SC Magazine Discussion by Dr MJ Frederick

SC Magazine Discussion by Dr MJ Frederick https://padlet.com/mj_frederick/vy7vtoby3wcd OS Security en-us 2017-09-30 20:51:46 UTC 2018-11-14 03:50:36 UTC hello@padlet.com Group 4 https://padlet.com/mj_frederick/vy7vtoby3wcd/wish/303414809
Here is an article We found concerning an exploit for Windows Defender, thankfully it was fixed.

A file would be downloaded and then the vulnerability would be exploited only when Defender scanned the file.

]]> 2018-11-12 18:37:23 UTC https://padlet.com/mj_frederick/vy7vtoby3wcd/wish/303414809 Group 6 https://padlet.com/mj_frederick/vy7vtoby3wcd/wish/303909549 The GLA's Met police have recently upgraded 8,000 of their computers from an outdated operating system, Windows XP that no longer received updates, to one of Window's latest operating system, 8.1 leaving nearly 30,000 computers still using the outdated XP operating system. One of the 6 main hardening categories is to "apply updates" that applies to software and hardware. The Met police were and still are largely susceptible to attacks do to the fact they haven't updated all of their operating systems. Upgrading their network security could beef up their defenses to ensure that all of their data cant be breached from a remote device with access to their network.

]]> 2018-11-13 17:46:04 UTC https://padlet.com/mj_frederick/vy7vtoby3wcd/wish/303909549 Group 7 https://padlet.com/mj_frederick/vy7vtoby3wcd/wish/304023113 MacOS security reputation challenged by new ransomware-as-a-service

This article is about how recently more malware has been targeting MacOS as its market share increases, the benefits of targeting them increases, in this case .25BTC(Bitcoin) to recover files encrypted by this ransomware. With this I think the ideas of MacOS being more secure is going away, as the article says all OS's are imperfect and have vulnerabilities, and we as users need to do a better job of securing our private data.

https://www.scmagazine.com/home/security-news/ransomware/macos-security-reputation-challenged-by-new-ransomware-as-a-service/

]]> 2018-11-13 20:34:48 UTC https://padlet.com/mj_frederick/vy7vtoby3wcd/wish/304023113 Group 5 https://padlet.com/mj_frederick/vy7vtoby3wcd/wish/304064187 The recent patch for iOS 12.1 allows attackers to see all contact information of other people by using the group facetime feature, including all the contacts in the other user's phone book.]]> 2018-11-13 22:37:34 UTC https://padlet.com/mj_frederick/vy7vtoby3wcd/wish/304064187 Group mark_deel https://padlet.com/mj_frederick/vy7vtoby3wcd/wish/304090095 This article shows how overlooking something very basic in your OS can lead to potentially catastrophic consequences.

]]> 2018-11-14 00:52:21 UTC https://padlet.com/mj_frederick/vy7vtoby3wcd/wish/304090095 Group 8 https://padlet.com/mj_frederick/vy7vtoby3wcd/wish/304122194 This article shows how overlooking something very basic in your OS can lead to potentially catastrophic consequences.]]> 2018-11-14 03:46:55 UTC https://padlet.com/mj_frederick/vy7vtoby3wcd/wish/304122194 Group 3 https://padlet.com/mj_frederick/vy7vtoby3wcd/wish/304122572 The Linux Mint ISO on the distro's website was altered to include an IRC backdoor known as Tsunami, which gives the hacker shell access on infected systems. The hack could have been caught by a well-defined web application layer inspection rule set and profile, and users who downloaded the infected ISO image could have checked the MD5 hash and found it was compromised as well. The forum database was stolen as well and contained username and passwords for members. The hacker claims to have just been poking around and happened to find a way into the server, and that this was not a targeted attack.
Further research into this story the site was hacked through its outdated WordPress installation. If the network admins practiced a better hardening plan and updated their services this attack would have easily been prevented.
This technology lacked the essential hardening tools that it needed to protect it's defenses. Had there been the principle of least privilege set up, this user would not have been able to stumble on access to the backdoor. This system is highly capable of having a Host Intrusion Detections System embedded into it, as well as exploit frameworks to make sure the system was working properly and to prevent exploits that could have risked the security of several users and the creators of the OS itself.]]> 2018-11-14 03:49:18 UTC https://padlet.com/mj_frederick/vy7vtoby3wcd/wish/304122572