Wenatchee Valley College - CTS Discussion Board

You are not logged in. Would you like to login or register?



10/28/2019 9:36 am  #11


Re: Security Class Article #4 - Due October 28th

This seems to be an issue with a library that's called PHP-FPM which is causing a vulnerability on NGINX server.
PHP-FPM "is an alternative to PHP Fast CGI implementation that offers advanced and highly efficient processing for scripts written in PHP programming" 
this vulnerability was pretty rough in the fact that it allowed for execution of code on the vulnerable web server, which is really bad.
The vulnerability was spotted by Andrew Danau during a Google CTF competition and they actually used and weaponized this vulnerability during the competition.
"Using a carefully chosen length of URL and Query string they attacker could use path_info to introduce byte's into the memory of the web server.
using this method the team was able to create a fake PHP_VALUE fcgi (not 100% what that is) variable and then use a chain of carefully chosen config values to get code execution"

The vulnerability was tracked and labeled as CVE-2019-11043

Why I dont use PHP (jk): https://thehackernews.com/2019/10/nginx-php-fpm-hacking.html

Last edited by Gloat (10/28/2019 10:16 am)


Hello, I am Devin Baughman.
There is a discord server with links to online PDF's of course textbooks, there are general chats for each course and nerd-banter, please come in and talk computers! Invite: https://discord.gg/H65RH2g
 

10/28/2019 9:48 am  #12


Re: Security Class Article #4 - Due October 28th

Hackers now E-Skimming online carts to gather credit card information and sell. People who buy things online are now being targeted with holidays coming up with a new type of attack. This new attack is coming from Europe.  The attackers are buying online goods with stolen credit card information and sending it to Eastern Europe to sell for profit.
https://www.freep.com/story/money/personal-finance/susan-tompor/2019/10/23/hackers-e-skimming-attacks-targeting-online-shoppers/4051921002/



 


Alvaro Mendoza
 

10/28/2019 9:52 am  #13


Re: Security Class Article #4 - Due October 28th

Ransomware's mounting toll: Delayed surgeries and school closures

This is a general, not-techie article about Ransomewares' affect on services like healthcare. Ransomware has impacted at least 621 entities this year through September. The targets include hospitals, health care centers, school districts and cities. The total cost so far this year could be about $186 million, based on the publicly disclosed costs of ransomware attacks


https://www.cbsnews.com/news/ransomware-attack-621-hospitals-cities-and-schools-hit-so-far-in-2019/

-Kayla Rich

 

10/29/2019 10:16 am  #14


Re: Security Class Article #4 - Due October 28th

This article goes over how hackers have been able to infiltrate aircraft electronics to ground air craft. The issue seems to be with the GPS systems that aircraft companies field within their systems. https://www.forbes.com/sites/kateoflahertyuk/2018/08/22/how-to-hack-an-aircraft/#c9aac9741d12

 

10/29/2019 10:21 am  #15


Re: Security Class Article #4 - Due October 28th

New iPhone Hack Shock As China Blamed For Devastating Attack
Apple users are still reeling from the shocking disclosure by Google's Project Zero team. Project Zero is a team of security analysts employed by Google tasked with finding zero-day vulnerabilities, the secret hackable bugs that are exploited by criminals. Hacked websites have been used to attack iPhones for two years. And every single up-to-date iPhone has been vulnerable. Now, two days later, those same 1 billion users face further damning revelations. The new iphone with IOS 13 is already experiencing project zero and the small hacks that comes along with it.
https://www.forbes.com/sites/zakdoffman/2019/09/01/ahead-of-iphone-11-new-apple-hack-revelation-will-shock-1-billion-users/#456b552f4feb
Devin Fry
 

 

10/29/2019 10:36 am  #16


Re: Security Class Article #4 - Due October 28th

The Pirate Bay was recently hit by a  DDoS attack. According to this article https://thehackernews.com/2019/10/the-pirate-bay-down.html The Pirate Bay was attacked by an unknown entity which brought down the site for over a week, resulting in cloud flare messages mentioning a "Bad Gateway" message and the site itself saying it was down for "database maintenance" and to "check back in 10 minutes." According to Pirate Bay administrators the site was flooded with "searches that break the Sphinx search daemon." Sphinx is an open source piece of software, and since the attack, The Pirate Bay has updated to a new version, fixing the issue.

Lesson of the day: Keep your software up to date.

Last edited by Lehi Herrera (10/29/2019 10:38 am)


Ỵ̵͝'̸̰̋a̴̟̿l̴̘̓l̶̖̊ ̶̮̀g̷̬̈o̶̯͂t̴̺̚ ̷̢̌a̸͚̅ṋ̶̂y̶̙͝ ̴̙̾q̶̛͇u̶̢̔ï̵̳c̵͉̈́ķ̶̐ ̷͓͝b̶̡̚i̸̹͆t̴̠̀ṣ̷͝?̴̼̄
 

11/04/2019 11:19 am  #17


Re: Security Class Article #4 - Due October 28th

FBI offers warning to all Medium and Small businesses that use credit card payments online.
The FBI say the cause is called "E-Skimming". E-Skimming is when a hacker inserts a spyware program into a website's Point Of Sale System. They were using the spyware to scan credit card credentials. FBI say that majority of the time, the spyware is given access to a system by using PHISHING ATTACKS via emails.
Moral of the Story.... dont open email thats not from someone you know LOL.

https://cyware.com/news/fbi-issues-warning-to-smbs-about-e-skimming-attacks-a251120c 

 

12/06/2019 2:41 am  #18


Re: Security Class Article #4 - Due October 28th

A kid who was trying to get info over a school activity ended up getting more info than he ever imagine. Still think he did it on purpose. 
https://www.newsweek.com/student-hacked-school-district-squirt-gun-war-1466733

 

Board footera

 

Powered by Boardhost. Create a Free Forum