Tag Archive for: Part

Taking part in Facebook ’10 Year Challenge’ may make you vulnerable to hackers

/in


Thursday, January 13 2022
National Desk

If you’ve been on Facebook over the last few days, you’ve probably seen the ’10 Year Challenge’ pop up.

While it may seem harmless, taking part could make you vulnerable to hackers.

It’s called data mining, and many cyber security experts say it’s a sneaky way for hackers to take over your computer.

Many of those seemingly innocent quizzes you see on social media could be part of data mining.

The quizzes ask cutesy questions, such as what was the first car you owned? What was the name of your first pet? What was the first concert you went to?

These answers could be used in security questions when you establish accounts online.

Right now, the ’10 Year Challenge’ is circulating again on Facebook. It asks you to post a picture of yourself from 10 years ago and a picture from today.

It may seem harmless, but it’s not.

“Once you provide this information to the public – and that’s what you’re doing – there’s all kinds of things that you haven’t thought of yet and someone next year will think of an idea of how to use this data in some way you have not imagined,” said Dr. Terrill Frantz, with Harrisburg University.

Here’s the bottom line: Any personal information or pictures you put on social media could be used by a hacker to gain access to your accounts.

Think twice before posting.

Article is invalid or is no longer published.

Source…

UTSA researcher part of team protecting EV charging stations from cyberattacks | UTSA Today | UTSA

/in


Bou-Harb and his fellow researchers wanted to explore the real-life implications of cyberattacks against EV charging systems and how to utilize cybersecurity countermeasures to mitigate them. His team also assessed how exploited systems can attack critical infrastructure such as the power grid.

“Electrical vehicles are the norm nowadays. However, their management stations are susceptible to security exploitations,” said Bou-Harb, who is an associate professor in the Carlos Alvarez College of Business’ Department of Information Systems and Cyber Security. “In this work, we endeavored to uncover their related security weaknesses and understand their consequences on electrical vehicles and the smart grid while providing recommendations and sharing our findings with relevant industry for proactive security remediation.”

The team identified 16 electrical vehicle charging managing systems, which they divided into separate categories such as firmware, mobile, and web apps. They performed an in-depth security analysis on each one.

“We devised a system lookup and collection approach to identify a large number of electrical vehicle charging systems, then leveraged reverse engineering and white-/black-box web application penetration testing techniques to perform a thorough vulnerability analysis,” Bou-Harb said.

The team discovered a range of vulnerabilities amongst the 16 systems and highlighted the 13 most severe vulnerabilities such as missing authentication and cross-site scripting. By exploiting these vulnerabilities, attackers can cause several issues, including manipulating the firmware or disguising themselves as actual users and accessing user data.

According to a recent white paper study by the researchers, “while it is possible to conduct different attacks on various entities within the electrical vehicle ecosystem, in this work, we focus on investigating large-scale attacks that have severe impact on the compromised charging station, its user and the connected power grid.”

During this project, the team developed several security measures, guidelines and best practices for developers to mitigate cyberattacks. They…

Source…

Malicious Life Podcast: Inside Operation Flyhook Part 2

/in


Malicious Life Podcast: Inside Operation Flyhook Part 1 Transcript

Do you ever wonder how different you’d be today if you grew up under a different set of circumstances?

Like, I can imagine, maybe, that I wasn’t born in Israel. So I might not have joined the Navy, which became so integral to the skill set I developed and the kind of man I am today. And, you know, I’m obsessed with history, but maybe I wouldn’t be so into it had I grown up in a less historically significant part of the world. I could’ve gone into a different line of work. Or what if, in another life, I grew up rich, and didn’t have to work at all? Then I could spend all my days doing what I really want to do…

INTRO TO ALEXEY
The year is 1999.

The internet is now in homes around the United States, and the world. Yahoo, Ebay, Amazon–what were just startups a few years earlier are now the hottest companies in the world. Really, any half-baked company with a “.com” at the end is running rampant in the stock market, even if all they do is sell toys or pet food. Whole new industries are popping up, and millions of jobs along with them. Everybody wants in.

Alexey Ivanov is exactly the kind of person to benefit from the boom because, when it comes to coding, he’s little short of prolific. According to his CV, Alexey’s either good or proficient in HTML, Javascript, SQL, C, C++, Assembler, good or excellent with MS-DOS, Linux, Solaris, every version of Windows, with a comprehensive understanding of LAN, WAN, DNS, TCP/IP FTP, DNS, equally proficient with IBM, Sun Microsystems, HP and Cisco hardware. And that’s just a sampling from a much longer list–to read out his entire CV now would take too long.

The point here is that Alexey knew his stuff. He could’ve qualified for a job at any internet company in the world. But Alexey Ivanov was born into a different set of circumstances than you and I. He was a lot like us in other ways–bright, talented, technical–but, instead of being from America, or Germany, or Japan, Alexey was born in Russia. And not even Moscow, or St. Petersburg, but…

“[Ray] from a little place called Chelyabinsk which is kind of in the middle of nowhere in…

Source…

Hacking the World – Part 4: The Cost and Future of Hacking (Plus: Safety Tips)

/in


Each week in October, as part of Cybersecurity Awareness Month, we’ll publish an article packed with facts and stats, to give you an in-depth look at the state of cybersecurity in today’s world. We’ll start with the basics, then cover vulnerabilities, risks, costs – and much more.

We finish our four-part Hacking the World serie with two key questions: how much does hacking cost the world at large, and what’s coming up next? We’ll cover some of the biggest, costliest data breaches and then take a peek at what the future holds for hacking. To round out your read, we’ve also compiled a few basic cybersecurity tips, to help keep you cybersafe.

Before looking ahead, a reminder that we’ve covered the basics, what’s being hacked (with Covid updates), and the who and where of hacking. For a refresher of key hacking terms and definitions, read our helpful cybersecurity glossary from Part 1.

Jump to a section below, or read on:

The Cost of Hacking

The Future of Hacking

Safety Tips to Prevent Cyberattacks

The Bottom Line

The Cost of a Breach 

Data breaches cost time and money. Lots of it.

In addition to covering the immediate damages of a cyberattack, companies must pay out compensation and data protection fines, all while investing in cybersecurity systems. The downtime and consequently lost business of a breach add substantial costs too.

The Growing Cost of Cybercrime

The monetary damages of cybercrime are already sky-high and they’re only heading in one direction.

More and more, businesses are turning to digital solutions. Expect cyberattacks to advance in complexity and regularity as companies pursue fresh web-based systems and cybersecurity departments play catch-up.

Top 10 Costliest Breaches

It’s only right that we take a look at some of the most financially devastating breaches of all time. 

The costliest breach on this list is Equifax, though, when we dig into the numbers, data breach costs can be somewhat of a grey area.

Sometimes costs are not completely disclosed or are not entirely calculable. Experts predicted that Epilson’s data breach could reach a whopping $4 billion, for example, while the Marriott breach may have cost closer to $1 billion…

Source…