naviance as one of their educational resources. In early October of 2019 there was a security data breach that affected one of the high schools in Rockville. The brute force attack impacted 1343 Naviance student accounts and 1 parent/guardian account at Wheaton High School in Rockville. The attacker was able to continue automatically trying combinations of logins and passwords, without any type of lockout or security defenses kicking in. Some of the information obtained by the attacker includes; Name, Date of Birth, Highest ACT Score, Ethnicity, Grade Level, Highest IB Score, Gender, Student ID #, Student Address, GPA, Weighted GPA, Home Phone #, Email Address, Highest SAT Score, Mobile Phone #, Assigned Counselor, Highest PSAT Score, and Nickname.

Article URL: https://www.databreaches.net/montgomery-county-public-schools-forces-password-reset-after-naviance-hacked/


 Jesse Kilthau

Last edited by jkilthau2856 (10/18/2019 8:12 am)

 

10/19/2019 8:02 pm  #3


Re: Security Class Article #3 - Due Monday October 21st....

Security Vulnerability Found on Galaxy S10 Phones:

Samsung released the Galaxy S10 earlier this year in March and it came with an ultrasonic fingerprint sensor embedded into the screen. It turns out that there is a huge security hole with the fingerprint sensor that can be bypassed easily with a plastic case that wraps around the phone. Any fingerprint offered to the phone with the case will be accepted. Any information such as accounts, passwords, or even banking information could be easily accessed through a cheap plastic case. Samsung has even confirmed the security flaw with the S10 and could be patched through a software update. If not, Customers would rather choose an iPhone or Google's Pixel line of phones.

[size=125]Article URL: [/size]https://www.forbes.com/sites/gordonkelly/2019/10/15/samsung-galaxy-s10-note10-plus-fingerprint-reader-warning-upgrade-galaxy-s11/#2b4139ed24ae

Victor Trujillo

 

Last edited by Trujillo64 (10/19/2019 8:03 pm)

 

10/20/2019 11:33 am  #4


Re: Security Class Article #3 - Due Monday October 21st....

Infamous Lazarus group attacks again 

Security Researchers have discovered a new attack from the famous Lazarus Group hackers of North Korea that attacks both Windows and Mac users. They made a legit looking website that supplies their victims with fake cryptocurrency software to trade & mine. Once downloaded the user also would get a secondary file that would allow them remotely execute commands on the victims device and take over their device. All of this was to steal cryptocurrency from people that would download this cryptocurrency trading software.
https://www.cisomag.com/lazarus-group-using-fake-site-to-hack-macos/

Last edited by AlMendoza22 (10/21/2019 10:11 am)


Alvaro Mendoza
 

10/20/2019 9:31 pm  #5


Re: Security Class Article #3 - Due Monday October 21st....

Musical Malware: How Attackers Are Spreading Malicious WAV Audio Files.

WAV developed by Microsoft and IBM, for storing an audio bitstream on PCs.
Basically its a new attack that hides hidden files in the WAV not only that The malicious file was hiding inside another file which was undectable by the system. Pretty much it could be hidden in any file type.All these attack were produced by only using playing music without any glitches.

link:
https://cyware.com/news/musical-malware-how-attackers-are-spreading-malicious-wav-audio-files-c345e314 

Last edited by JuanCarlosMendezjr (10/20/2019 9:47 pm)

 

10/20/2019 9:50 pm  #6


Re: Security Class Article #3 - Due Monday October 21st....

its really easy to get hacked with a bit of info such as pictures. someone asked tobac to hack them and was able to get their phone number, home address, and steal hotel points as well as change flight seats and with only the information about what airlines they fly and what hotels they stay about which she got them through twitter because the other person would tweet about them. usuing that info she was able to call up companies using software to make it appear as them. [url=https://www.cnn.com/2019/10/18/tech/reporter-hack/index.html]https://www.cnn.com/2019/10/18/tech/reporter-hack/index.html
-Jose Felix Gamino[/url]

 

10/21/2019 7:57 am  #7


Re: Security Class Article #3 - Due Monday October 21st....

CenturyLink is a fortune 500 company that offers network service, security, cloud solutions, voice and managed services. They were beached for close to a year. Over 2.8 million records were looked at. They got all their personal information which could be used for phishing.
 
Have A Great Day
James Florom
https://www.cshub.com/data/articles/incident-of-the-week-28-million-records-exposed-in-centurylink-third-party-database

 

10/21/2019 8:13 am  #8


Re: Security Class Article #3 - Due Monday October 21st....

This is a slightly dated article but I found some intriguing points in it about how botnets came to be, especially the infamous Mirai botnet. Hackers simply scan for open ports on any devices connected to the internet (including security cameras and baby monitors) and then conglomerate them to form a sort of super computer. I found it interesting that some of these devices like cameras run a stripped-down version of Linux which makes it vulnerable to hacking and can be used unbeknownst to the owner. Open telnet ports are found and then hackers use 61 common user/password credentials to gain access. Paras Jha, a student at Rutgers, would DDoS his own university's systems utilizing this botnet during vital times such as registration and then seek employment to defend against such attacks. He would even DDoS other Minecraft servers to get more players into his own and apparently make more money. He later released the code of the botnet to make it more difficult to find it's source as other hackers could now use it for their own ends. Ultimately, he and his associates were taken to court for their crimes after his attack on Oct. 12, 2016 which left much of the east coast without Internet. His primary target is believed to have been Minecraft servers. 

Derek Dewitt
https://www.csoonline.com/article/3258748/the-mirai-botnet-explained-how-teen-scammers-and-cctv-cameras-almost-brought-down-the-internet.html

 

10/21/2019 9:34 am  #9


Re: Security Class Article #3 - Due Monday October 21st....

[url=https://cyware.com/news/malicious-photo-beautification-app-reads-sms-verification-codes-to-activate-wap-billing-5f26c9d5/]https://cyware.com/news/malicious-photo-beautification-app-reads-sms-verification-codes-to-activate-wap-billing-5f26c9d5/

There is an app where you take a selfie and it "beautifies" it. However, in the permissions, its allowing it to read SMS verification codes to activate Wireless Application Protocol (WAP) billing. Once u allow permissions, it downloads a .log file that contains javascript payloads and WAP subscription billing site addresses. Which opens in browser, and the program auto clicks and reads the SMS verification, thus charging you,

It is mostly in South East Asia luckily. [/url]

 

10/21/2019 9:45 am  #10


Re: Security Class Article #3 - Due Monday October 21st....

This article was posted back in June 7th but refers to an RDP server Bruteforce program that would actually bruteforce an RDP server than infected hosts would install and run the same bruteforce program which would in turn continue doing the same thing to other RDP servers. With roughly 2.4 million Windows RDP servers public facing this would show a massive amount of resources waiting to be utilized by the malicious attackers if they were to infect even low %'s. They had named the program GoldBrute and was JAVA Based Botnet malware.
Devin Baughman
https://thehackernews.com/2019/06/windows-rdp-brute-force.html


Hello, I am Devin Baughman.
There is a discord server with links to online PDF's of course textbooks, there are general chats for each course and nerd-banter, please come in and talk computers! Invite: https://discord.gg/H65RH2g
 

Board footera

 

Powered by Boardhost. Create a Free Forum