Νέα Ασφάλειας

Phishing

It is a social engineering attack which directs the users to the fake pages and get sensitive information such as usernames, passwords, and credit card details.

Attackers using this method widely to get your Financial data’s such as net banking credentials, Credit, Debit card details.

Keystroke Logging

Attackers use to push malicious software via fake updates, Free software and also tricks the users into downloading a software.

Once you have the software installed attackers can capture keystrokes that you are entering in the computer.

Malware

Threat actors can install malicious software in ATM, or your workstation which allow attackers to gain complete control over the system and to steal your valuable financial data.

Card trapping

Innovative method used by crooks to steal your debit card details. Attackers setup a barb which holds your card when inserted into the machine and releases the card later. Attackers use this method to steal debit card details.

Skimming

With this method attackers will setup a reader in the ATM which reads all the debit card information once inserted into ATM machine. It reads the data with the help of a magnetic strip on the card.

Hidden Cameras

Hidden cameras can be used in many ways, attackers can install it in focusing your workstation to find the passwords that your entering in, ATM machines to watch the keys pressed.

Vishing

Type of phishing method, using SMS or Phone Calls to find targets with the purpose of revealing password, PIN or account number via Phone conversations.

The information contained in this website is for general information purposes only. The information is gathered from TechIncidents while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.
Through this website, you are able to link to other websites which are not under the control of CSIRT-CY. We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them.
Every effort is made to keep the website up and running smoothly. However, CSIRT-CY takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.

Most people rely on Outlook email address for work-related as well as personal tasks. Unfortunately, Outlook may not be as secure as we users would like to think. According to a report published by information security training experts at the Carnegie Mellon Software Engineering Institute, Outlook comes with a security bug that could trigger password hash leaks when users’ preview Rich Text Format emails that contains remotely hosted OLE objects.

This security vulnerability exists because the Redmond giant doesn’t use strict content verification and restrictions when loading items from a remote SMB server. On the other hand, the same vulnerability cannot be exploited when accessing web-hosted content as Microsoft applies much stricter restrictions when dealing with this type of content.

Outlook doesn’t load web-hosted images in emails in order to protect users’ IP addresses. However, when users access RTF email messages that contain OLE objects loaded from a remote SMB server, Outlook does load the respective images.

This leads to a series of leaks that include IP address, domain name, and more as the reports explains:

Outlook blocks remote web content due to the privacy risk of web bugs. But with a rich text email, the OLE object is loaded with no user interaction… Here we can see than an SMB connection is being automatically negotiated. The only action that triggers this negotiation is Outlook previewing an email that is sent to it… I can see that the following things are being leaked: IP address, domain name, user name, host name, SMB session key. A remote OLE object in a rich text email messages functions like a web bug on steroids.

Microsoft partially fixes the problem. Microsoft recently rolled out a hotfix on Patch Tuesday to fix this security issue. According to information security training experts, this solution is not 100% safe as it fails to block all remote SMB attacks.

Once this fix is installed, previewed email messages will no longer automatically connect to remote SMB servers. This fix helps to prevent the attacks outlined above. It is important to realize that even with this patch, a user is still a single click away from falling victim to the types of attacks described above. For example, if an email message has a UNC-style link that begins with “\\”, clicking the link initiates an SMB connection to the specified server.

 

The information contained in this website is for general information purposes only. The information is gathered from Security Newspaper while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.
Through this website, you are able to link to other websites which are not under the control of CSIRT-CY. We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them.
Every effort is made to keep the website up and running smoothly. However, CSIRT-CY takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.

 

 

Leveraging machine learning for cybersecurity

Data breaches and cyber attacks have become harder to deter over the last few years. According to Cisco’s 2018 Annual Cybersecurity Report, for example, the expanded volume of both legitimate and malicious encrypted traffic on the web has made it more difficult for security professionals to recognize and monitor potential threats. As a result, many security professionals are looking to leverage machine learning to advance cybersecurity.

What is machine learning?

Before exploring the ways machine learning can improve cybersecurity, it is important to first understand what machine learning actually is. To begin with, machine learning is not one in the same with artificial intelligence (A.I.), which is part of a broader initiative to enable computers to reason, solve problems, perceive and understand language. Rather, machine learning is a branch of A.I., and involves training an algorithm to learn and make predictions based upon data input. Netflix, for example, uses machine learning and algorithms to make show recommendations, while search engine giant Google uses the technology to collect signals for better search quality.

Monitoring and responding to suspicious traffic

One way machine learning can be used to improve cybersecurity is by monitoring network traffic and learning the norms of a system. A well-trained machine learning model will be able to spot atypical traffic within a network and quarantine an anomaly. Most machine algorithms typically send an alert to a human analyst to determine how to respond to a threat; however, some machine learning algorithms are able to act on their own accord, such as thwarting certain users from accessing a network.

Automating repetitive tasks

Another way machine learning can help propel cybersecurity is by automating several repetitive tasks. For example, during a data security breach, an analyst has to juggle multiple responsibilities, including determining what was exactly stolen, how it was taken and fixing the network to stop similar future attacks. With machine learning, many of these tasks can be automatically deployed, significantly reducing the amount of time it takes to fix the vulnerability in return.

Complementing human analysis

Machine learning can also be used to complement human analysis. For example, in a paper published in 2016, MIT and PatternEx researchers demonstrated an A.I. platform could predict cyber attacks significantly better than existing systems by continuously incorporating input from human experts. Specifically, the team illustrated the platform could detect 85% of attacks, which was approximately three times better than previous benchmarks. It also reduced the number of false positives by a factor of five. Generally speaking, machine learning technologies can be used to provide around the clock analysis, or assist junior analysts who have higher error rates in their ability to assess a threat.

Preventing zero-day exploits

Additionally, machine learning can be leveraged to combat zero-day exploits, which occur whenever a cyber criminal is able to seize upon a software vulnerability before a developer is able to release a patch for it. IoT devices are largely targeted by zero-day exploits since they often lack basic security features. Vendors are typically given a certain amount of time to patch the vulnerability before it is publicly disclosed, depending upon its severity. Machine learning could be used to narrow in on and prevent these sorts of exploits before they have a chance to take advantage of a network.

Limitations

None of this is to stay machine learning will make cybersecurity perfect. Like any technology, machine learning is a double edge sword. Both cybersecurity professionals and criminals are in an arms race to outsmart each other with machine learning. Although machine learning is effective at preventing the same attack from occurring twice, the technology is challenged to predict new threats based upon previous data. Nor are all machine learning systems created equal. Different machine learning systems have different error rates in pinpointing and responding to threats. And while machine learning can be used as part of a company’s overall cybersecurity strategy, it shouldn’t be relied upon as a sole line of defense.

 

The information contained in this website is for general information purposes only. The information is gathered from RCR Wireless while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.
Through this website, you are able to link to other websites which are not under the control of CSIRT-CY. We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them.
Every effort is made to keep the website up and running smoothly. However, CSIRT-CY takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.

The National Cybersecurity and Communications Integration Center (NCCIC) has observed an increase in ransomware attacks across the world. Ransomware is a type of malicious software, or malware, designed to deny access to a computer system or data until a ransom is paid. Ransomware typically spreads through phishing emails or by unknowingly visiting an infected website.

 

Ransomware can be devastating to an individual or an organization. Anyone with important data stored on their computer or network is at risk, including government or law enforcement agencies and healthcare systems or other critical infrastructure entities. Recovery can be a difficult process that may require the services of a reputable data recovery specialist, and some victims pay to recover their files. However, there is no guarantee that individuals will recover their files if they pay the ransom.

Recommended Precautions to protect against the threat of ransomware:

  • Update software and operating systems with the latest patches. Outdated applications and operating systems are the target of most attacks.
  • Never click on links or open attachments in unsolicited emails.
  • Backup data on a regular basis. Keep it on a separate device and store it offline.
  • Follow safe practices when browsing the Internet. Read Good Security Habits for additional details.

Recommended best practices for organizations:

  • Restrict users’ permissions to install and run software applications, and apply the principle of “least privilege” to all systems and services. Restricting these privileges may prevent malware from running or limit its capability to spread through a network.
  • Use application whitelisting to allow only approved programs to run on a network.
  • Enable strong spam filters to prevent phishing emails from reaching the end users and authenticate inbound email to prevent email spoofing.
  • Scan all incoming and outgoing emails to detect threats and filter executable files from reaching end users.
  • Configure firewalls to block access to known malicious IP addresses.

See the Ransomware Security Publication and technical guidance on How to Protect Your Networks from Ransomware for more information.

For recent NCCIC Alerts on specific ransomware threats, see:

 

The information contained in this website is for general information purposes only. The information is gathered from US-CERT while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.
Through this website, you are able to link to other websites which are not under the control of CSIRT-CY. We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them.
Every effort is made to keep the website up and running smoothly. However, CSIRT-CY takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.

When it comes to cybersecurity, it’s no secret that the human aspect of any organization is its weakest link. From bad password sharing practices to falling victim to phishing emails, these challenges are any CISO’s nightmare. After all, the holes in network security that are created by the people on the front line of an enterprise can’t be plugged with a simple software patch. And despite efforts to train staff, employees are still the easiest route for a hacker to exploit. Particularly when it comes to USB-based security.

Shut the back door

In 2016, Researchers from the University of Illinois left 300 unlabelled USB drives around the campus and tracked what happened next. 98% of the dropped drives were picked up by staff and students alike, and at least half the drives were plugged into a computer to access the files stored on them – not bad odds if you’re a hacker. Although the study was conducted two years ago, its outcome is not unusual in 2018 and is a security backdoor that is still wide open for many networks around the world.

The reason is clear: practicality. There’s no doubt USB devices are one of the easiest ways to move files between machines. However, with the impact of suffering a cyber-attack so great, convenience can’t be a driver behind IT decision making. Especially not when cloud-based sharing platforms like Dropbox exist. Zero-Trust – which means no person or device is inherently trusted – is fast becoming the go-to security stance for enterprises as a result and is a strategy that has no place for USB devices.

So, with the use of flash drives being tackled in this way, can businesses do away with USB ports entirely? Not quite. USB ports serve many purposes beyond simply facilitating the use of storage devices. Before they can be completely disabled on end-user terminals and removed from the IT landscape in the interest of security, there are further challenges to overcome.

The software problem

One of the biggest factors preventing the phasing out of USB ports of employee machines comes from software vendors. From accountancy to law enforcement, high-value software applications have licenses that are tightly controlled and authenticated through USB dongles, a plug-in physical authentication device. Often worth thousands of dollars per license, it makes sense for vendors to take such a hard line as hardware-level protection is still the most effective mechanism for tackling software piracy and misuse. Since these applications are in use across all industries and often power software that’s at the heart of modern business, this isn’t going to change any time soon.

In some cases, it’s also a necessity. Take state police or defence bodies as an example. They need to know who’s running certain forensic software and where it is accessed, which makes relying on a physical dongle a highly logical solution. The problem, though, is that this can often increase the risk of a malicious device being plugged in if an employee relies on a USB dongle to access bespoke software for their role and a would-be hacker can exploit that.

The dongle server solution

However, this doesn’t necessarily mean that USB ports on end-user terminals and employee computers need to stay. Part of the responsibility of IT solution providers is to find a work around for issues like this, ensuring customer systems remain secure without compromising on functionality. And this is where USB device servers come into play.

A device server acts a central hub where all USB devices are managed. Rather than having each user plug a physical device into their own machine, it makes all connected USB devices available over the network. Dongle servers work on exactly the same principle, USB dongles for software authentication are plugged into a single centralised server, virtualised, and can be used by authorised users on the network as if they’d been connected directly to their computer.

They also meet the requirements of companies or organisations with high security needs. By encrypting the point-to-point connection between the end-user and the dongle server, the potential for unauthorised access is removed. More advanced dongle server vendors also make it possible to dynamically assign which user is authorised to access which dongle, ultimately controlling which computer is able to access the software.

Risk vs Reward

It’s widely accepted that hackers are getting more and more sophisticated. However, that doesn’t mean that they won’t go for low-level network infiltration attempts, such as baiting with USB flash drives, when the situation presents itself. Among the 10 major cyber threats identified by BSI in 2016 (German Office for Information Security), the use of USB devices ranks second.

Unfortunately, employees are always going to be the easy targets when it comes to enterprise security. It’s logical, then, that businesses seek to minimise damage that can be inflicted as a result of employee carelessness. Something as simple as disabling USB ports can have a significant impact on reducing a company’s attack vector and it is essential that vendors and enterprises work together to find solutions that lock hackers out of every security backdoor for good without impacting productivity.

 

The information contained in this website is for general information purposes only. The information is gathered from Information Security Buzz while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.
Through this website, you are able to link to other websites which are not under the control of CSIRT-CY. We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them.
Every effort is made to keep the website up and running smoothly. However, CSIRT-CY takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.