iSA_LOGO_FINAL-new-3 (1)

Category: Uncategorized

Categories
Uncategorized

DIFFERENCE BETWEEN SSL CERTIFICATES

Add Your Heading Text Here

Share it:

Today we are going to learn the difference between the three main types of SSL certificates. Before we proceed to illustrate the difference between the three main types, let’s find out what’s SSL.

SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browserThis link ensures that all data passed between the web server and browsers remain private and integral.

IS SSL IS SECURE OR ANOTHER WAY TO CALM USER’S FEAR?   

Although SSL is used by major payment platforms such as MasterCard, AmericanExpress, SlydePay, and others to inform users that their activities such as money transaction are not being monitored by malicious users. However, you have heard of how malicious users break into secured websites daily to steal users’ credentials.

Thus, SSL is a way of informing users to trust you with their credentials or data. But in details, you should not actually trust them but be willing to abide by basic cybersecurity rules.

THREE MAIN TYPES OF SSL CERTIFICATES:

Extended Validation Certificate:

EV certificates are trusted by browsers and most expensive in comparison to the other types. Only legal entities that have provided all required documents can obtain this extended certificate. This type of certificate shows the name of organisation as well as location to appear in green in  the address bar, next to a padlock.

Organization Validation Certificate:

If a website has a DV or OV certificate, the browser displays a gray or green padlock with the word SECURE and the letters HTTPS in the address bar. Organization Validation certificate simply means connection to the domain is secure and it actually belongs to the organisation.

Domain Validation Certificate:

For  Domain Validation certificate, an individual must show or prove they own the domain. This certificate allows  secure connection to be established. It does not reveals  information about the organization to which it belongs. Moreover, no documents from an individual are required to issue it.

#ISA_informs

#ISA_ltd

Latest Post
Categories
Categories
Uncategorized

Time to Patch Your Drupal Sites

Add Your Heading Text Here

Share it:

As notified in advance two days back, Drupal has now released new versions of its software to patch yet another critical remote code execution (RCE) vulnerability, affecting its Drupal 7 and 8 core.

Drupal is a popular open-source content management system software that powers millions of websites, and unfortunately, the CMS has been under active attacks since after the disclosure of a highly critical remote code execution vulnerability.

The new vulnerability was discovered while exploring the previously disclosed RCE vulnerability, dubbed Drupalgeddon2 (CVE-2018-7600) that was patched on March 28, forcing the Drupal team to release this follow-up patch update.

According to a new advisory released by the team, the new remote code execution vulnerability (CVE-2018-7602) could also allow attackers to take over vulnerable websites completely.

Since the previously disclosed flaw derived much attention and motivated attackers to target websites running over Drupal, the company has urged all website administrators to install new security patches as soon as possible.

  • If you are running 7.x, upgrade to Drupal 7.59.
  • If you are running 8.5.x, upgrade to Drupal 8.5.3.
  • If you are running 8.4.x, which is no longer supported, you need first to update your site to 8.4.8 release and then install the latest 8.5.3 release as soon as possible.

It should also be noted that the new patches will only work if your site has already applied patches for Drupalgeddon2 flaw.

Drupal website admins are highly recommended to update their websites as soon as possible.

Source:  thehackernews.com

Latest Post
Categories
Categories
Uncategorized

How Hackers Rely On Vulnerable Routers to Distribute Android Banking Trojan

Add Your Heading Text Here

Share it:

In order to trick victims into installing the Android malware, dubbed Roaming Mantis, hackers have been hijacking DNS settings on vulnerable and poorly secured routers.

DNS hijacking attack allows hackers to intercept traffic, inject rogue ads on web-pages and redirect users to phishing pages designed to trick them into sharing their sensitive information like login credentials, bank account details, and more.

Once modified, the rogue DNS settings configured by hackers redirect victims to fake versions of legitimate websites they try to visit and displays a pop-up warning message, which says—”To better experience the browsing, update to the latest chrome version.”

It then downloads the Roaming Mantis malware app masquerading as Chrome browser app for Android, which takes permission to collect device’ account information, manage SMS/MMS and making calls, record audio, control external storage, check packages, work with file systems, draw overlay windows and so on.

If installed, the malicious app overlays all other windows immediately to show a fake warning message (in broken English), which reads, “Account No.exists risks, use after certification.”

Roaming Mantis then starts a local web server on the device and launches the web browser to open a fake version of Google website, asking users to fill up their names and date of births.

To convince users into believing that they are handing over this information to Google itself, the fake page displays users’ Gmail email ID configured on their infected Android device, as shown in the screenshots.

You are advised to ensure your router is running the latest version of the firmware and protected with a strong password.

You should also disable router’s remote administration feature and hardcode a trusted DNS server into the operating system network settings. 

Source:  thehackernews.com

 

Latest Post
Categories
Categories
Uncategorized

Does Malware Comes From Porn Sites ?

Add Your Heading Text Here

Share it:

There is indeed a risk of infection on porn sites and adult content apps, but that’s also true for sites completely unrelated to porn.

Possibly the most common advice for avoiding computer viruses is to avoid adult sites. You’ve probably heard the tropes — dogs, fleas, porn, viruses. But is there any truth to them? Let’s investigate.

To state the obvious, adult content is rather popular. A report by SimilarWeb suggests that three of the world’s 20 most visited sites are porn-related.

Two of them are breathing down the necks of front runners Facebook, YouTube, and search giants Google and China’s Baidu.

And sandwiched between Instagram and Yandex, in 14th place, is PornHub. We were amazed to learn that in 2017 the site got a staggering 28.5 billion hits. That’s more than 81 million a day!

Cybercriminals are not overly bothered about other people’s business models. The popularity of XXX sites has not gone unnoticed.  Every now and then they hack porn resources or the advertising platforms that host banners on them .

Now, malicious porn sites do exist — sites created to defraud or infect visitors. But they tend to be small-scale, not well-known. And then there are players and other apps for viewing adult content that phish for data.

You can avoid dangers on porn sites by doing the following:

Although we have provided solutions to avoid malware on porn sites, for safety reasons we advise you not to browse on porn sites.

Source: Kaspersky Labs

Latest Post
Categories
Categories
Uncategorized

Flaw in Microsoft Allows Hackers to Steal Your Windows Password

Add Your Heading Text Here

Share it:

A security researcher has disclosed details of an important vulnerability in Microsoft Outlook for which the company released an incomplete patch this month—almost 18 months after receiving the responsible disclosure report.

The Microsoft Outlook vulnerability (CVE-2018-0950) could allow attackers to steal sensitive information, including users’ Windows login credentials, just by convincing victims to preview an email with Microsoft Outlook, without requiring any additional user interaction.

The vulnerability, discovered by Will Dormann of the CERT Coordination Center (CERT/CC), resides in the way Microsoft Outlook renders remotely-hosted OLE content when an RTF (Rich Text Format) email message is previewed and automatically initiates SMB connections.

A remote attacker can exploit this vulnerability by sending an RTF email to a target victim, containing a remotely-hosted image file (OLE object), loading from the attacker-controlled SMB server.

Windows users, especially network administrators  are advised to follow the below-mentioned steps to mitigate this vulnerability.

 

  • Apply the Microsoft update for CVE-2018-0950, if you have not yet.
  • Block NT LAN Manager (NTLM) Single Sign-on (SSO) authentication.
  • Most important, don’t click on suspicious links provided in emails.
Latest Post
Categories
Categories
Uncategorized

Microsoft Office 365 Gets Built-In Ransomware Protection

MONTREAL, CANADA - MARCH 20, 2016 - Microsoft Office 365 on PC screen. Microsoft Office is one of the most popular office suite software.

Add Your Heading Text Here

Share it:

Ransomware has been around for a few years, but it has become an albatross around everyone’s neck, targeting big businesses, hospitals, financial institutions and individuals worldwide and extorting millions of dollars.

Last year, we saw some major ransomware outbreaks, including WannaCry and NotPetya, which wreaked havoc across the world, hitting hundreds of thousands of computers and business networks worldwide.

From small to mid-range businesses, Microsoft Office 365 remains the most widely used and fastest-growing work office suite, so it’s no surprise that it has become a primary target for viruses, ransomware, and phishing scams.

Now, to combat such cyber attacks, Microsoft has announced some new security features for Office 365 that can help users mitigate the damage done by ransomware and other malware infections.

 

File Recovery and Anti-Ransomware

 

  • Files Restore—Microsoft Office 365 now allows users to restore entire OneDrive to a previous point in time within the last 30 days. This feature can be used to recover files from an accidental mass delete, file corruption, ransomware, or any catastrophic event.
  • Ransomware detection & recovery—Office 365 had also introduced a new security feature that detects ransomware attacks and alerts you through an email, mobile, or desktop notification while helping you restore your OneDrive to a point before the malware compromised files.

Source: thehackernews.com

Latest Post
Categories
Categories
Uncategorized

New Zenis ransomware encrypts files and deletes backups

Add Your Heading Text Here

Share it:

Zenis ransomware is a rare example of crypto-malware. Researchers still cant figure out clearly how this ransomware works. This malware does not only encrypts files but deletes backups too.

Zenis affect devices by exploiting Remote Desktop services. Once inside, it begins to encrypt data using AES cryptography.

Whilst encrypting data, Zenis ransomware renames files and appends Zenis-<2_chars>. file extension. Apart from data encryption, it deletes shadow volume copies, disable startup repair, and clear event logs.

Zenis also searches for files that are associated with backups and deleted them immediately.

Zenis ransomware gets into the machines by exploiting  Remote Desktop services connected to the internet directly.

We recommend connecting Remote Desktop Services to the internet via VPN with a strong password. Also, it is quite safer to have anti-malware solution on public-facing machines.

#ISA_informs

#ISA_ltd

Latest Post
Categories
Categories
Uncategorized

Windows Remote Assistance Exploit

Add Your Heading Text Here

Share it:

A critical vulnerability has been discovered in Microsoft’s Windows Remote Assistance (Quick Assist) feature that affects all versions of Windows to date, including Windows 10, 8.1, RT 8.1, and 7, and allows remote attackers to steal sensitive files on the targeted machine.

Windows Remote Assistance is a built-in tool that allows someone you trust to take over your PC (or you to take remote control of others) so they can help you fix a problem from anywhere around the world.

The feature relies on the Remote Desktop Protocol (RDP) to establish a secure connection with the person in need.

However, Nabeel Ahmed of Trend Micro Zero Day Initiative discovered and reported an information disclosure vulnerability (CVE-2018-0878) in Windows Remote Assistance that could allow attackers to obtain information to further compromise the victim’s system.

The vulnerability affects Microsoft Windows Server 2016, Windows Server 2012 and R2, Windows Server 2008 SP2 and R2 SP1, Windows 10 (both 32- and 64-bit), Windows 8.1 (both 32- and 64-bit) and RT 8.1, and Windows 7 (both 32- and 64-bit).

Windows users are highly recommended to install the latest update for Windows Remote Assistance as soon as possible.

Source: thehackernews.com

Latest Post
Categories
Categories
Uncategorized

Memcached DDOS Exploit Code Released !!!

Add Your Heading Text Here

Share it:

Proofs-of-concept (PoC) exploit code for Memcached amplification attack have been shared online that could allow non-programmers to execute massive DDoS attacks using UDP reflections.

Last week there were two record-breaking DDoS attacks—1.35 Tbps hit Github and 1.7 Tbps attack against a certain US-based company using a technique called amplification/reflection attack.

By exploiting thousands of misconfigured Memcached servers left exposed on the Internet, Memcached-based amplification/reflection attack amplifies bandwidth of the DDoS attacks by a factor of 51,000.

Proof-of-Concept:

Memcacrashed.py is a python script that scans Shodan for IPs of vulnerable Memcached servers and allows a user to launch a DDoS attack against a desired target within seconds of running the tool.

Here is the link to the Memcacrashed.py :   https://cxsecurity.com/issue/WLB-2018030060

Proof-of-concept 2:

The author is PoC 2 is unknown, but the PoC 2 is written in C.

Here is the link to Proof-of-concept 2:  https://pastebin.com/ZiUeinae

Solution Against Memcached DDos Attack:

To mitigate the attack and prevent Memcached servers from being abused,  entirely disable UDP support if not in use.

#ISA_informs

#ISA_ltd

Latest Post
Categories
Categories
Uncategorized

New 4G LTE Network is Vulnerable: Hackers can Track, Spam and Spy !!!

Add Your Heading Text Here

Share it:

A new research paper [PDF] recently published by researchers at Purdue University and the University of Iowa details 10 new cyber attacks against the 4G LTE wireless data communications technology for mobile devices and data terminals.

The attacks exploit design weaknesses in three key protocol procedures of the 4G LTE network known as attach, detach, and paging.

The researchers employed a systematic model-based adversarial testing approach, which they called LTEInspector, and were able to test 8 of the 10 attacks in a real testbed using SIM cards from four large US carriers:  

  1. Authentication Synchronization Failure Attack
  2. Traceability Attack
  3. Numb Attack
  4. Authentication Relay Attack
  5. Detach/Downgrade Attack
  6. Paging Channel Hijacking Attack
  7. Stealthy Kicking-off Attack
  8. Panic Attack
  9. Energy Depletion Attack
  10. Linkability Attack

Among the above-listed attacks, researchers consider an authentication relay attack is particularly worrying, as it lets an attacker connect to a 4G LTE network by impersonating a victim’s phone number without any legitimate credentials.

Researchers have no plans to release the proof-of-concept code for these attacks until the flaws are fixed.

Source: thehackernews.com

Latest Post
Categories
iSA_LOGO_FINAL new 2
Information Security Architects (ISA) Ltd is one of the leading Data Privacy and Security Practitioners in Ghana West Africa.
Services
Products
Newsletter

Sign up our newsletter for update information, insight and promotion.

Facebook Instagram Twitter Linkedin
Copyright © 2021, All rights reserved. Powered by Lynt Digital.