Business 4.0 Risks - The New World Order for the CISO

2017 saw an unprecedented rise in the list of cyber breaches and attacks. The data breach at Equifax resulted in hackers accessing Social Security numbers, driver’s licenses details of million Americans. The recent in the list of incidents is social media giant, Facebook, whose shares plunged by over $60 b$ in first two days, on account of misuse of personal data of 50 million Facebookers by British data analytics firm 'Cambridge Analytica’. In 2017, we saw an alarming level rise in Ransomware attacks and ransom payments hitting over $2 b$. WannaCry, NotPetya, Bad Rabbit Ransomware hit more than 500,000 machines globally necessitating some businesses to even suspend operations, or paying ransomware cases with cryptocurrencies being unavoidable in situations. The WannaCry infections were so bad that Microsoft had to release a patch overnight for Windows systems that it had long stopped supporting.

Win a Career in TCS Cyber Security Team

Win a Career in TCS Cyber Security Team

Win a Career in TCS’ Cyber Security Team and grab a chance to be associated with the history of the contest as the Winner of the Inaugural Edition.

Welcome to HackQuest, TCS Ethical Hacking Contest for students passing out in 2017.
Eligibility Criteria: Open for Technical UG, PG & BCA students of 2017 batch with specialization in Computer Science, IT and Circuit Branches (Electronics & Electrical Engineering, Electronics & Communication, Electronics & Telecommunication, Electrical, Electronics, Electronics & Instrumentation and Instrumentation)
Why should you participate?

Hacking of the defense data - Impact of information leak of Scorpene

Hacking of the Defense data-Impact of information leak of Scorpene

Hacking defense data-Impact of information outpouring of Scorpene in this era of hacking and cyber-terrorism, a data stealing might be a great loss for a country rather than a war. The developed nations had been disbursement billions or Trillions for their defense sectors. The rivals rather than directly attacking the nations, began to compromise the security of their data. A few of day’s back Indian Defense sector were appalled once 22,400 pages of information on Scorpene Submarine were leaked.

Defense against Google Hacking

Google Hacking
For better understanding of the topic “Defense against Google hacking”, we will have a look into what exactly “Google Hacking” means.

Google Hacking:

Google Hacking or Google Dorking is a hacking technique, where Google search or Google applications are used to find the vulnerabilities in the configurations or source code of the website.
So here comes the question, “how Google search engine can be used to find such vulnerabilities?”
Answer would be: Google search engine provides support for a multitude of operators which gives more power to the normal Google search that we do on daily basis.
Now will have a glimpse on some examples of Google’s advanced operators:
  • Link: Sites that have a hyperlink to the URL specified will be returned in the search results.

Catch a Thief by Being One : Un-Scan It - Part III

Catch a Thief by Being One : Un-Scan It - Part III

In previous article, we understood the first phase of how an attack is launched. In this phase, attackers prepare for launching the attack by gathering as much information about the target as he can. This information may contain the OS details, DB version details, web server details and so on.

Now that attacker has all this data, he may try and identify if there are any vulnerabilities present in the environment, OS configuration details and Network architecture. This second phase of perpetrating an attack is known as Scanning.


The objective of this phase is to find all live servers, open ports, OS and system architecture, services running on the OS and network architecture.

Catch a Thief by Being One : Control what you Reveal - Part II

Catch a Thief by Being One : Control what you Reveal - Part II

In previous article, we discussed about the major challenges posed to the Data Security of an organization. In global landscape, Hackers utilizes their skills, different tools, vulnerabilities and exploits to perform attacks. In this series, we will discuss about how an attacker performs the attacks.

Hacking any system is comprised of five phases:

Is IRCTC website hacked?

IRCTC Website Hacked?

There were news reports that the Maharashtra cyber cell has informed IRCTC, India’s largest e-commerce websites and prime platform for booking railway tickets, about a potential data theft. Even though, IRCTC, the Indian Railway Catering and Tourism Corporation Limited, has denied news reports that its data had been hacked, panic is there among the users of the site. IRCTC PRO Sandip Dutta said: “There has been no hacking attempt on the site. A high-level committee has been formed to probe the matter.” However, most of the news agencies reported it as a case of hacking and with the news, many frantically went and changed their password, some others created new accounts. It was reported that the credit/debit card details, PAN card details, Aadhaar card details, email ids and mobile numbers, which were revealed by IRCTC users will now be used by the hackers.

A quick thought on how good Sandboxing technologies are ?

A quick thought on how good Sandboxing technologies are?

These days we hear lot about Advanced Persistent Threat (APT) mitigation techniques and the solutions that could protect us from Zero Day Attacks. Last couple of years the main focus was on Sandboxing solutions. We normally place firewall, IPS/IDS, HIPS, Antivirus solutions as a part of Defence in Depth principle. The limitation in this is most IPS/IDS, HIPS or Antivirus solutions detect and block known malwares as most of them are signature based security solutions. If they don’t have a corresponding signature, then the attack will go unnoticed and will result in exploiting vulnerabilities. I always believe in a principle – Prevention is better than cure.


Subscribe to RSS - Hacking