iSA_LOGO_FINAL-new-3 (1)

Month: April 2018

Categories
Uncategorized

DIFFERENCE BETWEEN SSL CERTIFICATES

Add Your Heading Text Here

Share it:

Today we are going to learn the difference between the three main types of SSL certificates. Before we proceed to illustrate the difference between the three main types, let’s find out what’s SSL.

SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browserThis link ensures that all data passed between the web server and browsers remain private and integral.

IS SSL IS SECURE OR ANOTHER WAY TO CALM USER’S FEAR?   

Although SSL is used by major payment platforms such as MasterCard, AmericanExpress, SlydePay, and others to inform users that their activities such as money transaction are not being monitored by malicious users. However, you have heard of how malicious users break into secured websites daily to steal users’ credentials.

Thus, SSL is a way of informing users to trust you with their credentials or data. But in details, you should not actually trust them but be willing to abide by basic cybersecurity rules.

THREE MAIN TYPES OF SSL CERTIFICATES:

Extended Validation Certificate:

EV certificates are trusted by browsers and most expensive in comparison to the other types. Only legal entities that have provided all required documents can obtain this extended certificate. This type of certificate shows the name of organisation as well as location to appear in green in  the address bar, next to a padlock.

Organization Validation Certificate:

If a website has a DV or OV certificate, the browser displays a gray or green padlock with the word SECURE and the letters HTTPS in the address bar. Organization Validation certificate simply means connection to the domain is secure and it actually belongs to the organisation.

Domain Validation Certificate:

For  Domain Validation certificate, an individual must show or prove they own the domain. This certificate allows  secure connection to be established. It does not reveals  information about the organization to which it belongs. Moreover, no documents from an individual are required to issue it.

#ISA_informs

#ISA_ltd

Latest Post
Categories
Categories
Uncategorized

Time to Patch Your Drupal Sites

Add Your Heading Text Here

Share it:

As notified in advance two days back, Drupal has now released new versions of its software to patch yet another critical remote code execution (RCE) vulnerability, affecting its Drupal 7 and 8 core.

Drupal is a popular open-source content management system software that powers millions of websites, and unfortunately, the CMS has been under active attacks since after the disclosure of a highly critical remote code execution vulnerability.

The new vulnerability was discovered while exploring the previously disclosed RCE vulnerability, dubbed Drupalgeddon2 (CVE-2018-7600) that was patched on March 28, forcing the Drupal team to release this follow-up patch update.

According to a new advisory released by the team, the new remote code execution vulnerability (CVE-2018-7602) could also allow attackers to take over vulnerable websites completely.

Since the previously disclosed flaw derived much attention and motivated attackers to target websites running over Drupal, the company has urged all website administrators to install new security patches as soon as possible.

  • If you are running 7.x, upgrade to Drupal 7.59.
  • If you are running 8.5.x, upgrade to Drupal 8.5.3.
  • If you are running 8.4.x, which is no longer supported, you need first to update your site to 8.4.8 release and then install the latest 8.5.3 release as soon as possible.

It should also be noted that the new patches will only work if your site has already applied patches for Drupalgeddon2 flaw.

Drupal website admins are highly recommended to update their websites as soon as possible.

Source:  thehackernews.com

Latest Post
Categories
Categories
Uncategorized

How Hackers Rely On Vulnerable Routers to Distribute Android Banking Trojan

Add Your Heading Text Here

Share it:

In order to trick victims into installing the Android malware, dubbed Roaming Mantis, hackers have been hijacking DNS settings on vulnerable and poorly secured routers.

DNS hijacking attack allows hackers to intercept traffic, inject rogue ads on web-pages and redirect users to phishing pages designed to trick them into sharing their sensitive information like login credentials, bank account details, and more.

Once modified, the rogue DNS settings configured by hackers redirect victims to fake versions of legitimate websites they try to visit and displays a pop-up warning message, which says—”To better experience the browsing, update to the latest chrome version.”

It then downloads the Roaming Mantis malware app masquerading as Chrome browser app for Android, which takes permission to collect device’ account information, manage SMS/MMS and making calls, record audio, control external storage, check packages, work with file systems, draw overlay windows and so on.

If installed, the malicious app overlays all other windows immediately to show a fake warning message (in broken English), which reads, “Account No.exists risks, use after certification.”

Roaming Mantis then starts a local web server on the device and launches the web browser to open a fake version of Google website, asking users to fill up their names and date of births.

To convince users into believing that they are handing over this information to Google itself, the fake page displays users’ Gmail email ID configured on their infected Android device, as shown in the screenshots.

You are advised to ensure your router is running the latest version of the firmware and protected with a strong password.

You should also disable router’s remote administration feature and hardcode a trusted DNS server into the operating system network settings. 

Source:  thehackernews.com

 

Latest Post
Categories
Categories
Uncategorized

Does Malware Comes From Porn Sites ?

Add Your Heading Text Here

Share it:

There is indeed a risk of infection on porn sites and adult content apps, but that’s also true for sites completely unrelated to porn.

Possibly the most common advice for avoiding computer viruses is to avoid adult sites. You’ve probably heard the tropes — dogs, fleas, porn, viruses. But is there any truth to them? Let’s investigate.

To state the obvious, adult content is rather popular. A report by SimilarWeb suggests that three of the world’s 20 most visited sites are porn-related.

Two of them are breathing down the necks of front runners Facebook, YouTube, and search giants Google and China’s Baidu.

And sandwiched between Instagram and Yandex, in 14th place, is PornHub. We were amazed to learn that in 2017 the site got a staggering 28.5 billion hits. That’s more than 81 million a day!

Cybercriminals are not overly bothered about other people’s business models. The popularity of XXX sites has not gone unnoticed.  Every now and then they hack porn resources or the advertising platforms that host banners on them .

Now, malicious porn sites do exist — sites created to defraud or infect visitors. But they tend to be small-scale, not well-known. And then there are players and other apps for viewing adult content that phish for data.

You can avoid dangers on porn sites by doing the following:

Although we have provided solutions to avoid malware on porn sites, for safety reasons we advise you not to browse on porn sites.

Source: Kaspersky Labs

Latest Post
Categories
Categories
Uncategorized

Flaw in Microsoft Allows Hackers to Steal Your Windows Password

Add Your Heading Text Here

Share it:

A security researcher has disclosed details of an important vulnerability in Microsoft Outlook for which the company released an incomplete patch this month—almost 18 months after receiving the responsible disclosure report.

The Microsoft Outlook vulnerability (CVE-2018-0950) could allow attackers to steal sensitive information, including users’ Windows login credentials, just by convincing victims to preview an email with Microsoft Outlook, without requiring any additional user interaction.

The vulnerability, discovered by Will Dormann of the CERT Coordination Center (CERT/CC), resides in the way Microsoft Outlook renders remotely-hosted OLE content when an RTF (Rich Text Format) email message is previewed and automatically initiates SMB connections.

A remote attacker can exploit this vulnerability by sending an RTF email to a target victim, containing a remotely-hosted image file (OLE object), loading from the attacker-controlled SMB server.

Windows users, especially network administrators  are advised to follow the below-mentioned steps to mitigate this vulnerability.

 

  • Apply the Microsoft update for CVE-2018-0950, if you have not yet.
  • Block NT LAN Manager (NTLM) Single Sign-on (SSO) authentication.
  • Most important, don’t click on suspicious links provided in emails.
Latest Post
Categories
Categories
Uncategorized

Microsoft Office 365 Gets Built-In Ransomware Protection

MONTREAL, CANADA - MARCH 20, 2016 - Microsoft Office 365 on PC screen. Microsoft Office is one of the most popular office suite software.

Add Your Heading Text Here

Share it:

Ransomware has been around for a few years, but it has become an albatross around everyone’s neck, targeting big businesses, hospitals, financial institutions and individuals worldwide and extorting millions of dollars.

Last year, we saw some major ransomware outbreaks, including WannaCry and NotPetya, which wreaked havoc across the world, hitting hundreds of thousands of computers and business networks worldwide.

From small to mid-range businesses, Microsoft Office 365 remains the most widely used and fastest-growing work office suite, so it’s no surprise that it has become a primary target for viruses, ransomware, and phishing scams.

Now, to combat such cyber attacks, Microsoft has announced some new security features for Office 365 that can help users mitigate the damage done by ransomware and other malware infections.

 

File Recovery and Anti-Ransomware

 

  • Files Restore—Microsoft Office 365 now allows users to restore entire OneDrive to a previous point in time within the last 30 days. This feature can be used to recover files from an accidental mass delete, file corruption, ransomware, or any catastrophic event.
  • Ransomware detection & recovery—Office 365 had also introduced a new security feature that detects ransomware attacks and alerts you through an email, mobile, or desktop notification while helping you restore your OneDrive to a point before the malware compromised files.

Source: thehackernews.com

Latest Post
Categories
iSA_LOGO_FINAL new 2
Information Security Architects (ISA) Ltd is one of the leading Data Privacy and Security Practitioners in Ghana West Africa.
Services
Products
Newsletter

Sign up our newsletter for update information, insight and promotion.

Facebook Instagram Twitter Linkedin
Copyright © 2021, All rights reserved. Powered by Lynt Digital.