Cyberattacks is becoming a threatening concern in today’s society. Many of us should be aware of the constant cyberattack news spreading around the world with the rising tensions between Russia and Ukraine. Big technology companies such as Google, one of the most popular search engines around the world is making a big investment into the …
Category Archives: CPSC 329/602 W22
SEC votes to propose new rules for cybersecurity disclosure and incident reporting
What is SEC? The U.S. Protections and Exchange Commission (SEC) is an autonomous central government administrative organization answerable for safeguarding financial backers, keeping up with fair and methodical working of the protections showcases, and working with capital development. It was made by Congress in 1934 as the main government controller of the protection markets. The …
Linux “Dirty Pipe” Vulnerability Raises Concern Among Security Experts
While file permissions are extremely crucial to the security of Linux systems, a vulnerability has recently been discovered which allows users to bypass these permissions and escalate privileges. A vulnerability called CVE-2022-0847 (nicknamed “Dirty Pipe”) allows people to write to read-only files and fill them with arbitrary information. This can allow someone to completely takeover …
Continue reading “Linux “Dirty Pipe” Vulnerability Raises Concern Among Security Experts”
Impersonation of Government Officials
On the week of March 10, 2022; the FBI issued a warning to the public about the rising amount of malicious phishing scams. Phishing scams are scams where the scammer impersonates someone else, in this case a government official or agency with the aim of getting the victims personal information. Personal information can be used …
The “MuddyWater” May Have Cleared Up Just a Bit
As of late, it seems as though the frequency and prominence of cyber attacks has seen a rise globally. Now in an everchanging and technologically advancing civilization, this should come as no surprise. With that said however, it is still important to be made self-aware of the potential dangers and threats that exist, which leads …
Continue reading “The “MuddyWater” May Have Cleared Up Just a Bit”
Russian government sites hacked in supply chain attack
According to the Russian government, unknown attackers hacked the stats widget used by various government institutions to count the number of visits on Tuesday, March 9th, 2022, compromising the websites of some of Russia’s federal agencies. The attackers uploaded their own content and barred access to the websites, which was detected Tuesday evening. What is …
Continue reading “Russian government sites hacked in supply chain attack”
Ukrainian Hacker Yaroslav Vasinskyi Extradited to the United States
On March 3, 2022 Ukrainian hacker and REvil member Yaroslav Vasinskyi was extradited to the United States, and will be facing trial in Texas for his role in ransomware attacks against American companies. A statement by the U. S. Department of Justice (DOJ) reads: “Vasinskyi is charged with conspiracy to commit fraud and related activity …
Continue reading “Ukrainian Hacker Yaroslav Vasinskyi Extradited to the United States”
The Quantum Threat to Cyber Security
Innovative modern technologies over the last few decades have not only made our lives easier, but also increased the potential for threats. In 1975, renowned engineer and businessman Gordon E. Moore predicted that the computational power would double every 2 years over the foreseeable future, which had later been termed as the “Moore’s Law”. It …
Conti Ransomware gang hit with data leak
Conti, a well-known ransomware organization, declared support for Russia when it attacked Ukraine on February 25. It turned out to be a terrible idea: a vast collection of the gang’s secrets was disclosed just days later. The data includes information on hacking activities, the gang’s Bitcoin wallets, and speculation on the future of cryptocurrency as …
Firefox Plugs Holes In Their Sandbox
On Tuesday of this week, Mozilla released a patch for Firefox that removed a pair of use-after-free bugs from the browsing software. These zero-day bugs allowed attackers to abuse thread shutdowns and text reflows to escape from the security sandbox and possibly launch RCE attacks on victims. There was also another bug that was patched …