Tag Archive for: hacking

Mother’s claims tossed in hacking case suit against school district


Seven years after a Sachem North High School student pleaded guilty to a charge of hacking school computers, a federal judge in Central Islip has dismissed claims by his mother that the district had forced her son to do computer security work for years without pay. 

Former student Matthew Calicchio and parents Sandra and Michael Calicchio had argued in a 2014 federal lawsuit that Matthew Calicchio, then 17, was forced into what amounted to involuntary servitude by district officials, including then-Principal John Dolan and assistant Principal Andrew Larson. According to a revised 2015 complaint, between 2010 and 2013, Matthew Calicchio repeatedly was taken out of class and lunch to do the work, warned not to tell his parents and told the FBI would raid his house if he did not comply. The complaint asked for damages in excess of $75,000. Sandra Calicchio lives in Chester, Massachusetts, according to court records.

Lawyers for the district and its officials said in filings that the claims were false, and in March a federal magistrate recommended dismissal because Sandra Calicchio, who represented herself, had skipped multiple court-ordered conferences. Judge Denis Hurley agreed and on April 5 ordered the dismissal. He also ordered Matthew Calicchio and Michael Calicchio to discontinue the suit or file a status report within two weeks.

Scott Lockwood, the lawyer representing the father and the son, did not respond to a request for comment. Lawyers for the school district did not respond. Dolan and Larson, now principal at the high school, did not respond. The Calicchios could not be reached. 

Mathew Calicchio was expelled from Sachem schools in 2013, earning a GED that year from Suffolk County Community College. When Suffolk police arrested him, authorities said he had accessed student records, including Social Security numbers and confidential medical information, then posted some of the information online in community forums. 

In November 2014, he pleaded guilty to computer trespass, a felony. After a year of probation, the court vacated that plea and he pleaded guilty to a misdemeanor. 

The Calicchios’ lawsuit alleged district officials had Matthew…

Source…

Malawi Police accused of hacking Platform for Investigative Journalism website – Malawi 24


Media body MISA Malawi says it cannot rule out the involvement of State agents in the hacking of Platform for Investigative Journalism (PIJ) website, which happened days after the Malawi Police Service (MPS) detained PIJ Managing Director Gregory Gondwe and held on to his computer and phone for a night.

Malawi Police Service has since hit back at MISA Malawi over the allegations.

The hacking of the website investigativeplatform-mw.org was noted on Thursday, April 14, 2022 and the site remained inaccessible for many hours on Friday. However, the site is now back online but PIJ said it was still working on fully recovering it

The incident happened nine days after officers from the Malawi Police Gondwe and confiscated his equipment, which raised serious privacy concerns.

In a statement on Friday, MISA Malawi Chairperson Teresa Temweka Ndanga said the hacking incident vindicates such fears.

“We believe the hacking incident is not a mere coincidence. MISA Malawi believes the hacking is intentional and we cannot rule out the involvement of State agents considering the circumstances.

“We are concerned that the police officers who must be in the forefront to combat Cybersecurity risks of Malawians and others in the country were directly involved in actions that qualify them as prime suspects in this Cyber-attack,” said Ndanga.

She added that the hacking is a direct attack on media freedom, right to access information and a criminal offence under the Electronic Transactions and Cyber Security Act of 2016.

She also noted that the Electronic Transactions and Cyber Security Act of 2016 prohibits hacking, cracking and introduction of viruses and any person who commits such offences is liable to a fine and to imprisonment for seven years.

Ndanga then demanded the State to investigate and prosecute anybody who violated section 21 of the Constitution of Malawi by violating Gondwe’s privacy, saying the same people are now prime suspects in this hacking incident.

“We wish to remind government that these continued attacks on journalists are tarnishing the country’s image on press freedom, a fundamental component in a democratic…

Source…

Best Ethical Hacking Tools & Software 2022


Hackers are sometimes used as consultants to help companies improve their digital security. Referred to as ethical hackers, they use hacking software to test your systems to see if they’re vulnerable before an attacker does it for you. 

What is Ethical Hacking?

Hacking is the use of any tools or technology to obtain unauthorized access to or circumvent security measures of a computer system or network. 

An ethical hacker is an independent security tester who checks computer systems, networks, and programs, looking for potential vulnerabilities that an attacker could exploit. Ethical hackers use the same tools and techniques as malicious hackers; however, they do it to improve system security and uphold privacy policies and standards instead of causing damage or stealing information. Examples include penetration testing and vulnerability scanning. 

Companies often hire ethical hackers to perform penetration tests in order to find vulnerabilities that cybercriminals could exploit in an attack. These are also known as black-box tests because they involve using automated tools without knowing how systems are configured or what vulnerabilities may exist. The goal is to simulate real-world attacks so that companies can identify and fix weaknesses before cybercriminals exploit them.

Also read: Best Vulnerability Management Tools 2022

What are Hacking Tools?

In computer security, a hacking tool is designed to help hackers gain unauthorized access to information. The term usually refers to general-purpose tools used in many types of attacks rather than custom-made exploits for specific systems. Most hacking tools are either open source or freeware/shareware, making them easily accessible for anyone who wishes to use them for malicious purposes.

Security professionals use ethical hacking tools to assess vulnerabilities in computer systems to improve their security. These tools include packet sniffers for intercepting network traffic, password crackers for discovering passwords, and port scanners for identifying open ports on computers. 

The field of network administration has grown from simple monitoring of networks to actively managing them through…

Source…

Critical vulnerability in popular WordPress plugin exposes millions of sites to hacking


A critical vulnerability in a highly popular WordPress plugin has exposed millions of websites to hacking.

Discovered by researchers at Plugin Vulnerabilities and detailed April 12, the vulnerability was found in Elementor, a WordPress plugin that allows users to build websites with more than 5 million active installations. The vulnerability was found in version 3.6.0 of the plugin, introduced on March 22, with about a third of the sites using Elemantor to run the vulnerable version when the vulnerability was found.

The vulnerability is caused by an absence of a critical access check in one of the plugin’s files, which is loaded on every request, even if users are not logged in. Because the check does not occur, access to the file and hence the plugin is open to all and sundry, including bad actors.

Exploiting the vulnerability opens the door for anyone to make changes to the site, including uploading arbitrary files. As a result, hackers could exploit the vulnerability for remote code execution and takeover of a site running the plugin. “Based on just what we saw in our very limited checking, we would recommend not using this plugin until it has had a thorough security review and all issues are addressed,” the researchers noted.

The vulnerability has since been addressed in the latest update to Elementor version 3.6.3. Naturally, anyone running a WordPress install with Elementor  3.6.0 to 3.6.2 is encouraged to update to the latest version to address the critical vulnerability.

“WordPress powers as much as a third of all websites on the Internet, including some of the most highly trafficked sites and a large percentage of e-commerce sites, so why aren’t they better equipped to protect against attack?”  Pravin Madhani, co-founder and chief executive of application security platform provider K2 Cyber Security Inc., told SiliconANGLE. “In particular, RCE is one of the most dangerous flaws because it gives the attacker the ability to run almost any code on the hacked site.”

Madhani explained that traditional application security tools like Web Application Firewalls have difficulty in dealing with RCE attacks because they rely on understanding a past RCE…

Source…