Posts

Rise of Ransomware

-
Image
In 2013, Cryptolocker ransomware came into the light and set the world of cyber security on fire. It was recognized as the modern age ransomware. Later on, more lethal and more dangerous ransomware followed Cryptolocker and raised some serious questions to organizations’ security. The best part of these ransomware attacks was the awareness. The world became more aware about cyber security and there was universal agreement made that security is the essential ingredient now a days to protect the organizations data and assets. In the recent years, there are so many ransomware identified which shook the world and the impact it had was phenomenal and got the eyeballs of every single organization. It doesn’t matter what’s the volume of your organization or what kind of data you are dealing with on a daily basis, ransomware is not gonna spare you. Period! Cybersecurity ventures has revealed some interesting and threatening facts in their annual report regarding ransomware impact. -
Post a Comment
Read more

Importance of secure SDLC

-
Image
Time does require the change. Isn’t it? We’ll talk about the importance of securely software development life cycle in this story. We all know what exactly SDLC is? SDLC stands for Software Development Life Cycle. The developers builds the applications for certain purpose. The SDLC process has got certain pre-defined phases.  Requirement Gathering: What is the purpose and what’s it going to take for building the application. Plan and Design: Plan the phases of development. Prioritize the modules and finalize the design suitable. Implementation: Start implementing the modules. Coding takes place. Testing: Test the modules which are built Deploy: Deploy the application once the application is tested properly. Maintain: Check whether the application behaves exactly in the same way it was meant to. Eliminate the vulnerabilities identified if any. This is how the traditional SDLC process works. There are certain models to accomplish the pr
Post a Comment
Read more

DDoS strikes again! And this time even worse

-
Image
One more security incident was reported recently. This time the victim was popular code hosting site- GitHub. GitHub was hit down with massive record-breaking DDoS attack which has crossed all the past numbers of attack intensity. The attack was peaked at record 1.35 Tbps-126.9 million packets per second if we believe the numbers. This was 51000 times more than the actual request serving capacity of the site. Woah! The number describes the intensity of the attack. Usually the botnet- a group of infected system is used to carry out the successful DDoS attacks. There is one leader/attacker which controls all the actions in the network like manipulating the IP address, change the attack payloads and other random customized activities. The notable thing in this recent attack was that there was no use of botnet reported. It was the Memcached servers which were targeted this time to escalate the DDoS attack. How the attack was performed? A forged request to the targeted Memcras
Post a Comment
Read more

WiFi Security Protocols

-
Image
In today’s world Wi-Fi has become the essential thing in our daily routine. The wireless networks are also not secure in this digital age. New flaws and exploits are found on daily basis and Wi-Fi is no exception in that. Let’s understand the functioning and the flaws present in it. Before diving deep into the protocols and standards, here is an overview of Wi-Fi. Wi-Fi (802.11) - an IEEE wireless communication standard has 14 channels. These channels ranges from 2.412GHz (Channel 1), 2.417GHz (Channel 2) to 2.484 GHz (Channel 14) and 6 modes- Master, Managed, Ad-Hoc, Mesh, Repeater and Monitor. As we all are familiar with the terminologies- Packets and Frames, let’s jump onto the main topic- Wi-Fi security Protocols and flaws in it. WEP, WPA, WPA2-AES WEP:                                               Wired Equivalent Privacy is the security protocol which uses 64, 128 and 256 bit keys. 256 bit key is rarely used. Initialization Vector is used along with RC4 for
Post a Comment
Read more

Dresscode-Android malware that can infiltrate corporate networks is spreading

-
Image
According to Trendmicro, DressCode-a family of Android malware, has been found circulating in at least 3,000 Trojanized apps. An Android malware is spreading across app stores, including Google Play, and has the capability of stealing sensitive files from corporate networks. DressCode hides itself inside games, user interface themes, and phone optimization boosters. It can also be difficult to detect because the malicious coding only makes up a small portion of the overall app. On Google Play, Trend Micro found more than 400 apps that are part of the DressCode family, it said. That's 10 times more than what security researchers at Check Point observed a month ago. Trend Micro added that one these apps on Google Play had been installed 100,000 to 500,000 times. Once installed, Dress Code's malicious coding will contact its command and control servers and receive orders from its developers. The malware is particularly dangerous because it can infiltrate whatever internet
Post a Comment
Read more

Vulnerability in the MySQL database

-
A vulnerability in the MySQL database could allow attackers to completely compromise some servers. The vulnerability affects "all MySQL servers in default configuration in all version branches (5.7, 5.6, and 5.5) including the latest versions," as well as the MySQL-derived databases MariaDB and Percona DB, according to Dawid Golunski, the researcher who found it. The flaw, tracked as CVE-2016-6662, can be exploited to modify the MySQL configuration file (my.cnf) and cause an attacker-controlled library to be executed with root privileges if the MySQL process is started with the mysqld_safe wrapper script. The exploit can be executed if the attacker has an authenticated connection to the MySQL service, which is common in shared hosting environments, or through an SQL injection flaw, a common type of vulnerability in websites. Golunski reported the vulnerability to the developers of all three affected database servers, but only MariaDB and Percona DB received patc
Post a Comment
Read more

Business E-mail Compromise

-
A new email-based attack campaign is targeting key employees from companies in the U.S., Middle East and Asia with the goal of compromising their computers and email accounts. What is BEC? Business Email Compromise (BEC) as a sophisticated scam targeting businesses working with foreign suppliers and businesses that regularly perform wire transfer payments. Formerly known as Man-in-the-Email scams, these schemes compromise official business email accounts to conduct unauthorized fund transfers. BEC involves attackers hijacking the email accounts of business executives or accounting employees who typically authorize financial transactions inside organizations. Their hijacked email accounts can then be used to trick other employees, suppliers or business partners to initiate fraudulent payments to accounts controlled by the attackers. Security researchers from antivirus firm Trend Micro recently detected an attack against companies from 18 countries where key employee
Post a Comment
Read more