Stalk mode on.

10 Types of Security Threats For Windows Users

Are you worried about your website's security? 🤔 Are you looking for a guide to help you built sturdy walls around your website? 🔒 Then look no more, here is a list of tips to ensure your website's security! 👇 https://bit.ly/3fZiZ8L . . . #websitesecurity #websecurity #websitesecuritycheck #securityblog #websitesecuritytips #websecuritysolutions #webservices #websitedevelopment #webdevelopment #webdevelopmentservices #websitedevelopmentcompany #webdevelopmentcompany #security #website #webdevelopers #webdeveloper #webdevelopmentagency #websitedevelopmentservices #websitedeveloper #websitedevelopers #blog #blogpost #ZealousWeb (at web security)

Have you been following our security blog? We have a good selection of articles on a wide range of security-related subjects. Everyday is a school day! https://www.intelligent-protection.co.uk/security-blog.html

 #Security #Article #SecurityBlog #bodyguards

Altmetall-Sortieranalysatoren Markt Vollständiger PDF-Bericht für 2021 | TSI Incorporated, Bruker Elementa, Thermo Fisher Scientific, Hitachi High-Tech

Altmetall-Sortieranalysatoren Markt Vollständiger PDF-Bericht für 2021 | TSI Incorporated, Bruker Elementa, Thermo Fisher Scientific, Hitachi High-Tech – SecurityBlog

Altmetall Ankauf Korschenbroich

Altmetall Ankauf Krefeld

Altmetall Ankauf Kreuztal

Altmetall Ankauf Kürten

Altmetall Ankauf Lage

Altmetall Ankauf Langenfeld-Rheinland

Altmetall Ankauf Leichlingen

Altmetall Ankauf Lemgo

Altmetall Ankauf Lennestadt

Altmetall Ankauf Leverkusen

Altmetall Ankauf Linnich

Altmetall Ankauf Lippstadt

Altmetall Ankauf Loehne

Altmetall Ankauf Lohmar

Altmetall Ankauf Lübbecke

Altmetall Ankauf Lüdenscheid

Altmetall Ankauf Lüdinghausen

Altmetall Ankauf Lünen

Altmetall Ankauf Marl

Altmetall Ankauf Mechernich

Altmetall Ankauf Meerbusch

Altmetall Ankauf Meinerzhagen

Altmetall Ankauf Menden

Altmetall Ankauf Meschede

Altmetall Ankauf Mettmann

Altmetall Ankauf Minden

Altmetall Ankauf Moers

Altmetall Ankauf Mönchengladbach

Altmetall Ankauf Monheim

Altmetall Ankauf Mülheim an der Ruhr

Altmetall Ankauf Münster

Altmetall Ankauf Netphen

Altmetall Ankauf Nettetal

Altmetall Ankauf Neukirchen Vluyn

Altmetall Ankauf Neunkirchen Seelscheid

Altmetall Ankauf Neuss

Altmetall Ankauf Niederkassel

Altmetall Ankauf Oberhausen

Altmetall Ankauf Ochtrup

Altmetall Ankauf Oelde

Altmetall Ankauf Oer Erkenschwick

Altmetall Ankauf Olpe

Altmetall Ankauf Overath

Altmetall Ankauf Paderborn

Altmetall Ankauf Petershagen

Altmetall Ankauf Plettenberg

Altmetall Ankauf Porta Westfalica

Altmetall Ankauf Pulheim

RT @maddiestone: Kernel privilege escalation bug in Android affecting fully patched Pixel 2 & others. Reported under 7 day deadline due to evidence of in-the-wild exploit. @tehjh and I quickly wrote a POC to get arbitrary kernel r/w using this bug, released in tracker. https://t.co/x4Q1YxKczB via @Securityblog

Cybercriminelen imiteren securityblog

Cybercriminelen hebben een sluwe nieuwe infectieroute ontdekt: nep-securityblogs, waar dan malware klaarstaat. || http://dlvr.it/Q2HXcF

@Securityblog: RT @mikko: Crisis communication experts, take note. The Maersk case is going to be textbook material on how to do it right.… https://t.co/RdfIUqsvxN

from http://twitter.com/Securityblog via IFTTT

2019 - The year of formjacking

Meet the latest form of attack on the block awaiting e-commerce users, formjacking, where the attackers try to capture sensitive information like credit card details, address and user name of the purchaser from the payment page of e-commerce sites using a malicious JavaScript code, which is then reused to carry out transactions across the Internet. The transaction that you are currently processing goes through smoothly without anything suspicious on the payment screen and both user and the site operator is unaware of the compromised information. Some of the major companies attacked by formjacking include Ticketmaster and British Airways. Furthermore, attacks were carried out through third party plugins like chat bots enabled on the site, which made it oblivious to the website operator. From the attacker’s point of view, this helped them expand their reach and target a wider group of people.   

Best approaches to prevent being prone to these kinds of attacks is by regular software updates, restrict or to be safe and disable any third-party plugin. In addition to this, the website/application should periodically monitor their services for any kind of suspicious behaviour. 

On further reflection, if formjacking successfully manages to attack more and more e-commerce websites, they would end up losing customers in a time when e-commerce is supposed to take over the world of retail. An estimated 2.14 billion people are expected to be shopping online by 2021, which is almost A$3.5 trillion in revenue! And imagine 2.14 billion people scammed - that is a quarter of the world’s total population! Not pleasant. Not at all.

SA #2 "Most people don't even know what a rootkit is, so why should they care about it?”

That was Thomas Hesse, then president of Sony BMG's Global Digital Business (2005) responding to Sony’s DRM scam.

So what happened? In 2005, Sony released a set of CDs which secretly installed rootkits on the computers that runs these CDs which lets them know if you are trying to copy the CDs. It can’t be removed without damaging Windows. When this was discovered, most antivirus systems offered a fix that could remove the cloaking but not the rootkit itself which possibly indicated that the antivirus companies were colluding with Sony. This is said to have infected around half a million systems around the world and while it did have phoning home (behavior of security systems which report network location, username, or other such data to another computer) capabilities, the company well, denied. 

Some other rootkit invasions:

Stuxnet: Believed to be jointly developed by America and Israel, Stuxnet is believed to control programmable logic controllers which allow the automation of electromechanical processes such as those used to control machinery and industrial processes (Wikipedia). It ruined almost one fifth of Iran’s nuclear centrifuges and infected over 20000 computers and caused 1000 machines to physically degrade. Introduced to the target via an infected USB flash drive. "The worm then propagates across the network, scanning for Siemens Step7 software on computers controlling a PLC. In the absence of either criterion, Stuxnet becomes dormant inside the computer. If both the conditions are fulfilled, Stuxnet introduces the infected rootkit onto the PLC and Step7 software, modifying the code and giving unexpected commands to the PLC while returning a loop of normal operations system values feedback to the users.” 

UEFI rootkit: This was believed to be developed by the Kremlin spies to prowl into European governments. A UEFI rootkit starts up before the operating system and antivirus thus burying itself deep in a machine, undetected but with high access privileges. The code then runs LoJax, which connects the home computer to a back end server, thus silently revealing its location. 

Scranos: A relatively new rootkit which attempts to steal passwords and in addition increases YouTube subscribers. It spreads through trojanized downloads hiding as real apps (e-book readers and video players). These apps are digitally signed as well, this prevents its blockage from the computer. It then downloads additional malicious components, and primarily targets YouTube. So it opens Chrome in debugger mode, hides the browser window, opens YouTube videos in the background, mutes it, subscribes to a channel specified in the code and further clicks on ads, thus generating channel revenue. Another component of Scranos sends phishing messages to the victim’s friend list.

Week 3 - Steal a penguin!

After looking at the pictures of the location,  this is what I came up with.   

2 people are required to carry out this operation. This would be done in the evening, maybe an hour or 40 mins before the closing time. Once you get to the location, go over to the edge where there is a direct connection to the cave like structure in the centre. 

With one person as a look out, the other person can jump in and go into the cave. This would probably take around 10 seconds, so the second person can create a distraction if needed. From the pictures given, you can’t really see inside the cage. Once you are in the cave, catch hold of the smallest penguin that walks by and put it in your bag. Also, in the smallest corner of the cave, put a dead bird which looks almost like a penguin and make it seem like a penguin was stuck there, could’t find its way out and so it died there. (But eventually they will find out, but we should be good for a while) The dead bird should be a few days old and they shouldn’t realise at once that it is not a penguin. Just after all the visitors have gone, right before the closing time you can walk out with the little penguin in your bag. If someone stops you, you could say that you were using the washroom 😛

NSA Crypto

This is something I enjoy doing, totally! So technically, you have to crack a substitution cipher. I’ve solved two of these this week and plan on doing more in coming weeks. The breakthrough for the challenge below was while scanning through the two letter words and trying different options like it, as, on and in, the last word turned out to be something like INN----I-N which took me to innovation, thus solving all the occurrences of o, v, a and t. Pretty easy from there right? :)

SA #1 Rootkits

Rootkit is a word that is thrown around everywhere, but honestly, apart from knowing that it could be malicious, I didn’t know much about it. Well, it isn’t always malicious either, so I was wrong about the one thing I knew. I’m hoping there would be somebody like me out there and this blog post is a reflection of what I have learnt about rootkits this week.   

As always, let's start with the age old question - what exactly is a rootkit? Interestingly, the term ‘rootkit’ comprises of the two terms ‘root' and ‘kit', where root refers to the admin account on Unix and Linux systems and kit refers to the software components that implement the programs that enable admin level access to a system or network. In simple words, a rootkit is a computer program that can hide its presence in a system. Doesn’t seem so bad, does it? Well..can’t be so sure about that, because what they do is use this obscurity to their advantage, and install a set of tools that can ensure continuous remote access to the infected computer. These set of tools can essentially include a keystroke logger, a DDoS attack bot, a module to steal passwords or credit card information or even a functionality that disables the security software! But as I told above, not all rootkits are malicious. It’s like using an axe - depends on what you use it for. One major advantage is remote end-user support (VNC). This allows the end user’s system to be virtually controlled by the technical team in case of any technical issues. Another would be copyright protection, which backfired in case of Sony though. Sony placed a Digital Rights Management (DRM) software through CDs that installed a rootkit on their computers - so basically its like giving an attacker a free access to your computer. This apparently infected more than half a million computers world wide (More about the Sony rootkit coming up in future blogs!) 

Lets now see how rootkits propagate. So a rootkit actually comes as a pack of 3 - a dropper, loader and the rootkit itself. A dropper is mainly a malicious link that requires human intervention which activates the dropper which in turn activates the loader program. The loader exploits vulnerabilities of the system to ensure that the rootkit can load itself into memory. It then proceeds to delete itself (cool, eh?).    

Even though there are a wide variety of rootkits out there, the most basic and the widely propagated ones are user-mode rootkits (most common) and kernel-mode rootkits. User-mode rootkits run by hijacking the application processes run on the system or by overwriting the memory used by applications. The kernel-mode rootkits on the other hand run at the lowest level of the OS and gives the attacker complete control of the system. In recent years, there’s a new kid on the block - mobile rootkits. These target the smartphones, mainly Android and is installed when the user downloads a malicious application. Why exactly is a rootkit invisible? This is the interesting part. Most of the less advanced anti viruses work on a higher level of the OS and doesn’t actually delve deep into the OS. Even if an antivirus detects a rootkit, a malware could possibly deactivate the protection itself and delete some important components. The smarter rootkits creates a special file to be detected by the antivirus, once it is detected, it shuts down the anti virus and prevents it from running again! 

And because of this, rootkit detection and deletion is not easy. It should be carried out as a three-phase process - rootkit detection, antivirus self-protection, rootkit neutralisation. There are rootkit scanners that detect and delete user-mode rootkits. But the problem with kernel-mode rootkits is that they can only be run when the rootkit is inactive, ie the system has to be in boot mode and all the system processes have to be stopped. So using a single detector might not be effective. The safest way would be backing up your data and then wiping the device. Users should be aware of malicious links and should stop themselves from clicking on suspicious links. The softwares should be uptakes regularly and the vulnerabilities in applications and OS should be looked into. Rootkits can be identified by close inspection of the network logs which might indicate a rootkit communicating with a remote control centre. Analysing the behaviour of the system by checking for patterns of CPU usage might also help in its detection.

   Well, that’s been a long post, I will try to post another one in the next couple of days about some infamous attacks initiated by rootkits. I’ve started the bandit level on overthewire and I’m done till level 5. Not bad for a lazy week 😄 

Meanwhile, another rootkit attack in last week’s news : https://cybernationalsecurity.com/rootkit-malware-infects-thousands-of-ms-sql-phpmyadmin-servers/

University Result mix-up

I read this news online today which reminded me of Type I/Type II errors about a university in Ireland mixing up the results that were published on June 17, 2019. So apparently, few of the results got swapped and the students sensed that something was wrong. A student sent an inquiry about this to the course director and a lecturer at the university confirmed that there was a mix-up. He incorrectly received C and D grades when his actual grades after confirmation were A and B. The other student who was supposed to get C and D (and would eventually have to repeat the modules) were sent the grades A and B instead and might still have no idea that there had been a mix - up. The student was also contacted by the university to tell him that he would have to repeat one of the incorrectly-graded modules at a cost of €175 (seriously?!) and that he wouldn’t be eligible to graduate in August. The actual result for this module was an A1, as confirmed by his lecturer. The reason for all this was termed under ‘spreadsheet malfunction’ - a fancy term, but we all know what it means right? So apparently, because of human error/carelessness a student who actually passed the exam failed and a student who failed the exam passed with flying colours! 

News :https://www.limerickleader.ie/news/home/425915/concern-as-students-at-university-of-limerick-get-wrong-results.html

Tute 3 - Airplane doors

Hey guys, its week 3 already and honestly, I have been slacking off a bit (I blame it on the weather), but finally I decided to get the tute post done. So this week’s tutorial was about airplane doors. The case study was based on different mid - flight airplane accidents and we were asked to come up with some recommendations/practices to ensure the security of flight crew compartments.  

Since most of the accidents occurred in the absence of a co - pilot / pilot, ie when only one person was present in the cockpit, a major recommendation was to ensure that two people are present in the cockpit at all times. So maybe a third crew member (head air hostess) could take the pilot’s/co-pilot’s place if they wanted to step out. The was also a suggestion to design cockpits with toilets but then realised that that wouldn’t necessarily be a solution as one pilot is again left alone.   

Before each flight, the pilots should go through a fitness test to ensure that they are not suicidal and are fit for flying - both physically and emotionally.   

The cockpit entry needs to have a multilayer of security - a password plus finger print. The password can be changed before every flight and is only known to the pilots and the airplane crew head.   

The head should also be given basic emergency landing training or should at least know how to switch the aircraft to autopilot. In case of a hijack, the pilots and the cabin crew should be able to contact the air traffic control and they should be able to switch the plane on auto pilot and control the flight.

Week 3 - Low Probability High Impact Events (Argentina Blackout)

Another week and yet another interesting topic to research and think about - events with low probability and high impact. These are the type of events that might have happened very few times or might not have happened at all and hence the information about these events are very limited. And because of this, it is very difficult to predict their occurrence beforehand. However, they are of high impact which implies that the risk associated with these events are usually very high. So normal examples of these events include terrorist attacks, plane crashes and natural disasters.   

So for those who haven’t heard, there was a blackout on June 16, 2019 that affected the whole of Argentina (yes, a whole country!) and parts of Uruguay - that’s nearly 50 million people! Public transport was halted, internet connections and phone lines obstructed, water supplies cut off, shops forced close, patients surviving on medical equipments forced to shift to hospitals. Reports say that somewhere along the transmission between two hydroelectric power plants, the line was damaged or couldn’t handle the load, possibly because of a tree or a lightning strike. But the plants kept generating power which caused an overload, which then tripped circuits that protect the generators, and finally shut them down. This tripped the protection circuits on the rest of the power plants and brought down the entire nation’s grid.   

Attempts should have been to isolate the damage rather than let it spread to the whole of a nation. Most power systems have sensors that can sense power surges or shortages, even software that can take generators offline or reroute electricity. But in case of Argentina, this obviously did not happen - the system did not react fast enough. Even if Argentina did have the sensors and softwares, it obviously isn’t working. So update them and train the operators to take immediate measures to isolate the problem. Upgrade the outdated substations and cables. Moreover, the transmission and power plant companies could constantly keep track of demand and supply and see if they are balanced. The trees near transmission lines should be trimmed regularly. In addition to this, it would help greatly if consumers were mindful of the electricity usage. In a country where blackouts aren’t rare, better planning is extremely essential. And finally what does the government have to say about all this?   

“The government attempted to reassure citizens that a significant failure like Sunday’s had “zero” chance of happening again, despite the suboptimal state of Argentina’s electricity grid.” A low probability high impact event indeed.