1 - Admin
- Administrator
Offline - Registered: 3/28/2016
- Posts: 978
Security Class Article #4 - Due October 28th
Reminder - Quiz this Friday...
Post a new article here by Monday. Try to find a good one that is actually interesting and READ it. Write a good summary and a link to the original article too. Make sure to put your name in it.
- jkilthau2856
- Member
Offline
- Registered: 7/10/2018
- Posts: 14
Re: Security Class Article #4 - Due October 28th
NordVPN confirms it was hacked
An expired internal private key was exposed, resulting in a security breach, allowing an attacker to gain access to one of NordVPN's servers. Since NordVPN uses a "zero logs" policy claiming they dont track, collect, or share private data, the attacker wasn't able to gain any personal or private data. However, NordVPN claims that there is a possibility that the attacker was able to perform a complex "man-in-the-middle" attack and intercept a VPN user's connection. NordVPN chose not to name the data center provider in which the vulnerable server's private key was exposed.
Jesse Kilthau
Last edited by jkilthau2856 (10/23/2019 10:13 am)
- AprilSands
- Member
Offline
- Registered: 10/21/2019
- Posts: 16
Re: Security Class Article #4 - Due October 28th
Here's a good example of something we've been doing in class recently. AWS (Amazon) was attacked by a DDOS attack Thursday, from 10 am- 6 pm. Make one question their security, especially with the holiday shopping season just beginning.
April
- MikeHolmes
- Member
Offline
- Registered: 9/24/2018
- Posts: 14
Re: Security Class Article #4 - Due October 28th
Apple takes "Trojan Clicker's" off the app store.
This is surprising because of how well known Apple is of having safe/locked down app store.
They found 17 apps that were opening the web in the background and clicking on ad's endlessly.
Some categories of the apps included:
FM Radio
Restaurant finder
BMI calculator
Video editor
File manager
- JuanCarlosMendezjr
- Member
Offline
- From: Wenatchee, Washington
- Registered: 2/12/2019
- Posts: 25
Re: Security Class Article #4 - Due October 28th
Cybercriminals are doing big business in the gaming chat app Discord
So any one who has discord may want to know about this. So it seems hackers are getting use discord for their own personal use of selling hack accounts,social security,and any other credit cards, not only that they offer their service for any sort off tool to get the job done
by JuanCarlosMendezJr
- Zhoward4123
- Member
Offline
- Registered: 10/07/2019
- Posts: 15
Re: Security Class Article #4 - Due October 28th
A recent Samsung security flaw involving fingerprint accessibility affects the Galaxy S10, S10+, Note 10, and Note 10+. (Pretty much all of Samsung's 2019 phones with ultrasonic fingerprint scanners.) Some third-party screen protectors have an underside texture which might look like a fingerprint to the scanner. When scanned fingerprints are registered with the protector installed, the phones are learning the protector as part of your fingerprint. Anyone with the protector could then unlock the phone regardless of fingerprint.
-Zach Howard
- bpedersen3277
- New member
Offline
- Registered: 9/24/2018
- Posts: 3
Re: Security Class Article #4 - Due October 28th
Avast Vulnerability Potentially Allows DLL Hijacking
What’s the issue?
Tracked as CVE-2019-17093, the vulnerability allows an attacker to load a malicious DLL file to bypass defenses and escalate privileges.
- The attacker requires administrative privileges to exploit this bug. Once exploited, the vulnerability allows the loading of malicious DLL in multiple processes.
- Owing to self-defense mechanisms, even administrators are not allowed to write DLL to the AM-PPL (Anti-Malware Protected Process Light).
- However, this restriction can be bypassed by writing the DLL file to an unprotected folder from which components are loaded by the application.
Why did this happen?
Researchers present two root causes behind the vulnerability.
- During their analysis, they discovered that there was a lack of safe DLL loading.
- Another cause is that code integrity is not enforced in the AM-PPL process. Avast has reportedly disabled code integrity in its implementation.
Last edited by bpedersen3277 (10/27/2019 11:48 pm)
- Portscanner
- New member
Offline
- Registered: 10/02/2019
- Posts: 8
Re: Security Class Article #4 - Due October 28th
Hackers a robot in Japan
A hacker by the name Lance R. Vick who is a ethical hacker has stated that he has found a flaw in the systems of the robots at a hotel in japan, With the exploit it allowed for the hackers to be able to spy on the people at the hotel. Which caused a big problem for the hotel and then their actions was to get them out out of the hotel for.
- BiliousGoat
- Member
Offline
- Registered: 4/24/2019
- Posts: 18
Re: Security Class Article #4 - Due October 28th
Phishing and spam mail has seen a rise through 2019, where spam mail now accounts for a staggering 57.6% of email traffic. China was the largest culprit of sending spam, responsible for about 24% total, followed by US (14%) and Russia (5%). Many of these spam emails are designed for phishing attacks, have viruses attached to their files, or include trojans. Hackers constantly adapt to real world events to make their spam mail more enticing, such as targeting Game of Thrones fans before its final season release and even major sporting events. Spammers have also used fake tax services and urged the recipient by telling them they only have 24 hours to file their tax return or they won't get it, for instance.
Derek D
- Felixgm
- Member
Offline
- Registered: 9/25/2019
- Posts: 15