Question

In: Computer Science

Use your favorite search engine and search for “world’s greatest data breaches and hacks.” Scan through...

Use your favorite search engine and search for “world’s greatest data breaches and hacks.” Scan through the hits until you find visual diagrams or a text-based list of major data breaches that have occurred recently. (Major data breaches are defined as those in excess of 30,000 records.) Select and carefully review at least two of these data breaches. Briefly describe the two data breaches you selected. Explain in layman’s terms how you think these breaches occurred. Discuss whether or not you agree with Verizon’s assertion that over 80% of breaches are caused by human error. Describe how appropriate governance frameworks might have prevented these data breaches from occurring. Support your statements with evidence from your sources.

Solutions

Expert Solution

Example 1:

I have an example for the real-life technological security flaw which has been appeared in one of the most used applications,i.e. Adobe Flash Player. So here is the information related to it in detail:

  • The vulnerability which we are going to talk today is one of the most critical ones and for one of the largest companies "Adobe". This vulnerability left lakhs of the user under danger of getting breached.
  • The name of the vulnerability is "Flash Player Vulnerability" with an identification code "CVE-2018-5002". This vulnerability has been affecting densely in the Middle East region and was brought into vision in June 2018.
  • What actually was the security flaw here? The security flaw was one of the stack-based buffer overflow bugs that have been able to execute arbitrary code.
  • The following vulnerability was allowing the attackers to maliciously craft the Flash object which would help them in executing codes in the victim machine and then execute the range of payloads & actions.

How would have this been prevented?

  • The applications are been vulnerable to buffer overflow bugs when there are certain programming errors or memory leaks left in the programming.
  • Hence, this can be prevented using right programming methods and also putting best programming techniques to use so that none of the vulnerabilities are left in open to ruin the applications.
  • There must be thorough testing of the application done before releasing the application publicly and must also make the application good enough for working against the vulnerabilities.

Hence, these are the methods in which the vulnerability could have been prevented.

How did this vulnerability actually work?

  • The vulnerability was allowing the attacker to provide a word file to download and once executed in the victim PC the adobe flash exploits would start running.
  • This file once executed starts executing the shellcode which will then enable the attacker to command and control the servers from which the attacker would gain complete access to the victim machine.

Patch For Vulnerability:

  • The company has declared the patch for the vulnerability and can be patched automatically by installing the updated Flash Player as this was a critical zero-day attack.
  • The patch is available only for the users from East Asia as the vulnerability was highly active in that region.

Hence, this was all on technology security and how to maintain the security levels in order to stay updated and up to the mark.

Example 2:

  • The second one is the most recent one with CVE-2019-1010259. This was the most critical vulnerability which was a type of SQL Injection and has affected most of the MySQL servers that were deployed in the cloud.
  • In some cases, it also leads to the Remote Code Execution. Hence, it became a very hard job for the affected one to protect themselves from this vulnerability. As it was claimed to affect almost 11 million systems.

How did this vulnerability actually work?

  • The vulnerability can be triggered by using a specially crafted password string which will help the attacker to escalate the privileges on the MySQL server. The attacker could just enter the string wherever the system can interact with the database server.
  • The attackers triggered it using the login pages through which the attackers were getting access to the escalate the privileges of the MySQL server. After which they would be able to do below mentioned points:
    • Modify the system files or any information on the database
    • Scope of attack is limited as the attacker will not have control over what can be modified.

Patch for the vulnerability:

  • Microsoft SQL Server team immediately provided with the version which was fixed and free to download or upgrade for the existing users as it was a major vulnerability and was being in wild for recent time.
  • The fixed version was listed on the Microsoft website as well as it was being automatically updated for active users for diminishing any further damages done to the organizations. The fixed version which is currently being used is 2018.3.4

Hence, this is another vulnerability which was running in the wild and was recently a hit among hackers.


Related Solutions

  Why do you think Google dominates as a search engine?  What's your favorite search engine and why...
  Why do you think Google dominates as a search engine?  What's your favorite search engine and why -- or do you not prefer one over the other?  What do you think makes a good search engine?  Can you think of any features that search engines could potentially add? answer in 1-2 paragraphs
Conduct a web search on "The best and worst PowerPoint presentations" using your favorite search engine......
Conduct a web search on "The best and worst PowerPoint presentations" using your favorite search engine... which is google. give two reasons why this website was your choice of either the best or worst PowerPoint presentation and discuss what should or should not be done when creating a PowerPoint presentation. At the end of the oaragraph put the URL of the website.
use your favorite search engine to find the IRS' website ans locate Publication 537:"Installment Sales." after...
use your favorite search engine to find the IRS' website ans locate Publication 537:"Installment Sales." after reviewing that publication, answer the following questions: 1) which form is used to report an installment sale? 2)what are the requirements to report a sale on the installment basis for tax purposes? 3)If the taxpayer receives money over several periods, why would a taxpayer want to report a sale on the installment basis, rather than in the tax period when the sale oringinated? 4)...
Assignment task Use your favorite search engine to find details about (1) virus/piece of malware. Upload...
Assignment task Use your favorite search engine to find details about (1) virus/piece of malware. Upload an MS Word or .PDF document that summarizes each of the following Item 1: Introduction - What is meant by malware/viruses? What is their history? Are malware and/or viruses recent developments in computer technology or have they been around for a while? What piece of malware/virus are choosing to write about and why?   Item 2: Virus/Malware details: Name of malware/virus When and where was...
Using your favorite search engine, research the mission and vision statements of different fortune 500 companies....
Using your favorite search engine, research the mission and vision statements of different fortune 500 companies. Then, you will response must be 750 words in which you compare and contrast the mission statements of two companies and the vision statements of two companies. You may use the same companies for both the mission and vision comparisons or separate companies.
Use your favorite text editor or IDE to search for occurrences of setState. Where you found...
Use your favorite text editor or IDE to search for occurrences of setState. Where you found uses of setState, refactor the code to use JavaScript functions instead of classes and the useState hook instead of setState. import React from 'react' import ColorSlider from './ColorSlider' import ColorOutput from './ColorOutput' import styles from './ColorBrowser.module.css' class ColorBrowser extends React.Component { constructor(props) { super(props) this.state = { red: Math.floor(Math.random() * 256), green: Math.floor(Math.random() * 256), blue: Math.floor(Math.random() * 256) } } updateColor(e) { this.setState({...
(1) Use a search engine to find two different online data markets. Write a report sharing...
(1) Use a search engine to find two different online data markets. Write a report sharing the sources or focus of information each provides, the availability of visualization tools to preview data, and how developers can access or incorporate the data into their and websites.
Outline popular search engine optimization strategies for the brand of your choice.
Outline popular search engine optimization strategies for the brand of your choice.
You want to improve your search engine by comparing to an competitor. In your database you...
You want to improve your search engine by comparing to an competitor. In your database you have over 30million queries and your target is to select only 5 thousands for evaluation. How would you sample? Note that we are not asking for implementation of the sampling, but are asking for the design.
Suppose you are working as a data mining consultant for an Internet Search Engine company. Describe...
Suppose you are working as a data mining consultant for an Internet Search Engine company. Describe how data mining can help the company. Give examples for which techniques such as (1) clustering, (2) classification, (3) association rule mining, (4) anomaly detection can be applied.
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT