Archive for 2015

3 Reasons Security Certifications Matter

You know the No. 1 attribute of people claiming security certifications don’t matter? They don’t have any. In my years of experience placing security pros in good jobs, it’s that simple. Having the right certifications matters, and here's why.

1.  You will make more money. The 682 IT security professionals responding to the security cut of InformationWeek’s 2013 U.S. IT Salary Survey are unequivocal: Security staffers holding any security certification (CISSP, CISA, CISM) average $101,000 in total compensation vs. $87,000 for those with no certs. For managers, the spread is $130,000 vs. $121,000. Do you really need another reason?


2. Certs show your commitment to the security field. I know you’re serious about cybersecurity as a career, otherwise you wouldn’t be reading this. But how will a hiring manager know?  Easy -- by scanning resumes to see which applicants are committed enough that they’re willing to spend free time studying and doing homework, often paying for the privilege out of their own pockets.
Just 44% of security staffers and 49% of managers in the salary survey expected to get certification reimbursement.I know a person who burned a full week of vacation and paid for lodging to obtain his Cloud Security certification.  As an employer and a hiring manager, that tells me he wants to become better. He’s the type of security professional that any company would be fortunate to have.

3. Certs make you more attractive to potential employers. Building on the above, obtaining a security certification shows you respect the industry and take pride in your profession. That kind of attitude is contagious. Moreover, it shows you’re smart enough to know what you don’t know and look to improve. It takes gumption to acknowledge that there are areas of one’s professional experience that could use a boost. 
Team members see this, and it rubs off.All that adds up to a great employee. That hiring managers get this is a no-brainer. In a side-by-side comparison of otherwise equal candidates, most prefer the one with certs.

Tuesday 29 December 2015
Posted by Sivapriya

What are Watering-Hole Attacks ?

First detected in 2013, watering-hole attacks are one of the newest (and arguably most sophisticated) security threats facing organisations.


By exploiting undetected vulnerabilities in websites and software applications, hackers can lie in wait for their target - before springing a malware-loaded trap on their unsuspecting victim, and compromising their secure systems.

What is a Watering-Hole Attack?
Unlike standard phishing attacks, watering-hole attacks are low-volume and highly-targeted, designed to create a backdoor for attackers to breach a target organisation:

Attackers first identify a vulnerable website that's regularly visited by employees of a target organisation.

  1. Malware is then used to infect the website.
  2. The attackers 'lie in wait' for employees of the target organisation to visit.
  3. Employees become infected with malware, and carry it back to their own secure systems - creating a security backdoor in the process.

By using watering-hole attacks in lieu of phishing, hackers can bypass increasingly sophisticated anti-phishing technology; and by infecting multiple members of the same organisation, secure systems can quickly become compromised. 

Watering-Holes and Zero-Day Vulnerabilities :
Watering-hole attacks are particularly problematic because they infect legitimate, reputable websites - sites that most users would assume to be perfectly safe.


Worse still, watering-hole attacks often go undetected. By using zero-day vulnerabilities, attackers are able to discover and exploit new software vulnerabilities before the vendor is even aware of the problem, or able to issue a fix. 

With an estimated 77% of public websites containing some form of exploitable vulnerability, and 16% containing 'critical' vulnerabilities (allowing attackers to compromise a visitor's computer), one in eight of the world's websites is susceptible to a watering-hole attack - making the problem extremely difficult for organisations to avoid. 

Real-World Watering-Hole Attacks :
In November of last year, Chinese hackers were able to exploit zero-day vulnerabilities in Microsoft's Internet Explorer and Adobe's Flash Player to compromise the Forbes website.

The site was attacked because of the prevalence of senior executives and professionals using the website. As the COO of anti-malware company Invincea, Norm Laudermilch, noted: “This was clearly a targeted attack against a specific group of organizations” - with several high-profile defense and financial sector organizations successfully targeted as a result.

Defending Against Watering-Hole Attacks :
Watering-hole attacks are hard to recognise; and with so many of the world's websites vulnerable to these types of attacks, it simply isn't viable to prevent your employees from accessing potentially compromised websites. 

Thankfully, watering-hole attacks are still a relatively uncommon phenomenon, and though they're growing in popularity, organisation-wide security awareness training is still a viable tool for minimising the likelihood of a successful attack. 

If employees are able to recognise the hallmarks of suspicious software, links and websites, the chances of a successful malware infection can be reduced. Even in the event of a successful attack, the risks of serious data loss can be minimised, by ensuring employees understand the right procedures for reporting potential threats to IT and security teams. 
Monday 28 December 2015
Posted by Sivapriya

What is Penetration Testing and Why is It Important?

Penetration testing (otherwise known as pen testing, or the more general security testing) is the process of testing your applications for vulnerabilities, and answering a simple question: "What could a hacker do to harm my application, or organisation, out in the real world?".


An effective penetration test will usually involve a skilled hacker, or team of hackers. You purposefully ensure that the hacker(s) don't have access to any source code, and ask them to try to gain access to your systems. Penetration tests can be carried out on IP address ranges, individual applications, or even as little information as a company name.The level of access you give an attacker depends on what you are trying to test.

To give a few examples of penetration tests you could run:

1.You could give a team of penetration testers a company's office address, and tell them to try and gain access to their systems. The team could employ a huge range of differing techniques to try and break into the organisation, ranging from social engineering (e.g. asking a receptionist if they can take a look in a computer room to run safety checks, and installing USB keyloggers) through to complex application specific attacks.  

2.A penetration tester could be given access to a version of a web application you haven't deployed yet, and told to try and gain access or cause damage by any means possible. The penetration tester will then employ a variety of different attacks against various parts of the application in an attempt to break in.

One thing which is common amongst all penetration tests, is that they should always have findings. There is no perfect system, and all organisations can take additional steps to improve their security. The purpose of a penetration test is to identify key weaknesses in your systems and applications, to determine how to best allocate resource to improve the security of your application, or organisation as a whole.

Why Are Penetration Tests Important?
`
1.They can give security personnel real experience in dealing with an intrusion. A penetration test should be done without informing staff, and will allow an organisation to test whether its security policies are truly effective. A penetration test can be imagined much like a fire drill.
2.It can uncover aspects of security policy that are lacking. For example, many security policies give a lot of focus to preventing and detecting an attack on an organisation's systems, but neglect the process of evicting an attacker. You may uncover during a penetration test that whilst your organisation detected attacks, that security personnel could not effectively remove the attacker from the system in an efficient way before they caused damage.
3.They provide feedback on the most at risk routes into your company or application. Penetration testers think outside of the box, and will try to get into your system by any means possible, like a real world attacker would. This could reveal lots of major vulnerabilities your security or development team never considered. The reports generated by penetration tests provide you with feedback on prioritising any future security investment.
4.Penetration testing reports can be used to help train developers to make fewer mistakes. If developers can see how an outside attacker broke into an application or part of an application they helped develop, they will be more motivated to improve their security education, and avoid making similar errors in the future.
Wednesday 16 December 2015
Posted by Sivapriya

Ranganathaswamy Temple's Website Hacked.

Hours after the start of 20-day Vaikunda Ekadasi festival, unidentified persons hacked the official website of Sri Ranganathaswamy Temple, Srirangam, in the early hours on Saturday.

The hacking came to light when devotees were trying to get information on the website,www.srirangam.org. It displayed messages supporting Kashmiri terrorists and Pakistan.


On information, the temple authorities blocked the page. The website, which was designed and maintained by a private company on behalf of the temple, was restored around 11 a.m. on sunday.

P. Jayaraman, Joint Commissioner, Hindu Religious and Charitable Endowment, told that "all data and information were safe". The website was successfully restored within a few hours. It would continue to provide information to people as usual. 

The temple administration would take all possible steps to protect the website from hacking and experts have been asked to study the issue in detail, he said.Cyber police suspect that some Pakistan-based hackers could have hacked the website, which was temporarily suspended.     

A formal communication is expected to be sent through the State CB-CID which is the nodal agency to liaise with the Interpol. Consequent to the hacking, the Srirangam police had registered a case under IPC section 504 (Intentional insult with intent to provoke breach of the peace) read with Sections 43 and 66 of the Information Technology Act on a complaint from the temple’s Joint Commissioner.

The sources said the website’s administrator was based in Madurai. The hacking took place at a time when the Tiruchi City Police had drawn up a detailed security scheme for the temple in connection with the ongoing Vaikunta Ekadasi celebrations.

Exactly a year ago, the website of the Thanjavur Maharaja Serfoji Saraswathi Mahal’s official website was hacked. Although the Thanjavur district police registered the First Information Report, the case was subsequently transferred to the CB-CID, said police sources.
Commissioner of Police, Tiruchi city, Sanjay Mathur told that an Inspector attached to the Cyber Crime wing had been asked to inquire into the complaint.

The temple authorities had been asked to strengthen the security features of the website.



Monday 14 December 2015
Posted by Sivapriya
Tag :

World’s Fastest Password Cracking Tool Hashcat Is Now Open Source

The world’s fastest cracking tool Hashcat is now open source. The company has called it a very important step and listed out the reasons that inspired them to take this step.


If you are into password cracking, you might be aware of the fact that Hashcat is one of the most popular CPU-password recovery tools that is available for free. Hashcat is known for its speed and versatile nature to crack multiple types of hashes.
Now, going one step ahead, Hashcat has taken an important step of making Hashcat and oclHashcat open source. Hashcat is a CPU-based password recovery tool and oclHashcat is a GPU-accelerated tool.

In its latest blog post, Hashcat mentions the reasons behind this step. Whenever any software decides to go open source, the license matters the most. Hashcat used the MIT license, that allowed an easy integration or packaging of the common Linux distros, along with packages for Kali Linux.

Due to the adoption of open source path, now it’ll be easier to integrate external libraries in Hashcat. At the moment, hashcat/oclHashcat doesn’t need any external libraries, but if the need arises, now you’ve got the option.

Mentioning another major improvement, Hashcat writes that before going open source, there was no native support for OS X as Apple doesn’t support “offline” compiling of the kernel code. With open source license, now you can easily compile the kernels using Apple OpenCL Runtime JIT.

According to the company, another inspiration for going open source was the implementation of bitsliced DES GPU kernels.

Hashcat offers multiple types of attack modes. Take a look:
  • Brute-Force attack
  • Combinator attack
  • Dictionary attack
  • Fingerprint attack
  • Hybrid attack
  • Mask attack
  • Permutation attack
  • Rule-based attack
  • Table-Lookup attack
  • Toggle-Case attack
  • PRINCE attack

Thursday 10 December 2015
Posted by Sivapriya

Google Is Powering A New Search Engine That Digs Internet’s Dirty Secrets


Ever heard of Shodan and ‘appreciated’ its capabilities? Here, you are going to read about another similar, but a smarter hacker’s search engine. This search engine is called Censys and powered by Google’s infrastructure. Read more to know how it works and its strengths.

If you consider the usability and security factors, the humble routers and modems installed in your homes and offices are one of most important devices. However, time and again, the manufacturers have taken the security issue for granted.
According to the latest research by the Austrian company SEC Consult, more than 3 million modems and routers are vulnerable to on-line threats. This was uncovered with the help of a new search engine Censys, that is aimed to help the security researchers find such screwups.

Notably, world’s biggest search engine Google is providing its infrastructure to power Censys. This search engine is free to use and part of an open source project. “We’re trying to maintain a complete database of everything on the Internet,” says Zakir Durumeric, the University of Michigan researcher who is leading the project.

How Censys works?
Durumeric, along with other scholars, developed a software called ZMap which is used to collect search data and power the search engine. ZMap scans more than 4 billion IP addresses and collects new data every day. Depending upon the received data, Censys knows the encryption method (read “security flaw”) used by the devices beaming internet all around your home.

On its website, Censys writes: “Driven by Internet-wide scanning, Censys lets researchers find specific hosts and create aggregate reports on how devices, websites, and certificates are configured and deployed.”

About Google’s competition, Censys says that it’s “extremely grateful to Google, who graciously provides much of the infrastructure that powers Censys.”

The major competitor of Censys is “hacker’s search engine Shodan“. While Shodan employs a similar method, but a different and less advanced software. In their first impression, these “creepy” search engines might sound scary, but they are here to find the flaws in our devices and make the internet a safer place.
Tuesday 8 December 2015
Posted by Sivapriya

Spear phishing is a type of targeted email scam.

Even as organisations improve their security, and begin to filter out the huge amounts of spam emails they receive each and every day, the security landscape is changing.
Phishing attacks have evolved, have a much bigger problem to contend with: Spear phishing.

What is Spear Phishing?
Spear phishing is a type of targeted email scam. Highly personalised emails are sent to the employees of an organisation, from an apparently trusted source. The emails contain some form of malware, or a link to a website harboring malicious code, in order to extract sensitive information and login credentials.


These attacks are often designed for the collection and resale of sensitive information. In some instances, they can even be used to cripple an organisation's IT infrastructure. 

Government and professional services industries are at the greatest risk of spear phishing, with large enterprise organisations bearing the brunt of the attacks since 2012. With more employees to target, the chances of success are greater; offering access to huge amounts of sensitive (and valuable) information in the process (Symantec Internet Security Threat Report, 2014).

6 Ways to Reduce the Risks of Spear Phishing Attacks :

1) Raise Awareness of Spear Phishing
Spear phishing attacks rely on a handful of relatively simple principles, and by recognising the hallmarks of these types of attacks, it's possible for employees to identify attempts at spear phishing.

Some common characteristics include:
-Unexpected or confusing emails.
-Written URLs that differ from the hyperlinks attached to them (like facebook.com leading to a -website called facebbook.com or fbaction.net)
-Poor spelling and grammar.
-Requests for personal information.
-The overuse of particular phrases, like 'Re:', 'order', 'payment', 'purchase order', etc.
-The email simply doesn't look right.


2) Create an Inbound Email Sandbox
Email sandboxing is a way of executing your email's software and attachments in a contained environment, separate from your organisation's IT infrastructure. After execution, the sandbox can be deleted, taking any malicious executables with it.
If employees regularly receive emails with malicious attachments, sandboxing your email client can be a great way of allowing employees to engage with their emails, without putting the wider organisation at risk.
3) Create a BYOD Policy
Importantly, sandboxing will only offer protection to emails opened within the organisation's own email client. By accessing those same malicious emails through a personal email client, connected to the organisation's network, malicious software can still compromise the network.
To reduce the risks of this happening, it's important to understand the impact of Shadow IT, and develop a defined Bring Your Own Device (BYOD) policy: a set of codified standards, rules and best practices for the use of personal devices in the workplace.
4) Improve Social Media Awareness
Much of the information used to personalise spear phishing emails is collected from social media. By encouraging social media awareness, and even rolling out social media security training, you'll help employees to secure their personal data, reducing the efficacy of spear phishing in the process. 
5) Use a Password Management Tool
Many spear phishing attacks are used to collect usernames and passwords, to gain access to an organisation's software and data. The problem is worsened by employees using the same insecure passwords across multiple accounts, making it easy for hackers to gain access to dozens of secure systems. 
A password management tool will make it easier for employees to manage and use unique, secure passwords; reducing the likelihood that a single compromised password will cause a devastating amount of damage.
6) Address the Human Risk to Security
Spear phishing works because it targets the end-user, and in doing so, creates a way to bypass most conventional security systems. 
As a result, the only tried-and-tested way to reduce the impact of spear phishing is to educate your employees. This extends beyond spear phishing; by creating a culture of awareness, employees will feel empowered to identify, raise awareness of, and act upon all forms of potential security threats.

To know more..Click Here

Tuesday 1 December 2015
Posted by Sivapriya

Ethical Hacking Training and Workshop in Vellore

About :
This class will immerse the student into an interactive environment where they will be shown how to scan, test, hack and secure their own systems. The lab intensive environment gives each student in-depth knowledge and practical experience with the current essential security systems. Students will begin by understanding how perimeter defences work and then be lead into scanning and attacking their own networks, no real networks is harmed. Students then learn how intruders escalate privileges and what steps can be taken to secure a system.


Prerequisites: 
Anyone who is concerned about the integrity of the network infrastructure and significantly benefit Security officers, auditors, security Professionals, site administrators.

Our Training Method :
Train in a ready-to-learn comfortable environment
Interact with Cyber Security Specialist & Security expert instructors
Get hands-on labs, industry oriented experience
Results-oriented course content
Highest Pass Rates
Choose from Day, Evening & Weekend Classes to meet your busy schedule.
Real time  Placement assistance on successful completion of the course.

Modules :
-Introduction to Ethical Hacking
-Foot printing and Reconnaissance
-Scanning Networks
-Enumeration
-System Hacking
-Malware Threats
-Evading IDS, Firewalls and Honey pots
-Sniffing
-Social Engineering
-Denial of Service
-Session Hijacking
-Hacking web server's
-Hacking web applications
-SQL Injection
-Hacking Wireless Networks
-Hacking Mobile Platforms
-Cloud Computing
-Cryptography

Session and Training Schedule:  
Weekdays (30 days) – 5 days/week  
2 Hours/day - 1 Hour Theory, 1 Hour Practical  

Weekends (4 weeks) – 2 days/week  
4 Hours/day - 2 Hours Theory, 2 hours Practical 

Our Institute Location:  

Redback IT Solutions Private Limited,  
#AL 24 TNHB PHASE III, 
Sathuvacheri,( Near Vallalar Water Tank)  
Vellore. 632602 

Contact :  
Training Coordinator  
+91 8189985551 


Friday 27 November 2015
Posted by Sivapriya

CCNA Training in vellore

About :
Cisco Certified Network Associate (CCNA) validates the ability to install, configure, operate, and troubleshoot medium-size routed and switched networks, including implementation and verification of connections to remote sites in a WAN.
Skills and knowledge gained through training for the CCNA certification are immensely valuable in the networking field as the topics covered during the CCNA training program provide the basis for all networking topologies and protocols. 


Cisco certifications have benefited both the employee as well as the employer. It is a known fact that many people have literally changed their lives and have got real benefits and acquired valuable skills in the process of becoming certified. There are innumerable instances where individuals having more than ten years or so in their networking career feel the need of getting CCNA certified.

Modules Covered :
IP data network operation
LAN switching technology
IP addresses
IP routing technology
IP services
Network device security
Troubleshooting
WAN technology

Prerequisites:
Anyone with a graduate degree. 
Knowledge of using computer. 
Basic internet skills.

Course Highlights: 
Up-to-date modules focusing on the current industry needs. 
Boost your skills to induce creativity. 
Structured learning with live projects from day one. 
Additional practical sessions with expert faculty training.
Real time Placement assistance on successful completion of the course.

Session and Training Schedule: 
Weekdays (30 days) – 5 days/week 
2 Hours/day - 1 Hour Theory, 1 Hour Practical 
Weekends (4 weeks) – 2 days/week 
4 Hours/day - 2 Hours Theory, 2 hours Practical 

Our Institute Location: 
Redback IT Solutions Private Limited,
#AL 24 TNHB PHASE III, 
Sathuvacheri,( Near Vallalar Water Tank) 
Vellore. 632602 

Contact : 
Training Coordinator 
+91 8189985551




Sunday 22 November 2015
Posted by Sivapriya

MCITP Training in Vellore

About :
The MCITP Server Administrator certification will help you develop and demonstrate your knowledge and skills in working with Server 2008 and prepare you for several different roles.The MCITP certification  builds on a combination of MCTS (Microsoft Certified Technology Specialist) prerequisites that will allow you to develop your technical skills and knowledge and prepare you for your role as a Server Administrator.


Prerequisites: 
Anyone with a graduate degree.
Knowledge of using computer.
Basic internet skills.

Course Highlights: 
Up-to-date modules focusing on the current industry needs. 
Boost your skills to induce creativity. 
Structured learning with live projects from day one. 
Additional practical sessions with expert faculty training. 
Real time  Placement assistance on successful completion of the course.

Available MCITP tracks include:
- MCITP: Enterprise Desktop Support Technician 7
- MCITP: Enterprise Desktop Administrator 7
- MCITP: Consumer Support Technician
- MCITP: Enterprise Support Technician
- MCITP: Enterprise Administrator
- MCITP: Server Administrator
- MCITP: Windows Server 2008 R2, Virtualization Administrator
- MCITP: Database Administrator 2008
- MCITP: Database Developer 2008
- MCITP: Business Intelligence Developer 2008
- MCITP: Database Administrator
- MCITP: Database Developer
- MCITP: Business Intelligence Developer
- MCITP: Enterprise Project Management with Microsoft Office Project Server 2007
- MCITP: Enterprise Messaging Administrator 2010
- MCITP: Enterprise Messaging Administrator 

In preparation for your MCITP you will learn how to:
Handle day to day management of the server OS, file structure and directory services.
Handle software distribution and updates.
Monitor servers.
Troubleshoot servers.
Configure the server.
Implement an auditing policy.
Perform scheduled vulnerability assessment scans.

Session and Training Schedule: 
Weekdays (30 days) – 5 days/week 
2 Hours/day - 1 Hour Theory, 1 Hour Practical 
Weekends (4 weeks) – 2 days/week 
4 Hours/day - 2 Hours Theory, 2 hours Practical 

Our Institute Location: 
Redback IT Solutions Private Limited, 
#AL 24 TNHB PHASE III, Sathuvacheri,( Near Vallalar Water Tank) 
Vellore. 632602 

Contact : 
Training Coordinator 
+91 8189985551 
Wednesday 11 November 2015
Posted by Sivapriya

Hardware and Networking Training in Vellore

About :
Computer hardware professionals take care of the maintenance of computer hardware, while networking involves connecting a group of 2 or more computer systems for sharing data and information. The professionals engaged in R&D of computer hardware and networks are known as hardware and networking engineers. Besides looking after computer maintenance they are also liable for supervising and designing the hardware installation and manufacturing process. 


The increasing use of computer, laptops and Internets has expanded the scope of hardware and networking sector widely.Hardware and networking professionals can find ample job opportunities in different sectors such as education, films, banking, media, animation, hardware and networking product manufacturing and entertainment.
Based on the technical experience one can be appointed at different positions such as system integrator, networking professional, PC assembler, PC technician, technical support executive, peripheral engineer, computer manufacturer,computer chip designer, system administrator, electronic data processing managers and system engineers. Besides this one can even start one’s own hardware assembling firms to develop hardware and network computers depending on the demand and needs of different clients.

Scope of hardware and networking courses in India :
The recent surveys reveal that the hardware and electronics sector is expected to expand above $60billion in India. The wide recognition of software industry in India dominates the hardware sector. But the situation is likely to change in the near future. The number of hardware and networking jobs is expected to grow extensively in India.
Presently, the hardware job market is saturated. There is a huge gap between the demand and supply of hardware pass outs. For this reason students are opting to start their ventures for assembling and hardware maintenance.

Prerequisites:
Anyone with a graduate degree.
Knowledge of using computer.
Basic internet skills.

Course Highlights:
Up-to-date modules focusing on the current industry needs.
Boost your skills to induce creativity.
Structured learning with live projects from day one.
Additional practical sessions with expert faculty training.
Real time 
Placement assistance on successful completion of the course.

Our Course Modules :
Hardware:
Information on PC & how it works
Basic Electronics & Measuring Instruments
Principle of Digital Electronics & Networks
Operating System & Network package
Architecture of the system & networks
Microprocessor & its Application
PC Assembling , Designing Networks
Trouble shooting and Managing Systems

Networking :
Physical Layer [Hub, UTP]/ NIC/ MAC Address/ Broadcast MAC/ Switch
IP Address structure.
Subnetting
LAN communication process.
Routing Logic
NAT
Network Packet Structure
IPv6
DHCP
DNS
Packet Filters

Session and Training Schedule:
Weekdays (30 days) – 5 days/week
2 Hours/day - 1 Hour Theory, 1 Hour Practical

Weekends (4 weeks) – 2 days/week
4 Hours/day - 2 Hours Theory, 2 hours Practical

Our Institute Location:
Redback IT Solutions Private Limited,
#AL 24 TNHB PHASE III,
Sathuvacheri,( Near Vallalar Water Tank)
Vellore. 632602

Contact :
Training Coordinator
+91 8189985551 
Tuesday 10 November 2015
Posted by Sivapriya

Five of the biggest hacks

1. Operation Shady RAT
Last year security firm McAfee revealed details of Operation Shady RAT (RAT is an acronym for Remote Access Tool), a hacking campaign that took place over several years. The networks of 72 organisations across the world were targeted in the campaign which began in mid-2006, or perhaps earlier, and continued until at least 2010. Targets included the United States government, the UN, 12 US defence contractors and several technology firms.
McAfee said it believed that a “state actor” was behind the attacks and that it was impossible to say how much data was stolen. Though McAfee declined to say which country was behind the attacks, most experts believe China to be the most likely perpetrator.

2. TJX
The precise details of large-scale financial hacks are often kept private but there are several attacks that are contenders for the title of ‘most expensive hack’. One is the 2007 attack on American firm TJX, which was mounted from an insecure WiFi network in one of the company’s TJ Maxx shops. More than 45 million people had their credit card details stolen and some experts said the actual figure was likely to be closer to 94 million.


3. Heartland Payment Systems
This New Jersey payment processing firm lost data on tens of millions of credit cards in an attack in 2009. Around 175,000 businesses were affected by the theft, which was led by hacker Alberto Gonzalez, who was also implicated in the TJX attack.

4. Epsilon
The world’s largest email marketing firm, Epsilon, confirmed in 2011 that it had been the target of hackers. Only names and email addresses were stolen from the firm, which handles more than 40 billion emails every year more than 2,000 brands worldwide including Marks and Spencer. The scale of the theft was unprecedented.

5. Sony PlayStation Network
In 2011, hackers gained access to Sony’s PlayStation Network, putting at risk credit card data for more than 70 million people. The gaming service was closed for weeks and customers were eventually compensated with free games and subscriptions. Though the culprits were never caught, it is now believed that no data was stolen and the attack was intended to simply embarrass Sony.
Sunday 8 November 2015
Posted by Sivapriya

A zero-day exploit : An advanced Cyber Attack defined

A zero-day vulnerability, at its core, is a flaw. It is an unknown exploit in the wild that exposes a vulnerability in software or hardware which can create complicated problems well before anyone realizes something is wrong. In fact, a zero-day exploit leaves NO opportunity for detection... at first.


Vulnerability Timeline :
A zero-day attack happens once that flaw, or software/hardware vulnerability is exploited, and attackers release malware before a developer has an opportunity to create a patch to fix the vulnerability, hence “zero-day.” 
Let’s break down the steps of the window of vulnerability:

  1. A company’s developers create software, but unbeknownst to them, it includes a vulnerability
  2. The threat actor spots that vulnerability either before the developer does, or acts on it before the developer has a chance to fix it
  3. The attacker writes and implements exploit code while the vulnerability is still open and available
  4. After releasing the exploit, either the public recognizes it in the form of identity or information theft, or the developer catches it and creates a patch to staunch the cyber bleeding.

Once a patch is written and used, the exploit is no longer called a zero-day exploit. These attacks are rarely discovered right away. In fact, it often takes not just days, but months, and sometimes years before a developer learns of the vulnerability that led to an attack.

Read more ..
Wednesday 4 November 2015
Posted by Sivapriya

Tips for Improving Router Security

With the recent news of router vulnerabilities, we thought it would be an excellent time to provide a few tips for improving your router security. While nothing is hack-proof in the world we live in, you can take many steps to deter attackers from targeting you. I have arranged this from easy to do, to increasingly technical.


  1. This step may be common knowledge to many, but most routers use a default login username such as “admin”, and a password that is usually just “password”. The first step you should take when acquiring a router is to change this to a username you have created, and create a strong password for access. Please note that this is different than your Wi-fi name and password.
  2. Once you have set the router login, you will want to create a password and name for your connection. I generally advise changing it from the default to something that is not personally identifiable. Ideally you do not want your router manufacturer (Netgear. Linksys, etc.) or address as your Wi-fi Name. To add to this, I always advise to go with WPA2 over WPA or WEP. A long passphrase is important here and I would aim for more than 20 characters.
  3. To add to the previous step, you can entirely disable the SSID broadcast so that only users that know your network name can connect and I advise doing this.
  4. If you plan on having guests, create an entirely different Guest network. It is never advisable to give the credentials to your main connection.
  5. Unfortunately convenience generally leads to weaker security in our world. That WPS (Wi-fi Protected Setup) button may be incredibly easy to use, but for security reasons it is generally not advised to use this feature. This can allow an attacker to attempt connection with a PIN and even a longer PIN can be brute-forced fairly quickly with modern technology.
  6. Always make sure the firmware for your router is up to date. I would advise logging into your router regularly to check for updates. This is frequently neglected and should not be.
  7. Disable Remote Administrative Access to your router, and disable administrative access over Wi-Fi. This one is a given and an Admin should only be connecting via a wired Ethernet connection.
  8. The next step I usually advise people to take is to change the default IP ranges for their router. Almost every router has an IP resembling 192.168.1.1 and changing this can help prevent CSRF (Cross-Site Request Forgery) attacks.
  9. Restrict access to the router via MAC addresses. You can specify exactly what devices you want to connect so that others are not permitted. You can usually identify the address of the specific device in the Admin Console of the router.
  10. If the devices you use are compatible, it is generally advisable to change from the standard 2.4-GHz band, to the 5-GHz band. This decreases the range of the signal and could stop a potential attacker that is farther away from your router from discovering it.
  11. Disable Telnet, PING, UPNP, SSH, and HNAP if you can. You can close them entirely, but I generally advise putting them into what is referred to as “Stealth” mode. This stops your router from responding to external communications.
  12. Once you have gone through these steps, make sure that you log out of the router. This does not just apply to routers though. You should log out of any website, utility, or console when you are done using it.
I would certainly advise taking all of the steps above but if you cannot do them all, the more the better. “Better Safe Than Sorry” should be common practice in the cyber security world.
Posted by Sivapriya

WhatsApp Found Collecting Data on Calls and Phone Numbers

WhatsApp, one of the most popular online calling apps, has been exposed by a group of researchers who identified how app’s internal protocol is storing call duration and personal information of the participants.


Though, WhatsApp has never claimed itself to be an anonymous calling service but this new research has unveiled new information on how the app’s communication systems have been powered.

According to the researchers at the University of New Haven, WhatsApp uses FunXMPP protocol (deviated version of XMPP) XMPP has been used by Google for one its communication services, the Gtalk.

The researchers also analyzed the exchanges of messages between the Android phone and WhatsApp server. What they found was that WhatsApp has set up a complete system of gathering the data.

First they authenticated the users involved in the call and then a communication channel was setup using Opus codec at 8 or 16 KHz. After this, they established the call’s relay servers and endpoint IP addresses.

The scraping of data doesn’t end here; researchers were able to identify the app sending Metadata like phones number, timestamp, audio codec for the call and the call duration to its servers.

Read More ..




Tuesday 3 November 2015
Posted by Sivapriya

widget

Pageviews

Cloud Label

Blogumulus by Roy Tanck and Amanda Fazani

Blog Archive

- Copyright © 2013 Redback IT Academy -- Powered by Redback - Designed by @ Redback Studio -