Wenatchee Valley College - CTS Discussion Board

You are not logged in. Would you like to login or register?



11/21/2019 10:42 am  #1


Article #8 - Due Monday 25th of November

Android and Google phones hacked, including access to the camera and microphone.  How widespread this vulnerability is unclear.  The exploit is now public, but it remains to be seen how many times this has happened in the "real world"

https://americanmilitarynews.com/2019/11/android-phones-hacked-hundreds-of-millions-cameras-gps-microphones-affected/

 

 

11/21/2019 11:32 am  #2


Re: Article #8 - Due Monday 25th of November

Post your replies here.... Make it a good one!

     Thread Starter
 

11/24/2019 10:42 am  #3


Re: Article #8 - Due Monday 25th of November

How to stop Public USB ports from hacking your phone!

This topic got my attention since I have never knew you could be hacked by using your USB in public areas.
Anyways basically some USB chargers provided by at airports, hotels or any other public locations would have been affected with malware that will pretty much would hack your phone or tablet.

security researchers showed that a minicomputer disguised as a USB charging brick could install data-stealing malware on iPhones that's scary!

Even their was a another attack used to highjack known as video jacking, what it seem like a USB but actually equipped to pull HDMI video from any device connected and hack your password and any other information.

And btw like the article said never used drop USB chargers since those are the ones that may have malware ready to be used. So always bring your own USB charger.

Link: 
https://www.fastcompany.com/90431828/how-to-stop-public-usb-ports-from-hacking-your-phone?partner=feedburner

by JuanCarlosMendezJr
 

 

11/24/2019 9:13 pm  #4


Re: Article #8 - Due Monday 25th of November

Hacking Operation Discovered In Kazakhstan 

A group of hackers who were called the "Golden Falcon" or known as "Dust Squad" in 2017, they would target government agencies, military personnel, researchers, private companies, educational sectors, and even religious figures. 

The group could develop their private tools to gather information, buy expensive spyware off a surveillance market as well as invest in radio communications interception hardware.

Tools that stood out Remote Control System which was a surveillance kit and a back door trojan named "Harpoon" with these tools, they could target specific people or organizations with spear-phishing emails and be able to obtain information on victims of the 13 largest cities in Kazakhstan.

Features of this trojan could Keylog, Steal clipboard data, Skype logins as well as chat history, Google hangout contacts, recording sounds from victims microphone, accessing files of victims computer, running programs as well as operating system commands.
 
This group is pretty crazy for obtaining so much information on people in Kazakhstan, not sure what all of this data the group has collected is for but my guess is the group some type of intelligence agency spying on citizens.

Link: 
https://www.zdnet.com/article/extensive-hacking-operation-discovered-in-kazakhstan/

By Victor L Trujillo

 

 

11/24/2019 11:17 pm  #5


Re: Article #8 - Due Monday 25th of November

This fake windows update is just that A FAKE
! the attached file purports to be in .jpg format, even though it opens an .exe file.
the most crucial element of the analysis is that the Cyborg ransomware creators also left a trail from the executable that led researchers to discover the malware builder hosted on the Github developer platform.

https://threatpost.com/windows-update-cyborg-ransomware/150407/

 

11/25/2019 3:11 am  #6


Re: Article #8 - Due Monday 25th of November

Hacker Stanislav Vitaliyevich Lisov got arrested by Spanish authorities at Barcelona–El Prat Airport on january 13th on 2017, then extradited to the US this month. Lisnov created the banking Trojan NeverQuest, and has attempted to steal 4.4 mil from hundreds of people.
NeverQuest was able to identify when someone tried to log in to an online banking site and transfer the persons login credentials back to a  server used to administer NeverQuest.

https://www.infosecurity-magazine.com/news/us-jails-neverquest-malware/

Ethan Drakes

Last edited by Lunar Time (11/25/2019 3:11 am)

 

11/25/2019 9:44 am  #7


Re: Article #8 - Due Monday 25th of November

Google has introduced a $1.5 million bounty for anyone that can remotely hack their Titan M chip, which is found on their Pixel devices. The Titan M chips are dedicated security chips closely related to Android's Verified Boot. Google also offers smaller bounties for hacking such elements as the Android kernel and even bypassing the lock screen. 

Derek
https://thehackernews.com/2019/11/google-pixel-titan-m-chip.html

 

11/25/2019 9:50 am  #8


Re: Article #8 - Due Monday 25th of November

AI programs can be disrupted even if by small changed in the data. Boston University professor Wenchao Li and two students devised a back door attack on AI. Where they went into a well known reinforcement - learning algorithm from "DeepMInd" called A3C.  The attack was taken on several Atari games, the game could be changed so that a boost of score could appear. This is a small example but a algorithm like this could control an autonomous car or a smart manufacturing robot. It could really put people in danger, even after Ai is trained and hasnt been hacked then can still be changed and corrupted after deployment.
https://www.wired.com/story/tainted-data-teach-algorithms-wrong-lessons/
-Jorge Calderilla
 


Jorge Calderilla
 

11/25/2019 10:29 am  #9


Re: Article #8 - Due Monday 25th of November

Iranian hackers have carried out some of the most disruptive acts they've wiped entire computer networks across the middle east and occasionally even the U.S. They have shifted focus and are targeting the physical control systems used in electric utilities, manufacturing and oil refineries. A hacker group by the name of APT33 has been password spraying to around 2000 organizations per month. They are unclear what the hackers motivation and which industrial controls systems they've breached
-Jose Gamino
https://arstechnica.com/information-technology/2019/11/a-notorious-iranian-hacking-crew-is-targeting-industrial-control-systems/
 

 

11/25/2019 11:11 am  #10


Re: Article #8 - Due Monday 25th of November

In January 2018 DUNKIN DONUTS was the victim of a credential stuffing attack. DD reported that hackers leveraged user credentials, that were leaked at other sites, to enter DD Perks reward account information. The good news is that the hackers were only after DD Perk Reward Card info, and not trying to steal customers personal information aka credit card credentials.
https://www.cshub.com/attacks/articles/top-5-cyber-security-breaches-of-2019-so-far

 

Board footera

 

Powered by Boardhost. Create a Free Forum