Snippets

Wiper Malware And ItÔÇÖs Evolution as Ransomware

Wiper Malware And ItÔÇÖs Evolution as Ransomware
Wiper Malware has been associated with the attacks in 2012 where Shamoon, a wiper malware sample was used to attack a Reputed Saudi oil firm. The infection rendered workstations unusable and affected thousands of workstations at the company. It did steal data and overwrote the Master Boot Record on each hard drive.
 
Wiper malware was deployed against victims in South Korea back in 2009 and 2010. In 2012, a Wiper package called Shamoon was used at Saudi Oil Firm that struck multiple organizations in Saudi Arabia resulting in wiping the organizations' entire hard drives.
 

NDIA's CYBER READINESS AT A GLANCE-Cyber Readiness Index (CRI)-December 2016

NDIA's CYBER READINESS AT A GLANCE-Cyber Readiness Index (CRI)-December 2016
The Cyber Readiness Index (CRI) 2.0 has been employed to evaluate India’s current preparedness levels for cyber risks. This analysis provides an actionable blueprint for India to better understand its Internet infrastructure dependencies and vulnerabilities and assess its commitment and maturity to closing the gap between its current cybersecurity posture and the national cyber capabilities needed to support its digital future.
 
According to the CRI 2.0 assessment, India is still in the early stages of developing a path toward cyber resilience and cyber readiness and is currently partially operational only in one of the seven CRI essential elements.
 

Steps to check quadrooter vulnerability in android devices

Steps to check quadrooter vulnerability in android devices
In the article , we have seen how an attacker can gain root level access to android devices by exploiting QuadRooter vulnerability.
Many Qualcomm based Android devices are affected by QuardRooter Vulnerability. We can check if our device is affected or not by following these simple steps:
 
 
  • Download and install the QuardRooter scanner app developed by Check Point Labs from google play store.
 
 
  • Open the app and select “Tap to Scan” button.
 

Business value creation is a function of regulatory compliance

Business value creation is a function of regulatory compliance
Europen Union  and United States of America, both have been front runners in enhancing and enforcing privacy regulations across different industries. The focus has been to ensure that firstly there is sufficient notice to and adequate consent from customers[1] before personal data is processed. Secondly, personal data is processed with adequate security measures, and finally that personal data is disposed off securely once the purpose for which the personal data was acquired, has been fulfilled.
The incentives for regulation compliance has been increasing gradually across globe. With GDPR put forth formally, any organization with EU interest has a regulatory risk of higher of 4% of global revenue and 20 million euros. This takes data regulatory risk straight in to the board room.
 

Conflict between Business and Regulations

Beware ÔÇô SMS SPAM lurking around

Beware ÔÇô SMS SPAM lurking around
Most of us receive several unsolicited SMS each day enticing us into several offers ranging from pizza food chains to expensive gadgets and travel holidays. These are junk messages referred to as SMS spam. A portion of these messages are purely intended for advertising, while the other ones are floated around with a malicious intent. These text messages pose a greater threat to end users as compared to virus laden emails. Also most of the time users do not anticipate dangers of SMS spam and take it lightly as the messages arrive in their devices.  Fraudsters take advantage of this fact and gets away with user data. With the advent of social media messenger apps like WhatsApp, Viber etc. threat landscape has all the more amplified. The modus operand of the campaign is luring the users to click a malicious link; malware is planted on the device leading to leakage of sensitive information like passwords from the user’s device.

Hacking of the defense data - Impact of information leak of Scorpene

Hacking of the Defense data-Impact of information leak of Scorpene

Hacking defense data-Impact of information outpouring of Scorpene in this era of hacking and cyber-terrorism, a data stealing might be a great loss for a country rather than a war. The developed nations had been disbursement billions or Trillions for their defense sectors. The rivals rather than directly attacking the nations, began to compromise the security of their data. A few of day’s back Indian Defense sector were appalled once 22,400 pages of information on Scorpene Submarine were leaked.

European Union ÔÇô General Data Protection Regulation

European Union ÔÇô General Data Protection Regulation

The GDPR is a Data Protection Regulation (EU 2016/679) adopted by European Union on 2016 and comes in to effect by 2018. The existing Data Protection directive (95/46/EU) will be replaced by GDPR on 2018.

The GDPR focuses on Individuals Data Privacy Protection within and outside European Union and plans to unify the regulation between all Member States. So, the same regulation will be applied across the member states which provides the ease of binding actions during the Investigations & Sanctions. A Supervisor Authority (SA) is appointed for each member state to handle the Investigations on complaints and Administrative Offences. The SA’s are given power to impose administrative fines.

War Dialing

War Dialing

War dialing is a process to dial any number with the use of a modem or a VOIP service in order to detect the terminal devices. In case of a modem, it automatically starts dialing a list of telephone numbers in order to search for computers, servers and fax machines, however, in case of VOIP a communication protocol IAX (Inter-Asterisk Exchange) is used for transmitting telephony session between a VOIP server and terminal device. It involves dialing any unknown telephone number, waiting for one or two rings and hanging up the connection once the phone to rings twice. Any modem or fax machine will answer the phone on the first ring and the hacker will make a note of that number. This facility can also be used to detect any unauthorized devices connected to a network which could possibly serve as an entry-point into the system.

Penetration Test-Seclude High Risk Web Targets

Penetration Test-Seclude High Risk Web Targets

Many a times while conducting a penetration test for a client with large infrastructure, subnets ranging from /16 to /19 (CIDR notation), it is required to determine the web applications that are running on ports 80, 443 (and other non-standard ports). The tool Eyewitness can be used to capture screenshots of web applications, server header information, to identify default credentials and instances of directory listing. This tool creates a report in .html format. It enables a pen-tester to concentrate on important and high risk targets rather than spending time opening applications in web browser. 

Please refer to below link for EyeWitness 2.0 Release and User Guide:

https://www.christophertruncer.com/eyewitness-2-0-release-and-user-guide/

Pages

Subscribe to RSS - Snippets