Cyber Security

Cyber Security - De-brief of Year 2018

As 2018 draws to a close, cybersecurity breaches continued unabated to make headlines and causing widespread damages to enterprises. The truth is that the nature of the threat from cyber-criminals is changing, becoming increasingly invisible, menacing and the attack surface broadening by the day, making it difficult to identify and protect from potential threats. From some recent attacks, we saw medium to large scale disruption to enterprise’s infrastructure, integrity compromise and loss of trust of its data. Cryptocurrency mining malware was one of the most prominent in exploiting human weaknesses. The modus operandi was to establish relationships with the target and then eventually execute the malware. It led to customer loss, legal actions and shareholder revolt. There are still gaps and attack vectors continue to elude traditional defenses.

DevSecOps – Instilling a Security Culture

Do we still think cybersecurity is the sole responsibility of the Security team in an organization and it is their responsibility to assure that a released product has addressed all the security issues? Do we think it is secure to release the product into the competitive market at first and then to think about its security part? 

In order to survive in today's competitive world, IT companies have to come up with new and innovative products at a very faster pace. Adoption of DevOps has helped most organizations to compete more effectively in the market and to better serve their customers. But, for being a best-in-class technology company and to earn customer trust, is this enough? 

Penetration testing vs Vulnerability assessment

What is Vulnerability assessment?

  • Identify the security loopholes in a network or systems
  • Estimate how susceptible the network is to different vulnerabilities           

3 different ways to scan the network: -

  • Network scanning - Network scanning involves detecting all active hosts on a network and mapping them to their IP addresses. Port scanning refers to the process of sending packets to specific ports on a host and analyzing the responses to learn details about its running services or locate potential vulnerabilities.
  • Authenticated scanning - An authenticated security scan is vulnerability testing performed as a logged-in (authenticated) user. The method is also known as logged-in scanning. ... The method finds many vulnerabilities that cannot be detected through an unauthenticated scan.

Cyber Security Landscape for 2019

Will 2019 be better or worse than 2018? Traditional business structures will continue to get disrupted over the next two to five years. The digital age has created unprecedented opportunities to do business and deliver services using new technologies. Organizations are rapidly embracing social media, mobility and cloud computing technology and transforming their ICT operations. The fast advancement in above technologies is being driven by the economics of value and advantage created by this competitive change. While this opens up exciting new opportunities, improves efficiency, it also exposes businesses to larger attack surface and associated multiplicative risks of cyber-attacks of adopting such emerging technologies, increased network bandwidth, and interconnected devices.

Business 4.0 Risks - The New World Order for the CISO

2017 saw an unprecedented rise in the list of cyber breaches and attacks. The data breach at Equifax resulted in hackers accessing Social Security numbers, driver’s licenses details of million Americans. The recent in the list of incidents is social media giant, Facebook, whose shares plunged by over $60 b$ in first two days, on account of misuse of personal data of 50 million Facebookers by British data analytics firm 'Cambridge Analytica’. In 2017, we saw an alarming level rise in Ransomware attacks and ransom payments hitting over $2 b$. WannaCry, NotPetya, Bad Rabbit Ransomware hit more than 500,000 machines globally necessitating some businesses to even suspend operations, or paying ransomware cases with cryptocurrencies being unavoidable in situations. The WannaCry infections were so bad that Microsoft had to release a patch overnight for Windows systems that it had long stopped supporting.

Information Security Analysts : The Road Ahead

Information Security Analysts : The Road Ahead
In this digitized world, Information Security has become an integral part of each and every organization. The Internet has become an indispensable part of life. A whole lot of Information about everything is available on the internet, which includes sensitive data like Personally Identifiable Information, Intellectual property, Payment Card Industry data etc. And it’s obvious that sensitive data are needed to be protected. An organization needs to classify its data according to its importance, decide the data that needs to be protected.

Pulling out 86% of currency to achieve a dream of cashless economy. Are we ready ?

Pulling out 86% of currency to achieve a dream of cashless economy. Are we ready ?
Prime requirement of the cashless economy is high cyber security awareness, secure implementation, adequate safety measures, proper precautions, and imposed security policies at all stages. Continuing from the previous article " Post demonetization, India is witnessing an emerging era of a paperless economy. Is our cyber security ready for it? ", more on present situation India is going through. 
People are using public wifi networks along with mobile wallets and banking application through apps and smartphones, which are still not linked to any identity. Digital identity can be easily forged, nonrepudiation following frauds and attacks is another major issue. OTP is one of the methods to counter nonrepudiation again focusing on the mobile security.

QuardRooter Vulnerability ÔÇô A risk for nearly 1 billion android devices

QuardRooter Vulnerability ÔÇô A risk for nearly 1 billion android devices
As Android market is growing with coverage of more than 66% of mobile operating system, Attackers are finding ways to break in to these devices with the vulnerabilities which can help in gaining access privileges.
Now with the discovery of the new QuardRooter vulnerability, nearly 1 billion android smart-phones and tablets are at risk; when these vulnerabilities are exposed, it can give attackers complete control of the device intern providing access to sensitive and corporate data on the devices.
What is QuadRooter?
According to check point research team - QuadRooter is a set of four vulnerabilities affecting Android devices built on Qualcomm chipsets and Qualcomm is world’s leading designer of LTE chipsets owning a 65% share of the LTE modem baseband market.


Subscribe to RSS - Cyber Security