Security Articles

Fri
11
Aug

An Awareness: Digitalization going hand in hand with security

An Awareness: Digitalization going hand in hand with security
Most important aspects in today's world are digitalization and security of services and values that we provide to our customers. In this digital transforming phase,
 
Cybersecurity needs to step up in this race and provide optimized solutions. We are facing greater challenges on levels of security, risk, and compliance. Various incidents have been reported in the day to day life. Automation and digitalization can provide a bright future but insecure and less protected future. Security is the foundation of digitalization journey.
 
Here, I list some of the points we need to focus on:
 
Fri
04
Aug

Android Key logger Malware: A threat to steal mobile data

Evil minds always evolve new attack vectors in the purpose of stealing information from their targets. This time they come up with a malware in the form of Trojan which can integrate with an android application and utilizes android feature to record every keystroke, take screenshots and send them back to attacker’s server. Key logger is an old school concept of stealing information from laptop/desktop devices. It can be in the form of a piece of hardware or software installed silently on the device and captures all key strokes and in the background, it sends the logs to the attacker.
 

Android key logger malware

Mon
31
Jul

Devil's Ivy Vulnerability Could Afflict Millions of Devices!

Devil's Ivy Vulnerability Could Afflict Millions of Devices!
The vulnerability -- called Devil's Ivy or CVE-2017-9765 -- which was made public recently by Senrio, a company that specializes in IoT security. It initially found the bug in the M3004 model security camera marketed by Axis Communications, but further research found that 249 of Axis's 251 surveillance camera models are affected. The problem isn't with code that's native to Axis products but is in gSOAP, an open source web services library that is used by many developers. According to the market analysis that 34 companies use gSOAP -- a list which includes big shots like Microsoft, IBM, Xerox, and Adobe. As per report, third-party toolkit (gSOAP) was downloaded millions of times means that it has spread to thousands of devices and will be difficult to entirely eliminate.
 
Mon
31
Jul

SambaCry Is Around The Corner!

SambaCry Is Around The Corner!
We have seen many critical vulnerabilities recently. First, there was WannaCry, then WannaCry 2.0 and now we have SambaCry. The Samba team released a patch for a critical remote code execution vulnerability (CVE-2017-7494) in Samba, the most popular file sharing service for all Linux systems. It is a new seven-year-old RCE vulnerability (CVE-2017-7494) that is affecting Samba versions 3.5.0 and higher. SambaCry is similar to WannaCry because the vulnerability affects the SMB protocol in Linux.
 
Mon
31
Jul

DNS Spoofing : How to Protect Your Organization From It?

DNS Spoofing : How to Protect Your Organization From It?
When you are accessing a website, your computer uses a DNS server to look up the domain name you are trying to access. The proper term for this process is DNS name resolution where DNS server resolves the domain name to the IP address.
 
For example: when you enter "http://www.google.com in your browser, part of the network connection includes resolving the domain name "google.com” into an IP address like 74.125.236.32" web servers. Here the DNS threat is, anyone can spoof DNS in a network. If will put Google’s IP in front of facebook.com (domain name), when someone tries to open facebook.com he will be redirected to google.com.
 

Way to Exploit

In order to achieve DNS Amplification attack, the attacker performs two malicious task,
Thu
27
Jul

WeChat - All you want? Or, Buyer Beware?

WeChat - All you want? Or, Buyer Beware?
WeChat is a popular Chinese service managed by Tencent International Service, a Singaporean company, with its servers and operations in China. I would think that non-China companies would be hesitant to use it except, perhaps, to reach consumers in China. There are at least partial adoptions by Starbucks, Linkedin, and others. Note that some more recent implementations employ local servers, which might be the way to go for WeChat use exclusively outside of China.
 
Wed
19
Jul

Layered security approach to safeguard Digital Data

Digital Data Protection
In this era of the digital world, everything is moving to online from electronics to groceries, making it more important for an organization that its digital experience is always available for intended users. But as digital world is becoming more prominent, it's also becoming a major target for attackers.
 
According to a recent report, DDoS and Malware attacks growing rapidly and the volume of damage caused by these attacks also have a subsequent growth.
 
Whether the lack of availability is because of an attack or theft of data, digital experiences need to be protected as they are the focal point for consumer engagement, interaction, and commerce.

Safeguard Digital data

Wed
19
Jul

How To Avoid Being Cyber-stalked?

How to Avoid Being Cyber-stalked?
Stalking is following someone's activity against their own will. As we are spending more time online and also increase in online activity has made people vulnerable to Cyberstalking.
 
Cyberstalking is the way of using electronic communication particularly Internet including Blogs, Facebook, Twitter constituting social media, phone calls, emails, text messages to threaten, harass, pursue or steal victim's sensitive information because of the personal grudge that might arise because of revenge, jealousy, anger, and hatred etc. Cyberstalkers are commonly known to the victim and could be a former colleague, friend or spouse. Occasionally Cyberstalkers can be strangers also, could be fans of some celebrities or famous personalities in the society.
 
Mon
17
Jul

Internet Banking: Is using OTP a Safe Option?

Internet Banking: Is using OTP a Safe Option?
Almost all of us would have transferred funds using internet banking. While performing funds transfer or payment, our transaction would pass through another step of authentication, which would either be a password or a one-time password (OTP) on our mobile numbers. Many of us would consider a risk in using password based second authentication, that if by chance our desktop or laptop would have a malware/virus in our system; it would steal our transaction password. Thus, one would prefer going for an OTP, which is an out-of-band authentication mechanism, valid for few minutes with little chance of compromise. However, the bad news is that, recently, a critical flaw has been found in the Signaling System 7 (SS7), which allows hackers to intercept our communication. Cybercriminals are actively exploiting the vulnerability to bypass the SMS based two-factor authentication (2FA) to successfully perform unauthorized funds transfers from our accounts.
Mon
17
Jul

Different Attacks and Counter Measures Against ZigBee Networks

Different Attacks and Counter Measures Against ZigBee Networks
With the demand and rise of electronic equipment’s, new technologies are being developed and deployed to meet the global demands. Zigbee is one such technology in rising with low power consumption and low-cost to meet the rising market of Internet of things (IoT) networks. Zigbee is generally deployed for applications which use low data rate and low power consumption and is an open standard worldwide. Zigbee uses a different protocol than Wi-Fi networks where it uses a mesh networking protocol to create a self-healing architecture, thereby supporting much lower data rates than Wi-Fi.
 

Exploitation in ZigBee Devices

Pages

Subscribe to RSS - Security Articles