UAT Student Blog

Vertafore a company that provides insurance software services has disclosed a data breach in which a third-party got into the details of over 27.7 million Texas drivers. They believe the incident took place from March to August due to a human error where three data files were stored in an unsecured external storage service.

Something shocking and bizarre to the Cyber Security community has occurred. Russia has arrested a malware author, to give some context to this. Russia is normally very soft with hackers and rarely takes action against them.

Cross-site scripting (XSS) has taken the cake in 2020 for being the most impactful vulnerability and thus the one reaping the highest rewards for ethical hackers this year for the second year in a row. This is all according to a list of Top 10 Vulnerabilities released on Thursday by HackerOne.

In a shocking display of poor management over 100 smart irrigation systems were left exposed online without any security or even a password. Which allowed anyone to access and mess with any of the water irrigation which was used for crops, trees, cities, and any building complex.

Joker Trojan Recently a Malware by the name of Joker has surfaced to our eyes. This malware is specifically a trojan that not to long ago began targeting specifically android devices to steal SMS messages, contact lists and device information. The cybersecurity researchers at CSIS has affirmed that the Joker is one of the new types of malwares that is mainly targeting and putting android devices in danger.  Not only will it steal information in also signs the victim up silently for premium wireless application WAP services. All possible plots divide into three separate ranges. Direct download, One-stage download, and Two-stage download. Direct download For this situation, the last payload is being conveyed through an immediate URL that is gotten from the command and control (C&C) worker. In this situation, the contaminated Google Play store application has the C&C address put away in the code itself with chain obfuscation. Subsequent to introducing it, the tainted application speaks with the C&C worker, and afterward it responds with the URL of a last payload. One-stage download Experts in this phase have observed that in order to recover the final payload, the infected Google Play app utilizes a stager payload. “That’s why the infected Google Play store app has the stager payload URL, that is encoded in the code itself and encrypted utilizing the Advanced Encryption Standard (AES). However, the main job of this stager payload is to retrieve the final payload URL from the code and then download it.” Two-stage download For this situation, the tainted Google Play store applications have two-stage payload downloads to recoup the last payload. That is the reason the Google Play infected application downloads the stage one payload, which downloads the stage two payload, that in the long run stacks the end Joker payload. Once the execution of stage one payload Is over, it then proceeds to download the stage two payload, and that is why the stage two payload shows the same performance as stage one payload. 

As I wrote before a coalition of cyber-security organizations with Microsoft orchestrated a global takedown against TrickBot, which is the second-largest malware botnets.