University of Advancing Technology is an elite, private college that serves its student body by fostering knowledge creation and academic excellence in an environment that embraces the young technophiles of the world. With three centers of research and a suite of technology-centered undergraduate and graduate degrees, the University is a recognized leader in technology education.
H@xc0rd is a simple yet powerful Discord bot for the utilization of common tools frequently used in network security, without the need to understand Linux.
“With only one command to start it, there’s no reason not to love it,” says H@xc0rd mastermind Bradley Chavis (Advancing Computer Science, Network Security). “No more struggling to set up a Linux machine, or trying to find all the tools compatible with Windows. It’s just one command and you’re done.”
H@xc0rd tools range from exploit to recon, including Hashcat, Hydra, Nmap, Shodan and many more. Each tool has its own custom-built help section to guide the user through understanding what the tool is, how to use it and how to use the results gained from it.
H@xc0rd was built off the node.js run time library, leveraging many libraries along the way, such as Discord.js and axios. The different commands are based on modules, enabling them to be loaded dynamically. This offers another benefit — the ability to limit users to certain tools and commands. Since many tools within this project can be intrusive to the local network that it’s hosted off of, the bot owner can adjust who has access to what tool at any time, significantly limiting the chance for it to be abused.
H@xc0rd is even simpler to use on the server this bot is hosted on — only a Discord account and a basic knowledge of the platform is needed. To use the bot, simply tighten the specified prefix that can be found packaged sub.js on file and the command you want to run. Such as a “!ping” command, which gives you latency to the bot.
Crack a password hash with java ripper and show off the results to everyone on the server. You no longer need to export the results of the tool to a file and send that file to others, time and time again. Better yet, want to find information on how many times a certain password has been compromised, like password? Use the “!haveibeenpwed,” which utilizes the haveibeenpwed guy to query and display the results.
Want to find out information about a machine accessible to the public internet through “!shodan,” and don’t know where to start? Start with H@xc0rd. Just add the help argument after any command for a comprehensive description of the tool, arguments that can be used with the command and external resources to learn more about that specific tool.
Now you may ask, how do I know all the commands in the first place? Well, the command “!commands” of course, which lists out all the available commands. Currently, there are approximately 15 types of tools implemented into this project.
As time goes on, new tools come along and current ones slowly fall out of date by not getting updated. To accommodate this, Bradley and project partner David Austad (Network Security) will consistently update the tools within the project, removing and replacing them with new ones that provide similar results.
If there is a tool that hasn’t been implemented yet, but you really want to use it, you have the freedom to add it yourself. H@xc0rd was built so that a new tool can be implemented in a matter of minutes!
During the building of this project, Bradley and David ran into a big issue — at first, the only way to run H@xc0rd was on Linux. Since this didn’t comply with the final goal of utilization by everyone, they searched for a solution and found Docker, a virtualization platform that allows operating systems’ environments, like Linux, to run on systems that generally wouldn’t support that, such as Windows or Mac OS. Docker’s implementation into this project allowed H@xc0rd to be hosted on nearly every operating system and can easily be tuned if one doesn’t work perfectly through the provided install script.
Another goal of the project was to make it as simple as possible for the user to set it up through install scripts. The entire install process was automated through bash scripts to run natively on most Linux systems.
Saving the best part for last, it’s free and open source. Bradley states, “You will never be limited with what you can do with this project, only by your imagination.” As time goes on, Bradley hopes others will contribute to it as well. Currently, H@xc0rd is only available via GitHub with plans in the works to host it through Docker as well.
Take your ideas and make them happen with UAT’s Advancing Computer Science degree.
Inspired by the lack of Internet of Things (IoT) security in homes and small business environments, Andrew Maddox (Network Security) created Smart House Security Solutions, a budget solution to network segmentation for home use of IoT networks. The project provides underutilized methods and tools for securing everyday IoT environments through a less expensive means of network segmentation, which is vital for the future and creates a demilitarized zone for the IoT devices.
To create the project demo, Andrew and fellow peers took advantage of the equipment in the lab and quickly got their hands dirty making IoT devices.
UAT’s segmented network was used as an example for this project. UAT’s primary segmented network leads to the primary front facing router with the switch delegating internet access based on IP range from the primary front facing router to personal computers or any computer that might be connected to the network. The IoT network has a wireless access point that facilitates all IoT communication between the devices and server.
The primary (public) router cannot ping the IoT network or device. As far as the front-facing router is concerned, the information was already passed to the IoT network router which distributes the information to the IoT devices for a more downstream flow. Without direct communication between the primary router and the IoT device/network, the IoT network becomes a demilitarized zone and handles the primary server communicating with the IoT devices and io network.
Andrew pursued the IoT project because of the experience he would gain and the opportunity it presented. The project involved systems administrative experience, network engineering, team management, problem solving and more. Throughout this project, Andrew learned a great deal about network segmentation as a component of the layers of network security, which is becoming more relevant as IoT becomes more pervasive.
Andrew is currently a Network Security major in his eighth semester at UAT, a previous CCDC team member and student ambassador and now a full-time employee at Norton LifeLock as a site reliability engineer.
Take security into your hands with a Network Security degree from UAT.
Always interested in technology, Daniel “Kody” Mitchell grew up watching his father play World of Warcraft and StarCraft. He quickly fell for these games and soon after, developed a love for programming while taking computer science classes in high school.
Kody came to UAT for the nerd and geek vibes. Since attending, he loves the family community aspect, the collaborative teamwork-focused environment, the combination of hard work and having fun and how the University truly prepares students for the real world. Kody feels that he has already learned so much about the industry and has gained the basic skills he will need to thrive.
Studying Artificial Intelligence and Network Security at UAT, Kody chose these degrees because he’s always been fascinated with artificial intelligence and knew that the world needs more cyber security professionals. So, he thought why not combine the two for a unique education and skillset!
Kody is a Student Ambassador for UAT and was involved in Nerf Warz! In his free time, Kody has been working on a project to create a calendar-budget program in Python that allows the user to see things at a glance, or hover over days for more details. The basis of the idea consists of the user inputting transactions they make on any given day (expense or income), and based on any recurring fees or payments, the program will show what day the user might run out of money (if there is one).
After taking a couple of classes taught by Mason Galatas, Kody was inspired by his expertise in his field and hopes to one day know as much as him, be as helpful and have as much fun!
Kody’s hobbies include 3D printing, programming, playing video games, singing in the car and watching movies. Once Kody gets out in the real world, he can't wait to put the skills he’s learned from UAT to the test and make a positive difference!
UAT is for people like you. Discover where you fit in at UAT.
Choosing a college major is a big undertaking. Even more daunting is planning for a career that will grow and remain exciting for decades. Getting a college degree is more than just a rite of passage or something you have to do. It is the first step to a journey that will shape your present, your future and how you want to contribute to society.
If you have a passion for technology, you are in for a great adventure.
Fueling economic growth, improving standards of living and creating new jobs are just some of the benefits of technology. With an economic impact of $1,879b and over 4.6 million US job postings, tech jobs are exploding.
The key is to select a major that:
Choosing the right college major can lead to a career that lets you take on new challenges and experience the rewards of solving big problems using technology. Ideally, it will provide you with a platform for launching your career and a foundation for a meaningful long-term adventure.
As a technology major, you are ideally positioned to take part in some of the most exciting trends in history. These tech trends are growing quickly in 2021 and offer strong career potential over the longer term.
Trend 1: An Explosion of Data
By the year 2024, an estimated 149 zettabytes — the equivalent of more than 149T gigabytes —will be created globally every single day. The challenge is to take all that data, store it and deploy it in ways that help businesses, organizations and entire societies.
From small e-commerce shops to huge government agencies, organizations of every size and type know they need to use their data more effectively. It is among their highest priorities. That is the role of the data scientist. They integrate math, computing and critical thinking to answer deep questions, solve big problems and invent data-centric tools and technologies.
Some data scientists shape huge data stores to optimize traffic and services in large cities. Others monitor the click flows and user patterns on huge web platforms. Some help to create IoT solutions that make driving safer. Data scientists use raw data to develop insights and tools that unlock the future.
Short-term Demand: Data Science, Data Analysis or Machine Learning appear on nearly every list of top career options for 2021. The US Bureau of Labor Statistics (BLS) lists Data Scientists among its most in-demand professions now.
Long-term Outlook: The best opportunities in data science combine AI and machine learning to connect create new knowledge. That trend is just starting. The BLS expects 15% growth in the demand for Data Scientists between now and 2029.
Trend 2: Growth in AI
Artificial Intelligence is coming into its own as a stand-alone technology that helps humans make decisions, create media and manage large-scale online platforms, among many other things.
It is also a sort of "operating system" for other leading-edge technologies such as automation, DevOps, chatbots, and robotics. AI-driven applications will touch nearly every area of our lives. That's why AI majors’ study human cognition decision-making along with networks, programming and computer science.
Short-term Demand: Artificial intelligence specialists are in strong demand now. AI is a young, expanding field that is creating outstanding career opportunities.
Long-term Outlook: Forbes reports that AI will create $15.7 trillion in economic value by 2030 and lead to 12 million new jobs by 2025. Recruiting site ZipRecruiter.com calls the career prospects for AI professionals "excellent." The site notes that AI is expected to grow "explosively" over the coming decades as the technology matures and finds its way into more uses.
Trend 3: The Scourge of Cybercrime
The cost of cybercrime is expected to exceed $6.1 trillion in 2021, according to Cyber Security Ventures. That's $190,000 every second.
Whether they are guarding against identity theft, preventing destructive hacking or detecting and defeating espionage, fighting cybercrime is a growth area for well-trained professionals. Sadly, as long as there are cyber targets, there will be cybercrime. Society depends on a new generation of cybersecurity superheroes to deter, detect and defeat it.
Short-term Demand: 74% of companies worry that a lack of cybersecurity talent will put their data at immediate risk, Forbes reports. The New York Times calls the current employment market a "mad dash" to find qualified information security professionals.
Long-term Outlook: The Bureau of Labor Statistics expects the demand for cybersecurity experts to remain strong for the next decade, at least.
An investment in education is an investment in your future. We have seen that one way to maximize your investment is to consider both immediate and longer-term career implications. Choosing which college to attend is just as important as choosing the right major. Just like your degree, you want to make sure your university is the right fit for you.
Technology changes fast. So, it is crucial to choose a university that is fully dedicated to preparing you for your future. Rigorous academic coursework and extensive hands-on skills building will provide a broad and deep foundation on which to build your technology career. Ask your potential college how often they update the technologies, software, and tools you will be using. You can’t learn the newest advancing technologies if you’re working with outdated equipment.
Life-long learning is important for any degree major but even more so for technology majors. Technology is exciting because it is constantly changing, and you need to be ready to change with it. Seek out a university that offer opportunities for continued learning after you graduate. Look for alumni programs and benefits that will help you advance in your career long after your graduation date.
Classes, studying, and working on course projects will make up the bulk of your college career, however, don’t forget to look outside the classroom for more to learn. Take advantage of social clubs, student events, and networking opportunities to build a group of like-minded friends and maybe even future colleagues or business partners.
College can be expensive so invest wisely. Speak with financial advisors to learn what programs and scholarships are available. Spend some time researching grants or private sources of aid. Consider the length of time you will be in college too. Most bachelor’s degrees require four-years of study however, if your university of choice offers accelerated programs or year-round study, then you may be able to graduate sooner. That means you can be earning a salary and moving up the company ladder while your peers are still in school paying for tuition, books and room and board.
Choosing a technology major should be fun and exciting and done with some planning for the future. Tech careers can be rewarding and long-lived with the right plan of action in place. That plan starts with choosing a technology major that aligns with your interests and goals for what you want to accomplish in your career. Selecting the right university will ensure that you get a solid academic foundation in your major of choice, build lasting relationships with like-minded people, and provide the tools and resources for life-long learning that will help you build and grow a great tech career.
UAT has led the way in cyber security since the late 90s, writing the rule books for cyber security education in Arizona.
Marking over 20 successful years since the inception of its elite Network Security degree program, UAT is proud to participate in Cyber Security Awareness Month, during the month of October, allowing our faculty of experts to share important information on cyber security with the public.
UAT recognizes the importance of training cyber security experts, in its students, alumni, faculty and in local members of the community.
We have compiled a few tips and anecdotes about our students below.
Want to know more about cyber security from UAT's experts?
UAT is hosting a Cyber Security Open House on Oct. 12, with industry experts, faculty and alumni to offer tips on how to stay safe online and talk about the importance of Cyber Security education to the public.
Learn more about protecting yourself online. Dive into what it's like working for the Cyber Security Industry. Celebrate Cyber Security Awareness month on October 12, with a full slate of activities, industry talks, and topics involving some of industry's top professionals. Don’t miss out on this incredible educational event!
What: UAT Cyber Security Open House
When: Thursday, Oct. 12, from 6:30-8:30 p.m.
Where: University of Advancing Technology: 2625 W. Baseline Rd. Tempe, AZ 85283
Why: To celebrate Cyber Security Awareness Month and educate the public on tips to stay safe online.
Event is Over
See you on Thursday night!
UAT held the 2nd Annual Cyber Security Open House on Thursday, Oct. 12, in conjunction with the national cause, Cyber Security Awareness Month.
UAT Cyber Security professors Wayne Kibbe and Mason Galatas teamed up to present a slideshow on the basics of cyber security and how to protect yourself the best you can from hackers.
Professor Wayne Kibbe said, “Cyber Security education is very important for several reasons. First, the demand for cyber security skills is rapidly growing and US Labor Department reports claim shortages for the foreseeable future. Second, as more and more devices connect to the internet, the chances of individuals getting hacked is increasing. A career in the field could be very rewarding by protecting not only individual consumers, but private businesses and government agencies as well.”
Curious about a career in tech?
Stop by the University of Advancing Technology during our open house event to learn how our exciting technology degrees will prepare you for a future-proof career in cybersecurity, computer science, artificial intelligence, robotics, business technology and more.
Busy with work? No problem. We use SyncFlex, a flexible learning model, which enables students to attend class in person, participate via livestream or watch a recording of class anytime.
Thursday June 27th
5:30pm - 7:30pm
University of Advancing Technology
2625 West Baseline Road
Tempe, AZ 85283
Here's the schedule:
Questions? Reach out to Erin: firstname.lastname@example.org. She is awesome!
This week, AZ Family News reported “Security cameras at Tempe hospital, Graham County detention center allegedly hacked in huge breach,” detailing a potential security breach at St. Luke’s Hospital in Tempe, AZ. The article cited startup Verkada Inc., which produced the security cameras for St. Luke’s, explaining how hackers are able to target and access these systems.
Aaron Jones, UAT Lead Cyber Instructor and leader in the local cyber community, commented on this story as well as how it is possible for hackers to infiltrate systems such as these.
“The hackers claimed to have accessed data and live feeds from 150,000 cameras used by Verkada clients, including big names like Tesla and software company Cloudflare. St. Luke's Hospital in www.azfamily.com.
Ubiquitous surveillance is a double-edged sword, and while cameras have been instrumental in solving crimes and locating missing person, their use can also be a severe blow to privacy. The current "attack" perpetrated by an alleged collective of individuals is another strong indicator that some basic security practices are not being followed.
Of note is mention that administrator access was gained through the use of credentials found on the internet. This is a strong indicator that two-factor authentication was not in place and therefore, someone’s admin account, once breached, was the only piece of protection between the outside world and their most private files.
It also would be indicative that if true that only a single set of credentials were used, that it is possible, that the admin was reusing credentials in multiple places. Another thing we certainly would not want to do.
Companies who have had their data accessed are still victims, even if a third party was the ultimate culprit. We have seen this targeting of third-party providers in many breaches, such as the famous Target breach, and it is a concern that we should always keep in the back of our minds. We can do much to secure our own systems, but what are our partners doing to secure theirs?
We should expect that any piece of infrastructure left online could be of interest to someone with ill intent. Cameras are a very easy target and due to their very nature, will often contain plenty of entertaining or interesting data. I believe this "breach" is an excellent reminder of how important it is to follow basic security practices, such as not reusing credentials, implementing two factor authentication, and working with your vendors to verify that they are following industry standard practices in cyber security.”
More about Aaron:Aaron Jones, the lead Cyber Instructor at the University of Advancing Technology, is a softwaredeveloper who currently creates applications for law enforcement. He is also an AZ POST certified General Instructor as well as a public speaker. He earned a B.Sc., in Computer Information Systems from Park University in 2013 and an M.A., in Intelligence Analysis with a focus in Cyber Security in 2014. He has been the recipient of recognition from the El Paso Police Department, State of Texas, Texas Military Forces, Chandler Police Department, and others.
Interested in studying cyber security?
Sponsored by the U.S. National Security Agency and Homeland Security Department, University of Advancing Technology’s ethical hacking degree is highly regarded by industry and government entities. UAT’s Network Security Bachelor of Science degree prepares students to take on the ever-evolving world of information security. Network security students will receive hands-on technical training and learn best of class software and network programming and essential network security analysis.
VMware vCenter servers have been hit in a new attack which left them exposed and vulnerable by the hackers which allowed them to take over any unpatched machine and take over companies' entire networks. Mind you this is about 6,700 servers that are at risk.
A security firm for threat intelligence, Bad Packets is currently scanning all potential at-risk devices to report. This vulnerability targets a plugin in VMware vCenter, it's called vSphere Client (HTML5). These servers are vital to an enterprise that uses VMware as this server is a utility to manage VMware products installed on local machines.
This vulnerability was reported last year by a security firm Positive Technologies which discovered that an attacker could target the plugin's HTTPS interface and use malicious code to elevate privileges without the need to authenticate. Due to how vital this server is in managing other VMware products it was classified as highly critical and was reported to VMware.
It was hush-hush due to how many corporations use vCenter, so they took the time to test and make sure a patch can patch the bug. But a Chinese researcher decided to post the proof-of-concept about this vulnerability labeled as CVE-2021-21972, with this posted it denied companies any time to apply the patch.
Which resulted in a free for all for people to find any vCenter system that is still vulnerable and left online as hackers from different crews stepping over each other to get into these vulnerable systems. Then on top of that the exploit for the vulnerability was a one line cURL request.
In a Shodan query more than 6,700 VMware vCenter servers are still connected to the server and will be vulnerable till a admin patches it. VMware has taken this pretty seriously as this vulnerability has scored a 9.8 out of 10 and is trying to get customers to get their systems patched.
Ransomware gangs like Darkside and RansomExx been going after VMware systems and showed that gaining access to these systems are worth it for how much they can get an enterprise to pay up the ransom. A plus is Positive Technologies published a in-depth technical report on the bug which will allow Blue Teams to better defend their networks.
Should you equip your website with an SSL Certificate?
And here’s why…
An SSL certificate is a file that creates a connection between a website and a cryptographic key. When you use SSL to secure your website, you are working to guarantee that the transfer of data between the server and the user is safe from prying eyes or tampering. This guarantee of security enhances the trust relationship between your site and the customers who are visiting, inspires confidence that can often convert into sales, and increases the page ranking that companies like Google or Microsoft provide when you show up in their search results.
A website that does not employ an SSL certificate will be branded with a warning to the user that the site is insecure and potentially dangerous. As we move forward, insecure connections will continue to be phased out and some browser developers have indicated that you will soon need to edit your browser configuration to even allow insecure communication between user and server at a not far off date.
Google began providing a "very lightweight signal" in their ranking algorithm for SSL/HTTPS back in 2014. This small ranking benefit has gradually increased as they have decided that SSL/HTTPS is increasingly important in our modern economy.
Obtaining an SSL certificate can be free if you use Let's Encrypt, an opensource certificate authority that provides TLS/SSL certificates to over 240 million websites. Major sponsors of Let's Encrypt include Mozilla, Cisco, EFF, and the Chrome project as well as many others. Using a simple application, you can quickly stand up all of the infrastructure you need to rapidly deploy HTTPS support on your website.
If you are wondering if you should use or deploy HTTPS support on your site, the absolute answer is, yes. It is inexpensive and easy to deploy, provides a heap of benefits, and enhances your users experience and security. There are no reasons not to use SSL or to provide a secure connection to your website.
Interested in cyber security? UATs offer a variety of degree choices, from associate to master degree options. Review the programs available at https://www.uat.edu/cyber-security-degrees, and contact email@example.com to get started!
The top information security trends of 2021 will be industrial control systems in relation to critical infrastructure and supply chain security. We know that India suffered a targeted cyber attack of their Kudankulam Nuclear Power Plan in 2019 and Pakistan suffered a Netwalker ransomware attack on their power supplier K-Electric. The famous Solar Winds attack is a good representation of failed supply chain security.
Increased tensions globally will continue to fan the flames of cyber warfare. It can be very difficult to directly target a government or military entity and such attacks provide a tremendous risk of retaliation. The best alternative is to simply feign ignorance and blame criminal actors while using tools such as ransomware to disrupt the electrical grid or to destroy manufacturing capabilities of your target.
I do not have a crystal ball and I cannot see into the future, but I can infer from previous attacks that have been found to be successful that we will see attackers continue to target the supply chain of manufacturers as well as software developers and critical infrastructure. These attacks work and they get results and that is the most important aspect of conducting an attack. Any individual who may be concerned about cyber attacks can enhance their security by employing two tools. The first tool is a Network Intrusion Detection System. Snort is a good choice. This allows you to monitor your network for abnormal activity but does require some level of technical acumen and you must also figure out what an appropriate baseline looks like.
The second set of tools you can use are known as Source Code Analysis tools. There are many different tools designed for source code analysis and it will require that you know what languages you are using to find the right one. Individuals who do web development using PHP might be well served by the tool phpstan. Regardless of the tool you choose, the concepts are the same. You want a tool that will assist you in verifying the integrity and quality of your code while also looking for common mistakes.
Interested in cyber security? UATs offer a variety of degree choices, from associate to master degree options. Review the programs available at https://www.uat.edu/cyber-security-degrees, and contact firstname.lastname@example.org to get started!
The FBI, CISA, ODNI, and the NSA released a statement stating that Russia has orchestrated the SolarWinds attack. It was believed that the hackers were working with a foreign government, but the security agencies have pointed the blame to Russia.
The background to this attack is due to the software provider SolarWinds was breached and a malware-laced update was deployed on Orion software. Which infected networks across US companies and government entities. Which US Security firm FireEye reported on as many other outlets reported this massive attack.
FireEye's own network was even breached as the SolarWinds supply chain attack allowed the hackers to get into their network which around 10 US governmententitieswere breached and around 18,000 Orion customers as well.
The SolarWinds supply chain attack is also how hackers gained access to FireEye's own network, which the company disclosed earlier this week.
The Washington Post cited sources claiming that multiple other government agencies were also impacted.
Reuters reported that the incident was considered so serious that it led to a rare meeting of the US National Security Council at the White House.
Sources speaking with the Washington Post linked the intrusion to APT29, a codename used by the cyber-security industry to describe hackers associated with the Russian Foreign Intelligence Service (SVR).
FireEye didn't confirm the APT29 attribution and gave the group a neutral codename of UNC2452, although several sources in the cyber-security community with government entities confirming the APT29 attribution, done by the US government, is most likely correct, based on current evidence.
In security alerts sent to its customers in private on Sunday, Microsoft also confirmed the SolarWinds compromise and provided countermeasures to customers that may have been affected.
"The campaign is widespread, affecting public and private organizations around the world," FireEye said.
"The victims have included government, consulting, technology, telecom, and extractive entities in North America, Europe, Asia, and the Middle East. We anticipate there are additional victims in other countries and verticals," FireEye added.
This malware being tied to Russia is a big security concern across the US and its allied countries as it has breach public, private, and government entities across the board. It's gonna be tense to see how this plays out.
Seems like WordPress can't catch a break. Another zero-day vulnerability in a plugin for WordPress which has been installed in more than 500,000 sites. In this particular vulnerability, it allows hackers to reset passwords for admin accounts.
This vulnerability was used for weeks on end and thankfully was patched Monday. It was able to impact Easy WP SMTP which is a plugin to let site owners to configure SMTP settings for outgoing emails. A company called Ninja Technologies Network or NinTechNet for short. They state that Easy WP SMTP 1.4.2 and older versions have a feature that creates debug logs for all emails and is stored in the installation folder.
"The plugin's folder doesn't have any index.html file, hence, on servers that have directory listing enabled, hackers can find and view the log," said NinTechNet's Jerome Bruandet. He also says that sites still running on these outdated versions the hackers have been able to automate the attacks to identify the admin account and do a password reset.
Since a password reset involves sending an email with the password reset link to the account, that very email is displayed in the Easy WP SMTP debug log. So, the attacker can grab the reset link and take over the account.
"This vulnerability is currently exploited, make sure to update as soon as possible to the latest version," Bruandet warned earlier this week on Monday.
Now there is Easy WP SMTP 1.4.4 which the developers found a workaround for the vulnerability by moving the debug logs into the WordPress logs folder. This is now the second vulnerability as the first one was found back in March of 2019 with the same plugin.
That vulnerability allowed backdoors on accounts. While it's an unfortunate situation this time with WordPress 5.5 where it has an auto-update feature, so an admin doesn't need to update it manually. But the question is if those sites are updated and have the auto-update feature enabled.
Hopefully a good admin who checks and updates regularly enable the auto-update to avoid this plugin mess.
Microsoft disclosed a vulnerability known as Bluekeep almost a year and a half ago. This exploit ties in with Windows RDP service as more than 200k Windows systems remain unpatched and still eligible to be hit by this exploit.
Back in May of 2019, it was first discovered which led to a scan that detected nearly a million systems were vulnerable to this BlueKeep attack. Which from then and now is a good number drop but still, that's a lot of machines that are still left without any protection.
This vulnerability allows attackers to take over Windows machines remotely since it's using RDP (Remote Desktop Protocol) which Microsoft believes this has been the most severe bug they had disclosed in recent years.
Yet with such a severe exploit, many systems have yet to be patched as a SANS ISC handler Jan Kopriva reported. He states that BlueKeep is not the only major remote exploitable vulnerability. As there are many more with a strong influence exposing these systems to attacks.
Apparently, Jan Kopriva says there are still millions of internet-accessible systems out there that admins have yet to patch and it leaves these systems vulnerable to remote hacks. Such systems are IIS servers, Exim email agents, OpenSSL clients, and of course WordPress sites.
Kopriva doesn't know why these systems have been left unpatched has even warnings from government and business cybersecurity firms have fallen on deaf ears. Such as two warnings from the US NSA (National Security Agency) which one was back in May and another in October. The October warning was about BlueKeep being used by Chinese state-backed hackers.
Sadly, what will happen to a lot of these systems is that they will be unpatched for years as Jan Kopriva expresses "even very well-known vulnerabilities are sometimes left unpatched for years on end...Given how dangerous and well known BlueKeep is, it rather begs the question of how many other, less well-known critical vulnerabilities are still left unpatched on a similar number of systems," (Kopriva, 2020)
It seems to be a questionable decision to not patch and update your systems but even now there are still companies and organizations running off of Windows xp and vista which have exploits and vulnerabilities that are unpatchable.
1. Use strong passwords on all of your accounts. Never reuse passwords.
2. Buy from reputable retailers and be cautious who is supplying your goods.
3. Use a tool like Eno from Capital One to obfuscate your credit card number.
4. Never use a debit card to make purchases.
5. Always use SSL. This is usually represented by a lock in the left-hand corner of the browser.
6. Do not fall for scams. Be cautious of ‘too good to be true’ deals and limited-time offers.
7. Just because something is "for sale" doesn't mean you are getting the best deal. Retailers often hike the price for weeks before dropping it to normal levels just before the holidays.
8. Keep receipts and pay attention to your credit card bills. Look for odd charges and be ready to dispute.
9. Watch out for technical support scams or offers to help you with shopping during the holiday season.
10. Don't tell people what you bought or post about expensive purchases on social media.
Be safe, and happy hunting! (Make sure to share any great deals...)
Aaron Jones, the lead Cyber Instructor at the University of Advancing Technology, is a software developer who currently creates applications for law enforcement. He is also an AZ POST certified General Instructor as well as a public speaker. He earned a B.Sc., in Computer Information Systems from Park University in 2013 and an M.A., in Intelligence Analysis with a focus in Cyber Security in 2014. He has been the recipient of recognition from the El Paso Police Department, State of Texas, Texas Military Forces, Chandler Police Department, and others.
Vertafore a company that provides insurance software services has disclosed a data breach in which a third-party got into the details of over 27.7 million Texas drivers. They believe the incident took place from March to August due to a human error where three data files were stored in an unsecured external storage service.
It is reported that the files were then removed from the storage it was contained in. Later on, in the investigation, it was discovered that someone else has accessed it without authorization. The data inside the three files contained info on driver's licenses issued before February of 2019 which was for its software solution. This data has Texas driver license numbers, names, DOB (Date of Birth), addresses, and vehicle registration histories.
Thankfully, it did not include any SSN (Social Security Numbers) or any financial account information. It appeared that the files were used for a rating system of the insurance software.
The insurance software company did notify the Texas Attorney General, Department of Public Safety, Department of Motor Vehicles, and Federal Law Enforcement. They are also beginning to notify those who had their information breached.
They did work with a security firm to see if the breach was due to abuse or misused but did not find any evidence of malicious intent.
"Although that firm did not find any evidence, to be considerate of all Texas driver license recipients and out of an abundance of caution, Vertafore is offering them one year of free credit monitoring and identity restoration services in recognition that these services offer valuable protection in other contexts beyond this event," (Vertafore, 2020)
Back in September, there was also an incident in Australia, New South Wales where the cloud storage folder which was hosted by Amazon Web Services that contained data of drivers. Of course, it contained information about their licenses and photos. The folder was apparently not properly secured.
They also had a phishing attack earlier this year which did compromise them as well. Though it seems lately government entities are having trouble with DLs (Driver Licenses) being leaked. Hopefully it won't become a more widespread trend.
Something shocking and bizarre to the Cyber Security community has occurred. Russia has arrested a malware author, to give some context to this. Russia is normally very soft with hackers and rarely takes action against them.
The Russian Ministry of Internal Affairs states the suspect is a 20-year-old from the region of North Ossetia-Alania. They have been onto him since 2017 as they suspected he made several malware strains which later infected around 2,100 computers in Russia. The suspect also had help while operating his malware. It is believed he had six other accomplices to help distribute the malware which helped the group to earn about 4.3 million rubles which are around $55,000 USD.
Though Russian authorities haven't given too much info on the suspect other security researchers have. A malware analyst from CSIS Security Group, Benoit Ancel has twitted that they and other security groups have been tracking the suspect under the nickname of "1ms0rry."
Benoit Ancel back in 2018 worked with a team to see what 1ms0rry was capable of and their loadout:
1ms0rry-Miner: A trojan when installed on a system, starts covertly mining cryptocurrency for its author.
N0f1l3: Info-stealer trojan that can extract and steal data from infected computers. Capabilities steal browser passwords, cryptocurrency wallet configuration files, Filezilla FTP credentials, and specific files stored on a user's desktop a real nasty trojan.
LoaderBot: A trojan that can be used to infect victims in a first stage and then deploy other malware on-demand during a second stage which has gained a foothold on the infected system.
Benoit Ancel said 1ms0rry sold his malware strains on Russian-speaking hacker forums and that some of his creations were also eventually used to create even more powerful malware strains, such as Bumblebee (based on the 1ms0rry-Miner), FelixHTTP (based on N0f1l3), and EnlightenedHTTP and the highly popular Evrial (which shared some code with 1ms0rry's creations).
The security team's work in 2018 also exposed 1ms0rry's identity. Being a talented young programmer from the city of Vladikavkaz, who at one point even received praise from local authorities for his involvement in the cyber-security field. Unfortunately, he messed up this time. Allowing his malware to target Russian citizens in which Russia does not accept.
Russia has always ignored cybercrime as long these cybercriminals do no target Russians and Russian businesses. Even when US authorities have tried numerous times to get the Russian government to act.
Today, all major Russian-speaking hacking forums and black-market sites make it very clear in their rules that members are forbidden from attacking users in the former Soviet space, knowing that by not attacking Russian citizens, they will be left alone to operate undisturbed. Which is a safe haven for them, hence why many malware strains have been coded to avoid affecting Russian users. Yet 1ms0rry is now seeing as to why these rules are in place.
In a shocking display of poor management over 100 smart irrigation systems were left exposed online without any security or even a password. Which allowed anyone to access and mess with any of the water irrigation which was used for crops, trees, cities, and any building complex.
This clear example of what not to do was discovered by a security firm in Israel, Security Joes.
These systems were running off of ICC PRO designed by Motorola for agricultural use and as well landscape. Security Joes co-founder Ido Naor reported that these companies and city officials had these installed but left them on factory settings which don't have a password for the default account.
Anyone attacking the systems could have identified them with IoT (Internet of Things) search engines like Shodan. Once they did locate the ICC PRO system, they would just have to type the default username for the system, and boom they are in.
They'll have access to pause or stop the water, change settings, water quantity, water pressure, and even lock the systems by deleting the user. Honestly this sounds more like a prank to do in the park in the middle of summer. Yet it could be more dangerous as Israel is in the middle of the desert.
Security did identify that with the 100 ICC PRO systems almost half of which were located in Israel while the rest were in other places around the globe. Ido Naor notified the CERT in Israel which then contacted the companies who own these systems, Motorola, and shared the information with other CERT teams in other countries.
Thankfully Motorola sent an announcement to customers about the dangers of leaving systems on default without a password. Security Joes has stated that the number of exposed systems has gone down to about 78 as companies begin to securing their ICC PROs.
Back in April Israel did have attacks targeting water management systems to alter water systems in order to create water shortages in certain areas by emptying water reserves and causing outright civil unrest. To combat this the INCD Israel's cybersecurity agency has sent out nationwide alerts to have passwords changed for web-based management systems.
Joker Trojan Recently a Malware by the name of Joker has surfaced to our eyes. This malware is specifically a trojan that not to long ago began targeting specifically android devices to steal SMS messages, contact lists and device information. The cybersecurity researchers at CSIS has affirmed that the Joker is one of the new types of malwares that is mainly targeting and putting android devices in danger. Not only will it steal information in also signs the victim up silently for premium wireless application WAP services. All possible plots divide into three separate ranges. Direct download, One-stage download, and Two-stage download. Direct download For this situation, the last payload is being conveyed through an immediate URL that is gotten from the command and control (C&C) worker. In this situation, the contaminated Google Play store application has the C&C address put away in the code itself with chain obfuscation. Subsequent to introducing it, the tainted application speaks with the C&C worker, and afterward it responds with the URL of a last payload. One-stage download Experts in this phase have observed that in order to recover the final payload, the infected Google Play app utilizes a stager payload. “That’s why the infected Google Play store app has the stager payload URL, that is encoded in the code itself and encrypted utilizing the Advanced Encryption Standard (AES). However, the main job of this stager payload is to retrieve the final payload URL from the code and then download it.” Two-stage download For this situation, the tainted Google Play store applications have two-stage payload downloads to recoup the last payload. That is the reason the Google Play infected application downloads the stage one payload, which downloads the stage two payload, that in the long run stacks the end Joker payload. Once the execution of stage one payload Is over, it then proceeds to download the stage two payload, and that is why the stage two payload shows the same performance as stage one payload.