• Search for:
    17Mar, 2023
    Latitude cyberattack leads to data theft at two service providers

    Latitude Financial Services (Latitude) has disclosed a data breach after suffering a cyberattack, causing the company to shut down internal and customer-facing systems.

    Latitude is one of Australia’s largest personal loans provider and the country’s largest non-bank consumer credit lender.

    A subsidiary of Deutsche Bank and KKE, the firm provides a broad spectrum of consumer finance services, including unsecured personal loans, credit cards, car loans, personal insurance, and interest-free retail finance.

    Moreover, Latitude provides major Australian retailers like Harvey Norman, JB Hi-Fi, David Jones, and The Good Guys with “buy now, pay later” (BNPL) schemes.

    One breach leads to another

    According to the ‘cyber incident’ notification, Latitude’s internal systems were breached, allowing a threat actor to steal an employee’s login. These credentials were then used for logging into two of the company’s service providers to steal customer data.

    “As of today, Latitude understands that approximately 103,000 identification documents, more than 97% of which are copies of drivers’ licenses, were stolen from the first service provider,” explains Latitude.

    “Approximately 225,000 customer records were also stolen from the second service provider.”

    Latitude has not clarified if the records from the second provider contain similar data as the first provider, i.e., ID and driver’s licenses or other information.

    BleepingComputer has requested a comment from the firm to clarify that, and we will update this story as soon as we receive a response.

    Exposed customers are not expected to take any action to protect themselves at this time. However, it is recommended that they stay vigilant, as their stolen data may be used in phishing or social engineering attacks.

    The company has shut down several internal and customer-facing systems while responding to the incident and says that the effort to contain the attack and prevent breaches or further customer data is still underway.

    While the public announcement was made available to all customers, those determined to be directly impacted by the security incident will receive personal notifications.

    Resource: https://www.bleepingcomputer.com/news/security/latitude-cyberattack-leads-to-data-theft-at-two-service-providers/

    16Mar, 2023
    Does Your Help Desk Know Who’s Calling?

    Phishing, the theft of users’ credentials or sensitive data using social engineering, has been a significant threat since the early days of the internet – and continues to plague organizations today, accounting for more than 30% of all known breaches. And with the mass migration to remote working during the pandemic, hackers have ramped up their efforts to steal login credentials as they take advantage of the chaos and lack of in-person user verification.

    This has led to the revival of the old-school technique of vishing, which, like phishing online, involves using social engineering over the phone to steal sensitive information. Vishing attacks have been on the rise as a result, with 69% of companies experiencing them in 2021, up from 54% in 2020. These attacks often take the form of job or tech support scams and can be incredibly convincing. In August 2020, the FBI along with the CISA issued a warning regarding remote users being targeted by attackers spoofing organizations’ business numbers and impersonating the IT service desk.

    Vishing bypassing 2FA

    One of the most concerning aspects of vishing is the attackers’ ability to bypass two-factor authentication (2FA) security measures. 2FA is a popular form of multi-factor authentication that requires users to provide two types of information: a password and a one-time code sent via SMS.

    Attackers achieve this by impersonating a support representative and requesting the victim’s 2FA code over the phone. If the victim provides the code, the attacker can gain full access to their account, potentially leading to financial or personal information being compromised.

    Attackers impersonating as help desk support 

    A common instance is when individuals receive a pop-up alert claiming that their device has been breached or infected with malware and that professional phone support is required to fix the problem. Alternatively, victims may receive a call from an alleged tech support representative from a reputable software provider, claiming that malware has been detected on their machine. The attacker will try to convince the user to download remote access software under the pretext of corporate IT help desk representatives. This is the final phase of the scam, after which it’s checkmate for the unsuspecting victims and a potential payday for the attackers.

    Attackers impersonating the help desk is clearly working: in July 2020, Twitter experienced a major security breach when hackers used a vishing scam to successfully access dozens of high-profile accounts, including those of Barack Obama, Joe Biden, Jeff Bezos, and Elon Musk. The attackers used these accounts to tweet a bitcoin scam, resulting in the swift theft of over $100,000. Unlike traditional scams, these attacks target carefully selected individuals by gathering extensive information about them from social media and other public sources. This information is then used to identify employees who are most likely to cooperate and have access to the desired resources, at which point attackers are primed and ready to wreak havoc.

    A twist as attackers call the help desk & impersonate end-users 

    Social engineering attacks are carefully fabricated with collected data and can be used to impersonate an end-user on a call to the help desk. An experienced attacker can easily acquire answers to security questions from various sources, especially knowing end-users put too much personal information on social media and the web.

    Microsoft said that LAPSUS$, a known threat group, calls on a targeted organization’s help desk and attempts to convince support personnel to reset a privileged account’s credentials. The group would use previously gathered information, have an English-speaking caller speak with the help desk. They would be able to answer common recovery prompts such as “first street you lived on” or “mother’s maiden name” from data collected to convince help desk personnel of authenticity.

    In another attempt to reach the help desk, slack was used. Electronic Arts had 780GB of source code downloaded by hackers presumed to also be LAPSUS$. The threat actors used the authentication cookies to impersonate an already-logged-in employee’s account and access EA’s Slack channel, then convinced an IT support employee into granting them access to the company’s internal network.

    How can your Help Desk know who’s really calling

    Verifying user identity in the vishing age is more important than ever. With the rise of cyber-attacks and social engineering, it’s crucial for organizations to have security measures in place to safeguard their employees, protect their sensitive information, and prevent unauthorized access.

    One effective way to safeguard against these types of attacks is to implement a secure service desk solution, which allows for the verification of user accounts with existing data beyond just knowledge-based authentication. This can be achieved by sending a one-time code to the mobile number associated with the user’s account or using existing authentication services to verify callers.

    Enforcing user authentication is another key aspect of Specops Secure Service Desk. This ensures that information and password resets are only offered to authorized users, which is essential for protecting high-security accounts and adhering to regulatory requirements. With a Secure Service Desk, you can remove the opportunity for user impersonation by requiring verification with something the user has and not just relying on something the user – or an attacker – may know.

    In addition to verifying and enforcing user authentication, a secure service desk also allows for the secure reset or unlocking of user accounts. This is done only after the user has been successfully verified and can be combined with a self-service password reset tool to assist with account unlocks and the password reset process.

    With vishing scams showing no signs of slowing down, investing in Specops Secure Service Desk solution could be a critical step for organizations looking to protect their people from even the subtlest of social engineering attempts. By instilling a comprehensive and effective way to verify user identity, enforce user authentication, and reset or unlock user accounts, would-be victims can rest assured that they’ll always know who’s really calling.

    Resource : https://thehackernews.com/2023/03/does-your-help-desk-know-whos-calling.html

    7Mar, 2023
    LastPass Says Hackers Targeted Employee’s Home PC to Access Secure Servers

    LastPass has been in the news a lot lately, and not because it’s the internet’s number one password manager, as it still proudly proclaims. The company is still reeling from a series of hacks last year that resulted in a trove of user data being stolen. This week, LastPass released new details of the attacks, explaining that the attacker targeted a senior LastPass engineer to gain access to the sensitive internal information that made the data theft possible.

    Problems started for LastPass in August 2022 when it notified users of a “security incident” involving proprietary company information. It said at the time that no user data was accessed, but in November, it announced a second attack that did target the passwords and other sensitive data people had stored on LastPass’ servers. The threat actor leveraged data stolen in the first phase of the attack in August, but how did they get that data in the first place? Well, it’s not pretty.

    LastPass explains in the latest investigation update that the attackers targeted a senior engineer at the company; one of only four people with access to the LastPass corporate vault. The employee in question was working from home, and their employer did not enforce any access restrictions. The DevOps engineer was accessing sensitive company data using a personal computer, which also ran a “media software package.” Other sources claim the media software in question is Plex, which reported a data breach around the same time. Using an undocumented vulnerability in the media software, the attacker installed a keylogger and waited for the engineer to enter the master password and two-factor code.

    That operation gave the threat actor the keys to the kingdom; they obtained decryption keys for the company’s AWS-hosted backups, including critical databases and other resources. Because of the way LastPass had implemented access auditing, nothing seemed amiss at first. The company didn’t know about the second attack until Amazon alerted it to unusual activity on the account. The attacker made off with user vaults that are only partially encrypted. The password data is secure, but the vaults include plain text URLs, emails, and IP addresses. Worse still, the passwords are only protected by the user’s master password, which could be weak on older accounts.

    In addition to the updated blog post, LastPass has published a rundown of all the data lost in the attacks. The company also provides a list of changes made to its security setup, but this is far from the first security issue for LastPass. It suffers a data breach of some sort almost every year, and it always says it has improved its security afterward. Perhaps LastPass, with millions of user passwords, is just too tempting a target. If you’ve got a LastPass account, it might be time to reevaluate.

    Resource : https://www.extremetech.com/internet/343423-lastpass-says-hackers-targeted-employees-home-pc-to-access-secure-servers

    4Mar, 2023
    Password manager security: Which is the right option for me?

    The first guide of our two-part series helps consumers choose the best way to manage their login credentials

    While we continue to wait for the long-awaited password-less future to arrive, individuals and enterprises are still stuck with the problem of how to manage their countless, proliferating login credentials.

    Whether they allow browsers to save passwords, rely on Apple’s Keychain or another operating system utility, or trust a dedicated app, most people and organizations now use some form of password management utility.

    A password manager creates an encrypted vault that securely stores credentials. These are protected by a master password.

    Most consumer-focused apps can also create unique, random passwords and support safe credential sharing between friends and family members.

    Some also contain extra perks such as detecting reused passwords and monitoring your accounts for possible data breaches.

    Given the differences in functionality and pricing tiers, The Daily Swig is offering a comparative, two-part guide to some of the most popular password management utilities available for consumers and businesses.

    This article, part one of our series, looks at consumer password manager options, while part two will showcase some of the best choices for enterprises. Stay tuned for the forthcoming second guide.

    1Password

    1Password offers an easy sign-up process and printable digital key for recovering your account in case you forget your master password.

    The application has apps for macOS, Windows, Linux, Android, and iOS as well as a Chrome extension that enables a user to auto-fill login information on websites and store new credentials in their vault.

    The tool allows you to create multiple vaults to organize your data for various purposes (personal, work, etc). In addition to login information, you can use 1Password to store credit card information, API tokens, crypto wallet recovery seeds, and other sensitive documents or data.

    The password manager also allows you share to passwords with other users. You can tweak the sharing feature by setting expiry dates, maximum number of views, and specific email addresses that can access a password.

    1Password’s Watchtower feature monitors your account for reused passwords, vulnerable passwords, and potentially compromised accounts.

    The application also has a Travel Mode for special circumstances where your devices might fall into unwanted hands. Vaults that you mark as not safe for travel will disappear from your devices when you turn on Travel Mode and reappear when you turn the feature and re-connecvt to the internet.

    The password manager offers no free-of-charge plan and instead offers personal ($2.99 per month) and family ($4.99 per month) subscriptions. With the family subscription, you get five premium accounts and the ability to create shared vaults that you can use together.

    Bitwarden

    Bitwarden offers a full range of standard features including the ability to import data from other password managers, creating multiple vaults, sharing passwords with other users, and syncing vaults across multiple devices. It has apps for all major operating systems, extensions for nine different browsers, and a command-line interface for writing scripts.

    One feature that sets Bitwarden apart is its strong free-tier option, which provides features that most users typically need. The premium subscription ($10 per year) also adds security reports, stronger 2FA (two-factor authentication) options, 1GB of encrypted storage, a OTP (one-time password) generator, and emergency access to your vault by other (nominated) Bitwarden users.

    Bitwarden also has a family plan ($40 per year) with six accounts, shared password collections, and shared encrypted storage.

    Bitwarden is an open source program, which means you can host it on your own servers if company or industry regulations prevent you from storing your credentials in the public cloud. However, to get the full range of features, you’ll need to purchase a premium license.

    Dashlane

    Dashlane is another online password manager that provides basic features to store and secure your passwords, including creating vaults, generating passwords, filling online forms, and importing data from other managers.

    The tool provides a very limited free plan that only works on one device. The advanced tier ($2.75 per month) removes the device limit and adds a service that monitors the dark web for breached passwords and compromised accounts.

    The premium plan ($4.99 per month) adds VPN support, and the family plan ($7.49 per month) provides 10 premium accounts plus a dashboard to manage accounts and shared resources.

    Unlike other password managers, Dashlane doesn’t have a desktop application – PC users must do everything through the web portal and browser extensions. But it does have mobile apps for Android and iOS.

    Dashlane allows you to share passwords with other Dashlane users and set limits to what kind of access they will have to your credentials.

    Dashlane’s emergency access feature also allows you to specify a contact who can assume ownership of your account in case you lose access, and you can specify a waiting period to accept or reject the user’s request to access your vault.

    KeePass

    For users who don’t trust online services with their passwords – a legitimate concern after the LastPass debacle – KeePass is a convenient alternative.

    KeePass is a standalone application that provides many of the functions you would expect from a professional password manager, but with some notable exceptions. Absent features include the ability to auto-capture new passwords, syncing across multiple devices, password sharing, and scanning the web for breached accounts.

    KeePass also fails to offer a web interface, browser extensions, or support for multiple platforms. The package comes as a Windows application, although being an open-source project means developers have ported it to other platforms. You’ll find links to these software packages on the KeePass website.

    In KeePass, you can create password databases to store passwords, notes, and documents. These password databases can be copied to other devices, but you’ll have to sync them manually.

    KeePass lacks support for many types of data, such as credit card info and API tokens, by default, but you can customize the utility to support different data types. Instead of autofill, KeePass has an auto-type feature that emulates typing your credentials on the keyboard, a feature than can require a bit of getting used to.

    While this is not the most convenient password manager, it is a decent option for advanced users who want full control of their data and the ability to tinker with the software.

    Operating system password managers

    Alternatively, you can use a tool that comes bundled with your operating system. Most popular among them is Apple’s Keychain, which encrypts and stores your passwords in a secure vault on your device.

    The main advantage of Keychain is its deep integration with the Apple ecosystem. It automatically detects and fills passwords for websites, applications, WiFi networks, and more. It can also be synced to your iCloud account and made available across all your Apple devices, including Mac, iPhone, iPad, and Apple Watch.

    So Keychain is convenient if you only use Apple devices. But if you have other operating systems in the mix (Android, Windows, Linux), then you’ll need a separate password manager. You also won’t be able to use it if you want to log into one of your accounts from a friend’s device or a public computer.

    Resource : https://portswigger.net/daily-swig/password-manager-security-which-is-the-right-option-for-me

    2Mar, 2023
    GitHub’s secret scanning alerts now available for all public repos

    GitHub has announced that its secret scanning alerts service is now generally available to all public repositories and can be enabled to detect leaked secrets across an entire publishing history.

    Secrets are sensitive data accidentally added to GitHub repositories, including API keys, account passwords, authentication tokens, and other confidential data that can enable attackers to perform security breaches or gain access to non-public data.

    Threat actors commonly search public GitHub repositories for authentication secrets to breach networks, steal data, or impersonate the company in their own attacks.

    In December 2022, GitHub began rolling out a beta of a free secret scanning feature to all public repositories that scan for 200+ token formats to help developers find accidental public exposure of sensitive data. Since then, 70,000 public repositories have enabled the new feature.

    Today, GitHub announced that the service is now generally available, and all public repository owners/admins can enable secret scanning alerts to secure their data.

    “As of today, GitHub secret scanning’s alert experience is generally available and free for all public repositories,” reads GitHub’s announcement.

    “You can enable secret scanning alerts across all the repositories you own to notify you of leaked secrets across your full repository history, including code, issues, description, and comments.”

    In addition to notifying the repository owners of leaked secret incidents, GitHub will continue to notify its over 100 secret scanning partners of exposed secrets so that they can revoke the authentication token and notify their customers.

    If it’s impossible to reach a concerned partner, the alert to the admin should be enough to ensure the exposed secrets are removed from the public repositories.

    The code hosting platform uses the example of DevOps Consultant and Trainer @rajbos to highlight the power of the secret scanner and alerts. The developer says he enabled the feature on 13,954 public GitHub Action repositories and found secrets on 1110 of them (7.9%).

    “Even though I train a lot of folks on using GitHub Advanced Security, I found secrets in my own repositories through this,” admits Rob Bos.

    “Despite multiple years of experience, it also happens to myself. That’s how easy it is to include secrets by mistake.”

    Any GitHub user administrating a public repository can easily enable secret scanning alerts by opening the “Settings” tab, clicking on the “Code security and analysis” option under the Security section, and then clicking “Enable” on “Secret Scanning” at the bottom of the page.

    GitHub settings

    Check out GitHub’s documentation for more information about how secret scanning works and how you can make the most of the new feature.

    Resource : https://www.bleepingcomputer.com/news/security/github-s-secret-scanning-alerts-now-available-for-all-public-repos/

    1Mar, 2023
    Application Security vs. API Security: What is the difference?

    As digital transformation takes hold and businesses become increasingly reliant on digital services, it has become more important than ever to secure applications and APIs (Application Programming Interfaces). With that said, application security and API security are two critical components of a comprehensive security strategy. By utilizing these practices, organizations can protect themselves from malicious attacks and security threats, and most importantly, ensure their data remains secure.

    Interestingly enough, despite the clear advantages these disciplines provide, businesses are struggling to understand which security approach is best for their needs. So in this article, we’ll discuss the differences between application and API security, best practices that you should consider, and ultimately make the case for why you need both.

    What is Application Security

    Application security, better known as AppSec, is a critical aspect of any organization’s cybersecurity strategy. Application security helps protect data and systems from unauthorized access, modification, or data destruction by utilizing techniques around authentication and authorization, encryption, access control, secure coding practices, and more.

    The benefits of application security are numerous. It can help protect sensitive data from being stolen or misused, reduce the risk of data breaches, and ensure that applications are compliant with industry regulations. Additionally, application security can help organizations reduce the costs associated with responding to a security incident by providing proactive measures that reduce the risk of a successful attack. Finally, it can also improve customer trust by providing a secure environment for customers to interact with your business.

    According to the ISACA, the five key components of an application security program are:

    1. Security by design
    2. Secure code testing
    3. Software bill of materials
    4. Security training and awareness
    5. WAFs and API security gateways and rule development

    In the next section, we’ll take a look at how API security fits into this framework, as well as where it still needs to be addressed.

    Comparing Application Security vs. API Security

    Though often used synonymously, AppSec and API security are very distinct disciplines. API security helps to protect APIs from unauthorized access, misuse, and abuse. It also helps to protect against malicious attacks such as SQL injection, cross-site scripting (XSS), and other types of attacks. By implementing proper API security measures, organizations can ensure that their applications remain secure and protected from potential threats.

    As you can see, securing APIs is a critical aspect of a proper application security strategy. However, to be clear, API Security is different enough from ‘traditional’ Application Security that it requires specific consideration. AppSec focuses on protecting the entire application while API security focuses on protecting the APIs that are used to connect modern applications and exchange data.

    The biggest difference between an API and an Application is how each impacts the user. APIs are intended to be used by software applications, while software applications themselves are intended to be used by humans. This implies different security controls are required. Now that we’ve got that out of the way, let’s dig into how API security is embedded within four of the five key components of AppSec and where it still needs help:

    Security by design

    The core idea here “is to consider security at the point of architecture and design, before any source code is written or compiled.” The ISACA goes on to say that “controls can include, but are not limited to, the use of web application firewalls (WAFs) and application program interface (API) security gateways, encryption capabilities, authentication and secrets management, logging requirements, and other security controls.”

    With that in mind, in the 2022 Hype Cycle for Application Security, Gartner points out that “traditional network and web protection tools do not protect against all the security threats facing APIs, including many of those described in the OWASP API Security Top 10.” Which illustrates the need for developers and security professionals to consider unique nuances of API protection in their cybersecurity strategy.

    Discover all of the elements to consider when securing APIs by downloading in the in-depth API Security Buyers Guide.

    Secure code testing

    As you can imagine, application security testing (AST) and API security testing are different disciplines. Ultimately the goal of securing the software development lifecycle (SDLC) is the same, but the approaches are fundamentally different. The ISACA recommends pursuing traditional security testing methods like static application security testing (SAST) and dynamic application security testing (DAST). They also recommend supplementing AppSec testing with penetration (pen) testing. The problem here is that APIs require additional testing that these techniques cannot address.

    According to Gartner, “traditional AST tools — SAST, DAST and interactive AST (IAST) — were not originally designed to test for vulnerabilities associated with typical attacks against

    APIs. They go on to say that, “to identify the optimal approach to API testing, they are looking to a mix of traditional tools (such as static AST [SAST] and dynamic AST [DAST]) and emerging solutions focused specifically on the requirements of APIs.” A good example to explain their rationale would be the discovery of each individual endpoint and it’s associated CRUD operations depending on the authentication/authorization. This is something SAST tools simply cannot do.

    You can learn more about the key differences Gartner is calling out by downloading the new ebook, API Security Testing For Dummies.

    Security training and awareness

    According to the ISACA, “all developers should be minimally trained on the Open Worldwide Application Security Project Top 10 list (OWASP Top 10)”. However, this list of web application risks is just a piece of the puzzle. Due to the unique vulnerabilities APIs present, coupled with the rise in API related security breaches, OWASP established the OWASP API Security Top 10. This list addresses the most pressing API threats facing organizations. With that said, it’s important for developers to abide by both lists in order to secure their applications and APIs.

    You can learn how to defend against these critical vulnerabilities in the ebook, Mitigating OWASP Top 10 API Security Threats.

    WAFs and API security gateways and rule development

    There is no denying that both API gateways and web application firewalls (WAFs) are important components of the API delivery stack. To be honest, neither are designed to provide the security controls and observability required to adequately protect APIs. And organizations are now realizing the false sense of security they had thinking their WAF or API gateway were enough to keep their APIs secure.

    The reality is, you need a purpose-built API security platform to find your APIs, evaluate their security posture and monitor for any unusual network traffic or patterns of use. Otherwise, you’re just fooling yourself that your APIs are safe from cyber-attacks. If you’re interested in seeing how these legacy tools measure up to a purpose-built platform, check out this comparison page.

    How Noname Security Provides Comprehensive API Protection

    Noname Security is the only company taking a complete, proactive approach to API Security. Noname works with 20% of the Fortune 500 and covers the entire API security scope — Discovery, Posture Management, Runtime Protection, and API Security Testing.

    With Noname Security, you can monitor API traffic in real-time to uncover insights into data leakage, data tampering, data policy violations, suspicious behavior, and API security attacks. We also provide a suite of over 150 custom-built API security tests based on years of enterprise-grade API security experience, not relying on generalized approaches like fuzzing. You can run the suite of tests on-demand or as part of a CI/CD pipeline.

    Resource : https://thehackernews.com/2023/02/application-security-vs-api-security.html

    25Feb, 2023
    What is Computer Security?

    Technology is growing every day, and as it grows, it transforms our digital world. Internet use is increasing exponentially, making us correspondingly more vulnerable to cyber-attacks. By learning how cybercriminals attack and how to secure our systems and data against those attacks, you will be able to minimize the risk of data breaches and the devastation they bring with them.

    Computer security deals with the protection of computer systems and information from harm, theft, and unauthorized use. The main reason users get attacked frequently is that they lack adequate defenses to keep out intruders, and cybercriminals are quick to exploit such weaknesses. Computer security ensures the confidentiality, integrity, and availability of your computers and their stored data.

    The following topics will be covered in this computer security article:

    1. Why do users get attacked?
    2. Types of attacks
    3. What to secure?
    4. How do you secure your computer?

    Before we learn about computer security, let us understand why users get attacked.

    Why Do Users Get Attacked?

    Before getting into how to secure data from breaches, we must try to understand the motives behind these attacks. By knowing the motives behind the attacks, it’s easy for cybersecurity professionals to secure the systems. The main motives for attacking an organization’s or individual’s computer are: 

    1. Disrupting a business’ continuity: If a business is disrupted, it causes great harm to the organization in the form of lost profits, fraud, and damage to its reputation.
    2. Information theft and manipulating data: Hackers take confidential information that they steal from organizations and sell it to individuals or groups on the black market.
    3. Creating chaos and fear by disrupting critical infrastructure: Cyber terrorists attack a company or a government body to disrupt their services, doing damage that can potentially affect an entire nation.
    4. Financial loss to the target: Hackers attack an organization or business and disrupt their services in such a way that the target has to allocate substantial funds to repair the damage.
    5. Achieving a state’s military objectives: Rival nations continuously keep an eye on each other and sometimes employ cybercriminal tactics to steal military secrets. 
    6. Demanding ransom: The hackers employ ransomware to block a website or servers, releasing control only after a ransom is paid.
    7. Damaging the reputation of target: The hacker may have personal reasons to attack an organization or individual so that their reputation suffers.
    8. Propagating religious or political beliefs: Hackers may infiltrate websites to promote religious dogma or a certain political agenda, usually to sway voters to vote a certain way.

    Also Read: How to Become a Cybersecurity Engineer?

    We will next look at the types of attacks before understanding all about computer security.

    Types of Attacks

    There are many kinds of attacks available to the dedicated hacker. These are among the most famous and frequent types of attacks.

    1. Denial of service (DDoS):

    This is an attack used to restrict the user’s access to the system resources by flooding the server with useless traffic. The botmaster commands all the bots to access a resource at the same time so that the resource gets hopelessly jammed up. Then, if a legitimate user wants to access that same resource, they will not be able to do so. This is illustrated below:

    2. Malware attack:

    This is a malicious program that disrupts or damages the computer. There are four main types of malware:

    • Keylogger: Keylogger records all the hits on the targeted keyboard. Most hackers use it to get passwords and account details.
    • Virus: A computer virus is a malicious code that replicates by copying itself to another program or document and changes how a computer works. The virus, such as the Melissa virus, requires someone to knowingly or unknowingly spread the infection without the knowledge or permission of a user or system administrator. 
    • Worms: This is a standalone program that runs independently and infects the system. One of the more popular examples is W32.Alcra.F. The worm propagates itself through network share devices.
    • Trojan horse: This is a malicious code that takes over your computer. This code can damage or steal information from your computer.

    3. Man in the middle:

    Say, for example, you want to do an online transaction. You connect to your bank and conduct the payment. Simple, right? This is illustrated in the below image:

    Now, while you are doing a transaction, you have to enter the details of your card and the PIN. The cyber attacker spoofs you and monitors your transaction. As soon as you enter your details, he will have access to all of that information, as shown in the below image:

    4. Phishing:

    The attacker sends bait, often in the form of an email. It encourages people to share their details. For example, you get an email like this:

    If someone is a customer of ABC bank, he would probably open the link and enter the details. But these kinds of emails are always phishing. Banks do not send emails like this.

    5. Eavesdropping:

    Attacker observes traffic on your system and the work you are doing. The attacker can monitor you in three ways: 

    • Email monitoring
    • Which websites you visit
    • What items you download

    6. SQL injection:

    As the name suggests, an SQL injection vulnerability allows an attacker to inject malicious input into a SQL statement. This type of attack happens only on websites. The best example would be www.facebook.com. There is a database stored on the Facebook website. The hackers get into that database and sign in using someone else’s username and password.

    7. Password attack:

    To crack a password or find a password, hackers employ the following techniques:

    • Dictionary attack: In this method, they handle every password that is possible through the dictionary
    • Brute force: It is a trial and error method used to decode the password or data. This attack takes the most amount of time.
    • Keylogger: As the name suggests, keylogger records all the hits on the keyboard. Most people use it to get passwords and account details
    • Shoulder surfing: The attackers observe the user’s keyboard by looking over the user’s shoulder.
    • Rainbow table: There are rainbow tables that contain precomputed hash values. Attackers use this table to find the user’s password.

    8. Social engineering:

    Attackers create social situations that encourage you to share your password. For example, let’s say that you are out of your office, and you get a call. The person says that he is from the IT department and they have found out that your system has been compromised. He asks you to share your password. You might believe him and share your password. However, the caller was, in fact, a hacker, and how he has your password. Now that he has access, he can compromise your organization’s data. The best way to avoid the effects of social engineering is to learn your organization’s protocol regarding password sharing.

    So now that we have the why’s and the how’s let’s explore the what’s – Of computer security.

    What to Secure?

    The security of any organization starts with three principles: confidentiality, integrity, and availability. This is called CIA (no relation to the American spy organization!). CIA has served as the industry standard for computer security since the advent of the first mainframes.  

    • Confidentiality: The principles of confidentiality assert that information and functions can be accessed only by authorized parties. Example: military secrets.
    • Integrity: The principles of integrity assert that information and functions can be added, altered, or removed only by authorized people and means. Example: incorrect data entered by a user in the database.
    • Availability: The principles of availability assert that systems, functions, and data must be available on-demand according to agreed-upon parameters based on levels of service.

    We’ve covered the why’s, how’s, and what’s. Now let’s put that information into action and get a better understanding of computer security.

    How Do You Secure Your Computer?

    1. Two-way authentication

    Two-factor authentication adds a layer of security to the authentication process by making it harder for attackers to gain access to a person’s devices or online accounts. For example, when you make online payments, you first have to confirm your card’s cvv number, then you undergo a second confirmation by providing your mobile number.

    2. Secure passwords

    Create strong passwords so that no one will be able to hack or guess your password. The best passwords include:

    • At least 15 characters.
    • Capital letters.
    • Special characters. Example: @#$%.
    • Numbers.

    3. Regular updates

    Always keep your system and all its software updated. Many updates contain additional defenses against cyber attacks.

    4. Antivirus

    Antivirus is a computer program used to prevent, detect, and remove malware. Examples of antivirus include Norton, Quickheal, and McAfee.

    5. Firewalls

    Firewalls prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets.

    6. Anti-Phishing Tactics

    When you get an email that looks suspicious or has no relation to you, then do the following:

    • Do not click on the link in the email.
    • Do not provide any personal details if asked.
    • Do not open the attached files.

    7. Encryption

    This is the process of converting ordinary plain text into unintelligible text and vice-versa. Encryption is used in many applications like: 

    • Banking transactions.
    • Computer passwords.
    • E-commerce transactions.

    Unfortunately, cybercrime is increasing daily, so it’s imperative to have a solid grasp of the best cybersecurity practices. While the internet is transforming and improving our lives, the vast network and its associated technologies have become a lucrative hunting ground for a growing number of cybercriminals, agents from which individuals and businesses must protect themselves.

    The consequences of these attacks can range from the ruin of a business to the crashing of a national economy. Confidential or sensitive data can be lost, privacy violated, and reputations ruined. Your computer could even be used by a hacker to attack other computers, which in turn could send the authorities looking for you!

    If you’d like to learn more about cybersecurity, check out Simplilearn’s Introduction to cybersecurity Course for cybersecurity Beginners. The course is designed to give you a foundational look at today’s cybersecurity landscape and provide you with the tools to evaluate and manage security protocols in information processing systems.

    If you’re already proficient with the basics, consider Simplilearn’s Advanced Executive Program In Cybersecurity or the Cybersecurity Expert Master’s program. This program will equip you with the skills needed to become an expert in this rapidly growing domain. You will learn comprehensive approaches to protecting your infrastructure, including securing data and information, running risk analysis and mitigation, architecting cloud-based security, achieving compliance, and much more with this best-in-class program.

    Not only do these courses empower you with greater cybersecurity skills, but they can also be the foundation for a whole new career! Check out Simplilearn today, and get started.

    Resource : https://www.simplilearn.com/what-is-computer-security-article

    18Feb, 2023
    Ten Security Tips For Employees
    1. Be alert | Use common sense and think twice before clicking links, opening attachments, visiting websites or responding to emails or phone calls. Many cyberattacks can be prevented if you take a moment to consider your actions and potential consequences.
    2. Know how to identify phishing attempts | Be wary of emails or calls that require “immediate action” or ask for personal information. Carefully inspect links to make sure they point to a reputable site before clicking and never respond to messages asking for your username and password. Report suspicious emails to abuse@fsu.edu.
    3. Use 2FA | FSU offers 2-factor authentication (2FA) for myFSU HR, FSU email and other university applications. Consider adding this same protection to other sites or apps when available, such as your personal email or social media accounts. This extra layer of security requires you to verify your identity twice before accessing your account and can protect you from having your email hijacked or paycheck redirected.
    4. Create strong passwords | Make a lengthy password using a combination of uppercase and lowercase letters, numbers and special characters. Use different passwords for different sites and consider using a password manager, such as LastPass, to store your passwords. Also, never share your password with anyone.
    5. Lock your devices | Never leave your devices unattended. Password protect your phone or tablet and log off or lock your screen every time you step away from your computer.
    6. Keep apps and software up to date | Talk with your IT support staff to make sure your work computer is programmed to automatically install updates. Do the same thing for your home computer and mobile devices, and regularly restart all devices to give them a chance to complete the update process.
    7. Limit activities on public Wi-Fi | On campus, always connect to the FSU Secure network. When traveling, either use your cellular network, Eduroam or a virtual private network (VPN) to get secure internet access. If you must use a public network, make sure it is reputable and refrain from accessing sensitive information, such as online banking.
    8. Back up your computer | Talk with the IT support staff in your unit and make sure there is a plan in place to back up your files and data regularly. Computers can utilize cloud storage or external hard drives to store copies of files. Either way, regular backup will protect you from losing all your work or research in the event of a ransomware attack.
    9. Protect personal information | Do not store personally identifiable information—such as employee Social Security numbers, credit card numbers or student email addresses—on your computer unless it’s in an encrypted file.
    10. Attend training | Take advantage of free cybersecurity training resources. Visit the ITS website to register for security awareness training videos, browse training sites or request an on-site cybersecurity presentation for your team.

    Resource : https://www.google.com/search?q=Ten+Security+Tips+For+Employees&sxsrf=AJOqlzXjh-smDhAiYGUk57rD9LPl98oWow:1676696951084&source=lnms&tbm=isch&sa=X&ved=2ahUKEwjH4qjxpp79AhUzTmwGHTIrDPkQ_AUoAXoECAEQAw&biw=1242&bih=597&dpr=1.1#imgrc=WlGblHL9GwCpOM

    7Feb, 2023
    Mobile device security 101

    Personal mobile devices, which are often used for work purposes, are attractive targets for a variety of attacks on corporate infrastructure. Let us look at the features of Endpoint Detection and Response (EDR) systems and learn how they can help protect against targeted attacks targeting mobile devices. 

    In terms of technology, modern smartphones and tablets often surpass the capabilities of a typical employee workstation. The number of mobile devices has been rapidly increasing. It surpassed the number of workstations back in 2015. Being both a personal device (with an installed banking app, user correspondence, photo, and video materials) and, at the same time, an access point to corporate resources, a mobile device is a real treasure trove for a wide range of cyber-attacks.

    Actually, all possible vectors of attacks on workstations are only a subset of attacks on mobile devices due to the presence of many sensors (accelerometer, magnetometer GPS, etc.), admin rights, limited capabilities of antivirus software, not perfect backup and disaster recovery procedures, and uncontrolled connections to insecure wireless networks.

    The issue is made worse because a basic attack targeting only a user’s personal area often can also pose threats to corporate resources, since multi-factor authentication, a common protective measure, is ineffective when a mobile device has been hacked. It is worth noting that keyloggers and other types of spyware can cause a range of other security issues that should not be overlooked.

    As smartphones emerged, the need to safeguard mobile devices led to the development of modified Endpoint Protection Platforms. These new EPPs were explicitly designed to work with mobile operating systems.

    The formation and evolution of EDR, XDR, and EPP solutions for mobile device protection

    The creation of security solutions for endpoints and, in particular, mobile platforms is closely related to the understanding of attack vectors targeting both a specific device and the infrastructure of an organization as a whole.

    Initially, mobile security products were similar to those used on desktop computers. These solutions only included a basic antivirus scanner that primarily used signature detection and a simple firewall. They even could not always send reports to a central server. Obviously, this is not enough in current conditions as attackers use various methods such as introducing malware, exfiltrating\altering data, and network compromise to carry out attacks.

    According to OWASP, the top 10 security risks (including those that threaten mobile apps) include attacks that are far beyond the scope of traditional antivirus solutions. For instance, in recent years, issues related to Broken Access Control have become more common. These problems often occur in legitimate third-party apps on the device rather than in traditional forms of malware.

    The mobile device protection industry has grown to include a broader range of capabilities and expanded coverage. Companies that create mobile security solutions now offer control over network connections, protection against fraudulent apps and SMS phishing, and application access control. According to Gartner, there are over ten essential components that a mobile device protection solution must have in order to be considered a market leader and be included in their “magic quadrant.”

    EPP solutions provide excellent protection against new threats based on already-known malware. However, more sophisticated means are required to protect against less massive, targeted, more aggressive, and more sophisticated attacks. An endpoint security system needs to adapt to the contemporary landscape of complex threats. It must be able to detect advanced attacks aimed at endpoints and quickly respond to detected incidents.

    Such solutions form an independent class of applications – Endpoint Detection and Response, EDR. Gartner researchers identify several mandatory properties of these solutions: prevention, detection, response, and prediction.

    Modern EDRs can:

    • Provide real-time monitoring of endpoints.
    • Detect and prioritize information security incidents.
    • Record and store information on events occurring at endpoints.
    • Provide information for incident investigations.
    • Respond to incidents.
    • Interact with EPP solutions.

    Serious threats can go unnoticed if data for analysis is collected from each device separately. Next-generation solutions (XDR) aim to provide a more comprehensive view of an organization’s security posture by collecting and analyzing data from multiple devices and infrastructure elements. This allows them to detect and respond to threats more effectively, as they can automatically correlate events and actions across the entire organization. XDR systems are designed to cover all security levels of various devices simultaneously.

    XDR collects information from various sources and uses statistical models and machine learning to identify incidents that EDR or EPP solutions would not be able to detect on a single device or when the event is not deemed suspicious on a single device. The unified management console of an XDR system enables you to view, analyze, and respond to threats very quickly. This leads to an improvement in both the overall security of the organization’s infrastructure and the accuracy of alerts.

    EDR/XDR and fraud detection solutions

    The greater the number of sources of information for analysis, the more accurate systems based on machine learning techniques become. When mobile devices are used, it is possible to increase the amount of data gathered in order to identify anomalies and incidents.

    A method that utilizes a significant number of indicators has already proven effective in anti-fraud solutions for safeguarding bank clients from fraud. The banking system analyzes a user’s typical behavior, habits, transactions and alerts the bank about non-standard or risky actions. This is similar to how a comprehensive EDR/XDR security solution operates.

    The basic tech characteristics being analyzed are similar to those used for a laptop or workstation:

    • Versions of applications and operating systems.
    • Any hidden or malicious apps installed.
    • System and network settings.
    • Whether apps have access to important functions, such as the camera.

    This information is complemented by characteristics specific to mobile devices, such as phone calls and SMS history, location, etc. Some solutions already analyze activity from popular messaging apps like WhatsApp or Telegram, which are increasingly becoming the primary way people communicate.

    When analyzing the most advanced attacks, researchers have long noted that the weakest point is the user. Knowing user habits allows voice assistants to guess their preferences. At the same time, it enables security solutions to understand possible negative phenomena in advance. It is no longer enough to rely on antivirus alone. You need a lot of data and advanced analysis tools to deal with modern attacks comprehensively.

    Resource : https://www.securityinfowatch.com/cybersecurity/article/21292863/mobile-device-security-101

    6Feb, 2023
    5 Remote Work Security Problems – And How to Solve Them

    The conversation around remote working, or working from home, often paints it as a phenomenon brought on by the COVID-19 pandemic. But that’s not entirely true — many web entrepreneurs, freelancers and employees with work-from-home permits have been “working from anywhere with internet access” for years.

    That said, the pandemic certainly made working from home a new norm in the daily life of the global population: In 2020, a major portion of the traditional workforce shifted to working partially or entirely from home via remote access. And what’s more, this model is shaping up to become the standard — even as stay-at-home orders have eased. (Also read: Bye Bye Boss, Hello Office of the Future: 2022 Coronavirus Edition.)

    Unfortunately, this shift opened a gold mine to cybercriminals, who didn’t waste a minute before taking advantage of the swathes of less-than-cybersecurity-aware employees accessing confidential information from their home networks. In response, many companies are trying their best to enhance security features in their network to prevent hackers from stealing data. To do this, maintaining web browser security has become essential to ensuring the remote workforce runs safely and smoothly.

    Want to make sure your browser is safe for remote work? Here are five things that may be compromising your browser security, and how to fix them:

    1. Your Browser History

    Your browser history lists the websites you visit when surfing the internet. If malicious actors have access to this information, they can launch phishing attacks against you to get your credentials for those sites. Your credit card, debit cards, or bank details can be compromised to web criminals in this way. (Also read: 10 Biggest Data Breaches of All Time – And How to Prevent Them.)

    The Solution

    Clear your browser cache. This is a good way to remove sensitive information, especially after online banking. You can clear your cache manually or automate it to clear when you close your browser.

    2. Your User Login Credentials

    Saved log-in credentials associated with your email account are vulnerable. That’s because all attackers need to get into (and lock you out of) your accounts is access to your email: Once they have that, they can reset the password to any website you access using credentials associated with your email.

    What’s more, cybercriminals don’t need to be present in front of your computer to steal your data in this way. If they manage to get your email address and password, they can work from any remote location using the internet.

    The Solution

    Avoid saving login credentials in your web browser. Instead, use a password manager to store your credentials using a central master password.

    3. Autofill Information

    Autofill information can also be dangerous. When you log into a website, some browsers will prompt you to save your password for a quick one-click log-in. Some browsers can also autofill your home address while shopping online.

    While it seems convenient, this could be a threat to your browser security: If your device falls in the wrong hands, attackers may find out your home address.

    The Solution

    1. Remove any confidential information or personal details that may already be stored in your browser’s autofill feature.
    2. Turn off your browser’s autofill feature.

    4. Browser Extensions

    Browser extensions require access permissions into confidential areas like browsing history, website content, or perhaps login credentials. As extensions run internally within internet browsers, anti-virus software packages usually can’t observe malicious extensions. Thus, cybercriminals can take this as an opportunity to develop malware-infested extensions and hack users data. These malicious extensions sometimes redirect users to phishing sites or sites containing malicious downloads. (Also read: Social Engineering Attacks: 3 Strategies to Mitigate Risk.)

    The Solution

    Be cautious before choosing browser extensions. Use only genuine extensions; and only use extensions if you need them.

    5. Browser Cookies

    Websites put cookies in computers that help to identify users in the network and their internet surfing behaviors. Cookies are stored locally on your computer. Like browsing history, cookies can reveal any confidential information captured from your internet surfing and online work.

    The Solution

    Disabling cookies could be a solution, but it would affect website functionalities. Instead, Purging cookies periodically can help you stay safe online. Some other recommended precautionary measures include:

    • Locking your computer when you’re away from it.
    • Changing your browser settings for better privacy
    • Activating two-factor authentication for a website.

    Resource : https://www.techopedia.com/5-remote-work-security-problems-and-how-to-solve-them/2/34518