Archive for November 2015
How to Guard against the 5 Most Common Security Attacks.
The security landscape changes at an incredible pace. To keep your secure systems and sensitive data safe and sound, your organisation needs to stay one step ahead of the latest threats and vulnerabilities.
Today, I'm helping you to identify and take action against the 5 most common types of security attack.
1) Malware (17%)
The growing rise of shadow IT has contributed to malware (the unintentional installation of malicious software) leap-frogging all other attack vectors to become the most common security threat faced by organisations.
Many of the most high-profile (and most damaging) attacks rely on social engineering, with attackers using targeted spear-phishing attacks to gain access to secure networks, before installing RAM-scraping malware into card processing systems. The resulting loss of payment information is devastating for the targeted companies, damaging both their finances and reputation.
2) Distributed Denial of Service (17%)
Distributed Denial of Service (DDoS) attacks are used to shut-down an organisation's on-line services, by redirecting huge volumes of traffic (often from compromised computers) to a single website.
In recent years, DDoS attacks have been used as a form of 'ransomware', with attackers using the threat of denial of service to extort money from organisations. In other cases, DDoS attacks are used by hackers to hide serious data breaches, masking the real impact of their actions by forcing web services offline.
3) SQL Injection (8%)
Vulnerabilities in website content management systems (CMS) have proved to be one of the most common vectors for SQL injection, with recent large-scale data breaches resulting from insecurities in popular platforms like Drupal and Joomla!. The problem is worsened by the use of insecure third-party CMS plugins, affording attackers another method of entry into a site's infrastructure.
4) Phishing (5%)
Phishing is a form of social engineering that uses emails, messaging apps, social media, web browsers and even intranet services, to trick end-users into parting with login credentials, and granting access to secure systems.
Hackers can then use these login credentials to install malware and extricate data - often completely unbeknownst to the victim, and the organisation.Phishing is growing in prevalence, for two simple reasons: it's easy to do, and it works.
5) Watering Hole (4%)
Watering hole attacks are designed to target an entire group of people, often those in a single organisation, industry or team. In these attacks, malicious third parties observe their targets, and identify the websites they most regularly use. The websites are then infected with malware, in the hope of infecting one or more of the targets.
These attacks are particularly problematic for organisations. Third-party websites are outside of your control, but by infecting members of your organisation with malware, your secure systems can be compromised, placing your information at risk.
Guarding Against Attacks :
Attackers are using an increasingly diverse range of tools to target organisations and compromise their secure systems. As a result, there's no one-size-fits-all solution to the problem posed by malicious attackers.
However, there's a particular facet of security that most organisations can dramatically (and effectively) improve. While most organisations understand the importance of firewalls, anti-virus and anti-malware software, few understand the crucial role employees play in ensuring security.
Many of these attack vectors only succeed because they target the human element of security. To improve your resilience to some of the most damaging attacks, it's essential to roll-out security awareness training: helping everyone in your organisation understand to identify potential security risks, and understand the course of action required to remediate them.
12 Best Android Hacking Apps
As we all know hacking and pen testing is only can be done on computers. But now the world is changing now your mobile is small hacking tool-kit using these apps. Apart from the normal mobile user, guys also like its flexible features that allows them to do various new task. As with this its security concerns also headed up. Recently we have noted that many of the cyber hackers are targeting Android users.
There are many guys have also unrestricted the features that are restricted by its owners, Google. So I thing the below words are familiar to them but many of them have not been aware. Here I am discussing some of the Apps that are meant for the Security tester, Ethical hacker and for those guys who really explore the tech world.
#1 Hackode
Hackode : The hacker’s Toolbox is an application for penetration tester, Ethical hackers, IT administrator and Cyber security professional to perform different tasks like reconnaissance, scanning performing exploits etc.
#2 Androrat
Remote Administration Tool for Android. Androrat is a client/server application developed in Java Android for the client side and in Java/Swing for the Server.
#3 APKInspector
APKinspector is a powerful GUI tool for analysts to analyse the Android applications. The goal of this project is to aide analysts and reverse engineers to visualize compiled Android packages and their corresponding DEX code.
#4 DroidBox
DroidBox is developed to offer dynamic analysis of Android applications.
#5 Burp Suite
Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities.
#6 zANTI
zANTI is a comprehensive network diagnostics toolkit that enables complex audits and penetration tests at the push of a button. It provides cloud-based reporting that walks you through simple guidelines to ensure network safety.
#7 Droid Sheep
DroidSheep can be easily used by anybody who has an Android device and only the provider of the web service can protect the users. So Anybody can test the security of his account by himself and can decide whether to keep on using the web service.
#8 dSploit
dSploit is an Android network analysis and penetration suite which aims to offer to IT security experts/geeks the most complete and advanced professional toolkit to perform network security assessments on a mobile device.
#9 Arpspoof
Arpspoof is a tool for network auditing originally written by Dug Song as a part of his dsniff package. This app redirects traffic on the local network by forging ARP replies and sending them to either a specific target or all the hosts on the local network paths.
#10 Shark for Root
Traffic sniffer, works on 3G and WiFi (works on FroYo tethered mode too). To open dump use WireShark or similar software, for preview dump on phone use Shark Reader. Based on tcpdump.
#11 Nmap for Android
Nmap (network mapper) is one the best among different network scanner (port finder) tool, Nmap mainly developed for Unix OS but now it is available on Windows and Android as well. Nmap for android is a Nmap apps for your phone! Once your scan finishes you can e-mail the results. This application is not a official apps but it looks good.
#12 SSHDroid
Android Secure Shell: Secure shell or SSH is the best protocol that provides an extra layer of security while you are connecting with your remote machine.SSHDroid is a SSH server implementation for Android. This application will let you to connect to your device from a PC and execute commands (like “terminal” and “adb shell”).
Anyone can hack your Android smartphone
Anyone can hack your Android smartphone with this critical vulnerability in Chrome. Researcher discovers a hidden vulnerability in the latest version of Chrome for Android which can be easily exploited by anybody.
A security researcher has discovered a critical exploit in Chrome for Android which is capable of compromising virtually every version of Android smartphone and tablets running the latest Android.
Guang Gong a security researcher from Quihoo 360 found the security vulnerability in Google’s Chrome browser for Android, which he recently presented during the MobilePwn2Own event at the PacSec security conference in Tokyo.
According to Gong, the vulnerability, if exploited, can allow the potential hacker to take the administrative control of the Android smartphone and install any malicious App or APK. While Gong has not made the inner workings of the exploit public, it is known that his vulnerability leverages JavaScript V8 to gain full administrative access to the victim’s phone.
According to Gong the bug is in the V8 JavaScript engine that comes packed with each Chrome installation. V8 is a JavaScript compiler written in C & C++, responsible for interpreting JS code fed into the browser, by converting it into machine code before executing it, gaining extra speed by doing so.
Gong demonstrated his PoC at PacSec where he used a regular Android smartphone to access a malicious link, which by leveraging the security exploit, installed another app on the phone, without any user interaction. Unlike similar Chrome exploits, the vulnerability discovered by Gong did not require chaining multiple bugs together to work or to gain root privileges.
“The impressive thing about Guang’s exploit is that it was one shot; most people these days have to exploit several vulnerabilities to get privileged access and load software without interaction,” PacSec organiser Dragos Ruiu told Vulture South. “As soon as the phone accessed the website the JavaScript v8 vulnerability in Chrome was used to install an arbitrary application (in this case a BMX Bike game) without any user interaction to demonstrate complete control of the phone.”
According to Register, Google security team immediately contacted Gong after his demonstration and rumors have it that the Chrome team is already getting a fix ready. Gong may be eligible to receive an Android bug bounty reward for the vulnerability.
New Ransomware program threatens to publish user files
The program's creators try to scare users into paying by threatening to publish their files online.
Ransomware creators have taken their extortion one step further: In addition to encrypting people's private files and demanding money before releasing a key, they now threaten to publish those files on the Internet if they're not paid.
This worrying development has recently been observed in a new ransomware program dubbed Chimera that was documented by the Anti-Botnet Advisory Centre, a service of the German Association of the Internet Industry.
The attackers behind this new threat target mainly businesses by sending rogue emails to specific employees that masquerade as job applications or business offers. The emails contain a link to a malicious file hosted on Dropbox.
Once Chimera infects a computer it starts encrypting the local files. After the first reboot it displays a ransom note on the user's desktop. The attackers ask for a payment of around 630 euro ($685) in Bitcoin in order to provide the decryption key.
Up to this point, the process is similar to that followed by other ransomware programs. However, Chimera's creators have taken their intimidation attempts to a new low. In their ransom note they claim that if they're not paid they will publish the user's files on the Internet.
There's no evidence that any victim's personal data has yet been released online, the German Anti-Botnet Advisory Centre said in a blog post.It's not clear if the ransomware program does indeed siphon off user files before or after encrypting them. But the threat could be enough to scare even users who have backups into paying.
Ransomware programs typically encrypt data locally and don't upload it to command-and-control servers because that would require a lot of storage space, even if attackers restrict the theft to certain file types such as pictures.But the prospect of this happening in the future is scary, as it would pose a major privacy risk to businesses and consumers alike.
Read more..
How to Avoid Malware Infection from a Phishing Email
One of the most common methods used to distribute malware is a phishing (fraudulent) email. Embedded in the email will be a “call to action” link, asking you to click here to learn more. The seemingly benign action of clicking on the link can start a destructive chain of events that culminates in compromising your computer, your identity, or even your business.
Here is a common scenario. You receive an email announcing a big sale at a national retailer. The email entices you to click on a link to get your exclusive 50% off coupon. The link looks like this: http://www.national-retailer.com/coupon.
You click the link and the coupon appears on your screen. End of story? Not necessarily. What a link says it is and what a link is programmed to do can be vastly different. That same link could just as easily be taking you to http://www.verybadguy.ru/malware.exe, where malicious code is programmed to download and execute on your computer. This type of redirection doesn’t require any programming skill. It is built into any application that uses hyperlinks.
So what should you do? DON’T CLICK! Instead, open your browser and type or paste in a known good URL. Not clicking is a fool-proof way to avoid malware infection from a phishing email.
Top 10 Network Security Threats
Vendor researcher includes USB drives, smartphones as top security risks. With cyber-threats becoming a daily headache for IT security staff, it helps to have some advice, or at least know what to look out for. A network security software provider, offered his observations on the top 10 threats that can harm networks from the inside and ways to combat them.
“The ways that the networks can be compromised five years ago internally, certainly still exist. It’s just that today, that list is really growing, and that’s why this is ongoing research,”
“It’s really an ongoing case again of all this data that we’re seeing worldwide, all this feedback we’re getting, all the new threats that we’re seeing and how those threats can potentially affect systems,”
According to the researchers, the top 10 internal network vulnerabilities are:
- USB drives
- Laptops and netbooks
- Wireless access points
- Miscellaneous USB devices (digital cameras, MP3 players, etc.)
- Employees borrowing others’ machines or devices
- The Trojan Human (attackers who visit sites disguised as employee personnel or contractors)
- Optical media (CDs, DVDs, etc.)
- Lack of employee alertness
- Smartphones
The list also includes advice for prevention and mitigation, with tips like implementing asset control policies to handle removable media threats and implementing an encrypted file system for sensitive data.
Some potential security threats such as smartphones can be dangerous in part because people don’t see them as threats. And even though they can house viruses, the devices can threaten networks in ways people may not think of.
“If you have any sort of confidential information and you have access to that, even if the document doesn’t leave the quarantined area and you take a picture of that with a smartphone, you can send that over [a] 3G network. You can just keep it on the smartphone and walk out with it,”
But when it comes to locking down networks and implementing security protocols, the government may be in a different position than the private sector when it comes to enforcement.
“They have a heavier hand. They can enforce this and say, ‘OK, across all agencies, we are banning this until we can think of what’s going on with this.’ So that is a good thing in my view because if you can properly enforce something, and you can take action on that, then it’s a step forward,”But there could be drawbacks.
eFast Malware Deletes Your Chrome Browser and Replaces It With a Fake One.
A new malware named eFast Browser looks just like Google Chrome. This malware deletes Google Chrome and replaces by installing it itself as your default internet browser to serve you annoying ads. Know how to spot it and delete it.
A new malware is in the town that is disguising itself as Google Chrome to hijack the computer systems of the users. This malware serves you its own intrusive ads and sells your activity to the third parties.
The researchers at Malwarebytes state that this malware deletes Google Chrome and replaces it by installing itself as your default internet browser. This isn’t the end – the malware makes itself the default program for opening multiple files like html, .jpg, .gif, .pdf and web links.
This malware is actually the eFast web Browser that looks just like Google Chrome. It’s even based on the open source Chromium project, so it behaves about the same.
It’s weird to notice that now replacing a browser is actually easier than infecting one. This is so as Google has taken steps to lock down the Chrome extensions by implementing filters lie Google code review and code signing. So, replacing the entire browser could be the new way to attack your PC.
The eFast browser malware also deletes all the Google Chrome shortcut and replaces with its own.
To spot the eFast browser malware, you need to look in the settings. Malwarebytes writes: “It isn’t until you look in the settings that you spot the “about eFast” entry in the menu (or if you type “chrome://chrome” in the address bar).”
After spotting the eFast browser malware in you PC, all you need to do is go to the installed programs list and uninstall the “eFast 000.110010107” entry.
We advice you to install applications on your PC using the trusted sources and following the basic security steps to keep yourself safe.
Also Read ..