PDF Editor
PDF Converter
Image Converter
Video Converter
Audio Converter
File Compressor
cyber uc meeting 66

Cyber@UC Meeting 66 Welcome New Members! If Youre New! Join our - PowerPoint PPT Presentation

Jul 28, 2023 •18 likes •178 views

Cyber@UC Meeting 66 Welcome New Members! If Youre New! Join our Slack: ucyber.slack.com SIGN IN! (Slackbot will post the link in #general at 6:30) Feel free to get involved with one of our committees: Content Finance Public

  1. Cyber@UC Meeting 66 Welcome New Members!

  2. If You’re New! ● Join our Slack: ucyber.slack.com SIGN IN! (Slackbot will post the link in #general at 6:30) ● Feel free to get involved with one of our committees: ● Content Finance Public Affairs Outreach Recruitment ● Ongoing Projects: RAPIDS Lab! ○ ○ NSA Cyber Operations Competition Research

  3. Lab updates ● We have desks !! Next steps ● ○ Setting up iDRAC ○ Flashing CentOS ○ Setting up servers with OpenStack, FOG, and Puppet More info at cyberatuc.org/blog

  4. Other announcements ● Board Game Night! This Friday @ 6pm, 649 Baldwin ○ ● Planned visits ○ NSA visit with Enigma Machine (Sept 18) ○ US Bank visit planned for (week of Sept 24) ● Opportunities Air Force Research Lab Partnership ○ NSA Scholarship Opportunities! NSA Research Grant in Cyber Operations ○ ○ Blackpoint Cyber SOC Analyst Job applications! (thanks Mike!) Our logo has made progress! DAAP may help too. ●

  5. Public Affairs Useful videos and weekly livestreams on YouTube : youtube.com/channel/UCWcJuk7A_1nDj4m-cHWvIFw (or just search for "cyber@uc") Follow us for club updates and cybersecurity news: Twitter: @CyberAtUC ● ● Facebook: @CyberAtUC ● Instagram: @CyberAtUC For more info: cyberatuc.org

  6. Weekly Content

  7. WannaCry ● Ransomware Cryptoworm Targeted computers running Microsoft Windows ● Propogated through EternalBlue ● ○ Exploit developed by the NSA, leaked by “Shadow Brokers” hacker group Also used in the notPetya cyberattack ○ ○ Mishandling of Server Message Block (SMB) protocol allowed arbitrary code execution Patches were available two months before WannaCry attack occurred ○ ● > 200k computers across 150 countries ● Attack believed to have come from North Korea

  8. Equifax ● Equifax fails to patch Apache Struts on one of their servers September 7, 2017 Equifax announces a breach > 140M americans data ● leaked, >200k credit card numbers ● Equifax discovered the breach July 29, then hired a forensics firm ● Equifax had a terrible response Website telling people if they were affected gave differing responses ○ ○ Website allowing enrollment in identity protection couldn’t handle traffic and was constantly down ○ That same page also had cert errors Wrong link in Twitter ○ ● Cost Americans an estimated 1.4 B in credit freeze fees

  9. Blueborne ● Discovered by Armis Airborne and spreads via bluetooth ● Utilized 8 new zero-day vulnerabilities ● ● Could have allowed attackers to take control of devices, access corporate networks and penetrate air-gapped networks Android, iOS, Windows, and Linux were all vulnerable ● Does not require being paired to the devices or for the victim device to be ● discoverable ● Exploits the high level privileges bluetooth inherently recieves on all OSs Estimated > 8.2 billion vulnerable devices at discovery ●

  10. Blueborne (continued) ● No victim interaction required Allows both C&C and MiTM ● Attack Stages: ● ○ Locate active Bluetooth devices Obtain the device’s MAC address ○ ○ Run an exploit for the proper OS

  11. Spectre/Meltdown ● Vulnerability caused by flaws in speculative execution Processor recognizes patterns and attempts to make predictions on results ● of processes and operates on those before results come in ● Discarded computation is stored in unsecured memory ● Patches have been developed but cause slow downs Can’t be avoided until new architecture and system designs are developed ○

  12. Cross Site Scripting (XSS)

  13. What is XSS? ● Attacker writes malicious code, makes a website serve it to other visitors Exists b/c the web wasn't originally interactive ● Reflected & Persistent (demo) ● ● The fix: input sanitization Change... <script>doEvilThings("yes");</script> ○ &lt;script&gt;doEvilThings(&quot;yes&quot;);&lt;/script&gt; to...

  14. Notable examples ● Self-retweeting tweet "but most of all, samy is my hero" ● Banks doing the Harlem shake ● ● Many, many more ○ See list on schiff.io/talks/xss

  15. Interactive demo Try to hack my website! bit.ly/haydenxssregister Goal: Change the XSS Champion from "no one" to your name. (please refrain from completely annihilating the page -- don't ruin the demo for the rest of us!)

  16. Further info This was a short version of a presentation I gave last spring. Full slides and video at schiff.io/talks/xss

Recommend

CYBER CYBER-SAFETY CYBER CYBER SAFETY SAFETY SAFETY BASICS BASICS Engineering Staff College

CYBER CYBER-SAFETY CYBER CYBER SAFETY SAFETY SAFETY BASICS BASICS Engineering Staff College

3/29/2012 CYBER CYBER-SAFETY CYBER CYBER SAFETY SAFETY SAFETY BASICS BASICS Engineering Staff College of India I N T R O D U C T I O N What is Cyber-safety Consequences Threats of Inaction Cyber-safety? Cyber-safety Cyber-safety at

217 views • 7 slides
Mark Fernandes Principal, Cyber Risk Services + FUTURE OF CYBER CYB CYBER SINGU GULAR ARIT

Mark Fernandes Principal, Cyber Risk Services + FUTURE OF CYBER CYB CYBER SINGU GULAR ARIT

Mark Fernandes Principal, Cyber Risk Services + FUTURE OF CYBER CYB CYBER SINGU GULAR ARIT ITY How cyber is becoming a key aspect of the ubiquity generation. CYBER SUMMIT More to come 3 2018 Deloitte Cyber Risk Services 4 2018

514 views • 19 slides
90% OF CYBER ATTACKS ARE 90% OF CYBER ATTACKS ARE SUCCESSFUL DUE TO HUMAN SUCCESSFUL DUE TO

90% OF CYBER ATTACKS ARE 90% OF CYBER ATTACKS ARE SUCCESSFUL DUE TO HUMAN SUCCESSFUL DUE TO

90% OF CYBER ATTACKS ARE 90% OF CYBER ATTACKS ARE SUCCESSFUL DUE TO HUMAN SUCCESSFUL DUE TO HUMAN ERROR ERROR CYBER AWARE CYBER AWARE NEXT-GEN SECURITY AWARENESS TRAINING Cyber Crime Is Now A Cyber Crime Is Now A Business Opportunity

550 views • 25 slides
Cyber/Information Cyber/Information Security Cyber/Information Cyber/Information Security

Cyber/Information Cyber/Information Security Cyber/Information Cyber/Information Security

Cyber/Information Cyber/Information Security Cyber/Information Cyber/Information Security Security Insurance: Security Insurance: Insurance: Insurance: A Montana Perspective A Montana Perspective Presented by: d b Brett E. Dahl,

197 views • 8 slides
Cyber Security in Mining Automation Ragnar Schierholz, Head of Cyber Security, Industrial

Cyber Security in Mining Automation Ragnar Schierholz, Head of Cyber Security, Industrial

ABB MINING USER CONFERENCE, MAY 02-05, 2017 Cyber Security in Mining Automation Ragnar Schierholz, Head of Cyber Security, Industrial Automation Division Agenda Why worry about cyber security? ABBs approach to cyber security Cyber security

1.07k views • 39 slides
SARNET ENHANCING RESILIENCE AGAINST CYBER ATTACKS Frank Fransen | 5 October 2016 SARNET -

SARNET ENHANCING RESILIENCE AGAINST CYBER ATTACKS Frank Fransen | 5 October 2016 SARNET -

SARNET ENHANCING RESILIENCE AGAINST CYBER ATTACKS Frank Fransen | 5 October 2016 SARNET - Enhancing Cyber Resilience Relation to NCSRA II SARNET | October 5th 2016 CYBER THREATS ARE EVOLVING Key trends Cyber Cyber Cyber Magnitude of

153 views • 13 slides
Protecting your business from Cyber Crime Presented by Jennie Williams Cyber Protect Officer

Protecting your business from Cyber Crime Presented by Jennie Williams Cyber Protect Officer

Protecting your business from Cyber Crime Presented by Jennie Williams Cyber Protect Officer Jennie.williams_cyber@titan.pnn.police.uk www.titanrocu.org.uk TITAN-ROCU @titanrocu TITAN-ROCU Cyber Dependant Crime (Pure Cyber Crime) Cyber

749 views • 15 slides
The Future of Cyber-security WILL SOCIETY BE ABLE TO TRUST TECHNOLOGY? The Cyber Black -

The Future of Cyber-security WILL SOCIETY BE ABLE TO TRUST TECHNOLOGY? The Cyber Black -

The Future of Cyber-security WILL SOCIETY BE ABLE TO TRUST TECHNOLOGY? The Cyber Black - Swan The cyber 9/11 Apocalypse we must prevent and be prepared STUXNET The Cyber Black - Swan The cyber 9/11 Apocalypse we

533 views • 15 slides
Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework Reporting Objectives Executive Summary Information Assess Current Cyber Security Posture Measure Progress Toward Improvement Assess

634 views • 5 slides
NSF Activities in Cyber Trust NSF Activities in Cyber Trust NSF Activities in Cyber Trust For

NSF Activities in Cyber Trust NSF Activities in Cyber Trust NSF Activities in Cyber Trust For

NSF Activities in Cyber Trust NSF Activities in Cyber Trust NSF Activities in Cyber Trust For ACM CCS I ndustry/ Govt Track Oct. 26, 2004 Carl Landwehr ( clandweh@nsf.gov ) Cyber Trust Coordinator National Science Foundation What s the

440 views • 17 slides
Breaking Databases via SQLi attacks Azqa Nadeem PhD Student @ Cyber Security Group The Cyber

Breaking Databases via SQLi attacks Azqa Nadeem PhD Student @ Cyber Security Group The Cyber

Breaking Databases via SQLi attacks Azqa Nadeem PhD Student @ Cyber Security Group The Cyber Security lecture series 1 About Cyber Security lecture series The Cyber Security lecture series 2 About Cyber Security lecture series A hot

1.37k views • 97 slides
International Cyber Crime Logan Hendershot Outline CSI International Cyber Crime

International Cyber Crime Logan Hendershot Outline CSI International Cyber Crime

International Cyber Crime Logan Hendershot Outline CSI International Cyber Crime Challenges of Cyber Crime International Aspects Conclusion/My Opinion Cyber Crime Example Reported Directly to FBI Challenges of Cyber Crime

373 views • 10 slides
Demystifying Cyber Insurance European Legal Security Forum 2016 12 th July 2016 Agenda The

Demystifying Cyber Insurance European Legal Security Forum 2016 12 th July 2016 Agenda The

Demystifying Cyber Insurance European Legal Security Forum 2016 12 th July 2016 Agenda The Evolution of Cyber Insurance Is Cyber Risk Already Insured? Cyber And Data Protection Is Not Just An IT Issue Case Study Cyber Risk Stakeholders The

1.03k views • 8 slides
Cyber Risks, Systemic Risks, and Cyber Insurance James E. Scheuermann* A BSTRACT The literature

Cyber Risks, Systemic Risks, and Cyber Insurance James E. Scheuermann* A BSTRACT The literature

Cyber Risks, Systemic Risks, and Cyber Insurance James E. Scheuermann* A BSTRACT The literature on cyber insurance is replete with statements to the effect that cyber risks are systemic risks. Through an analysis of the concept of

350 views • 32 slides
Nuclear Regulatory Commission Nuclear Regulatory Commission Cyber Security Program Cyber

Nuclear Regulatory Commission Nuclear Regulatory Commission Cyber Security Program Cyber

Nuclear Regulatory Commission Nuclear Regulatory Commission Cyber Security Program Cyber Security Program Barry Westreich Barry Westreich y Director Director Cyber Security Directorate Cyber Security Directorate Office of Nuclear Security

178 views • 14 slides
Vajra Cyber Threat Mitigation Service (Vajra CTMS) A Military Grade Cyber Threat Mitigation

Vajra Cyber Threat Mitigation Service (Vajra CTMS) A Military Grade Cyber Threat Mitigation

Vajra Cyber Threat Mitigation Service (Vajra CTMS) A Military Grade Cyber Threat Mitigation Service for Businesses and Governments Cyber Security &amp; Privacy Foundation Pte. Ltd., Singapore Cyber Security &amp; Privacy Foundation (CSPF)

370 views • 21 slides
CSCE 790 Computer Systems Security Firmware Security Professor Qiang Zeng Spring 2020

CSCE 790 Computer Systems Security Firmware Security Professor Qiang Zeng Spring 2020

CSCE 790 Computer Systems Security Firmware Security Professor Qiang Zeng Spring 2020 Previous Class Virus vs. Worm vs. Trojan Drive-by download Botnet Rootkit CSCE 790 Computer Systems Security 2 Trojan vs. Virus

304 views • 16 slides
Unique Controls Touch Climbing Touch Melee Canoe Rowing Gyro Aiming Lessons Learned Session

Unique Controls Touch Climbing Touch Melee Canoe Rowing Gyro Aiming Lessons Learned Session

Unique Controls Touch Climbing Touch Melee Canoe Rowing Gyro Aiming Lessons Learned Session Wrap Up Questions Missing L2/R2 as well as L3/R3 buttons from the DualShock 3 Feature: Tap Edge To Climb Feature: Tap Edge To Climb Problem:

544 views • 42 slides
Introductory question What is a decision table? A simple non-technical answer? A

Introductory question What is a decision table? A simple non-technical answer? A

Decision Table-Based Testing Chapter 7 Introductory question What is a decision table? A simple non-technical answer? A detailed technical answer? DTT2 Decision Tables - Wikipedia A precise yet compact way to model complicated

992 views • 42 slides
PERCEPTION CMPT-TR-1997-15, School of Computing Science, Simon Fraser University, 1997 To See

PERCEPTION CMPT-TR-1997-15, School of Computing Science, Simon Fraser University, 1997 To See

The Papers Presented Perceptual and Interpretative Properties of Motion for Information Visualization, Lyn Bartram, Technical Report PERCEPTION CMPT-TR-1997-15, School of Computing Science, Simon Fraser University, 1997 To See or Not to

400 views • 9 slides
Co Cont ntiki iki int ntroduction oduction Antonio Lin Colina, Zolertia Internet Low

Co Cont ntiki iki int ntroduction oduction Antonio Lin Colina, Zolertia Internet Low

Co Cont ntiki iki int ntroduction oduction Antonio Lin Colina, Zolertia Internet Low Power (Open Protocols) (years on batteries) Wireless (farther the better) Internet Open Low Power Source (Open Protocols) (years on

423 views • 38 slides
Evaluations of Protected/Permitted Right Turns and Quieter Shoulder Rumble Strips David S.

Evaluations of Protected/Permitted Right Turns and Quieter Shoulder Rumble Strips David S.

School of Civil and COLLEGE OF ENGINEERING Construction Engineering Evaluations of Protected/Permitted Right Turns and Quieter Shoulder Rumble Strips David S. Hurwitz, Ph.D. School of Civil and Construction Engineering Oregon State University

401 views • 38 slides
1 Operator: Good morning and welcome to the Henkel conference call. With us today are Hans Van

1 Operator: Good morning and welcome to the Henkel conference call. With us today are Hans Van

Commented Slides / Earnings Conference Call Q3 2016 November 8, 2016 Participants Henkel representatives Hans Van Bylen; Henkel; CEO Carsten Knobel; Henkel; CFO &amp; Investor Relations Team Participants Active in Q&amp;A session Toby

907 views • 51 slides
How Does the Life Settlement Market Aect the Primary Life Insurance Market? Hanming Fang

How Does the Life Settlement Market Aect the Primary Life Insurance Market? Hanming Fang

How Does the Life Settlement Market Aect the Primary Life Insurance Market? Hanming Fang Edward Kung Duke University June 19, 2008 Fang and Kung (Duke University) Life Settlements 06/19/2008 1 / 58 Introduction A life settlement is a

939 views • 58 slides

More recommend

Logo Sambuz

Unleash a World of Digital Possibilities—Browse, Share, and Explore Content Without Boundaries

Useful Links

About Us Privacy Services FAQ's Contact

Newsletter

Stay Informed & Inspired—Subscribe for the Latest Updates, Tips, and Exclusive Content Directly to Your Inbox.

Mail Us

mail@sambuz.com

2025 SAMBUZ, All right reserved.