Manogna Alahari

Domain Name Hijacking: Incidents, Threats, Risks and Remedial Actions

November 29, 2018 by Manogna Alahari Leave a Comment

http://archive.icann.org/en/announcements/hijacking-report-12jul05.pdf

Article: Domain Theft Strands Thousands of Web Sites

After I read this article I searched some related keywords from Google. I found a report which was published by ICANN Security and Stability Advisory Committee. In general, this report is describing domain hijacking. You all can find some useful information regarding following:

– Risk and threats associated with domain hijacking
– Vulnerabilities observed from domain hijackings
– Recovery mechanism
– Security measures to protect domain names

Browser Extensions: Are They Worth the Risk

November 26, 2018 by Manogna Alahari Leave a Comment

https://krebsonsecurity.com/2018/09/browser-extensions-are-they-worth-the-risk/

I read an article titled – Browser Extensions: Are They Worth the Risk – where the author states, cyber criminals hacked browser extension of a popular file site- Mega.n, for google chrome so that usernames and passwords submitted through the browser were copied and forwarded to some scamp server in Ukraine. To avoid these kind of scenarios, limit the exposure to these attacks by getting rid of extensions that are no longer useful or actively maintained by developers since browser extensions can systematically fall into wrong hands. Browser extensions can be especially handy and useful, but negotiated extensions can give attackers access to all data on your computer and the websites we visit. In this case, the extension gets negotiated when someone with legitimate rights to alter its code gets phished or hacked which can be nightmares for users. If using multiple extensions, adopt a risk-based approach or limiting one’s reliance on third-party browser extensions reduces the risk significantly

Five cyber security threats to be aware of

November 26, 2018 by Manogna Alahari 1 Comment

https://www.iol.co.za/business-report/technology/five-cyber-security-threats-to-be-aware-of-17396238

Phishing: Phishing emails look like they are from a recognized source and target you into giving them things like your banking details or login credentials to valuable data sources hence double check the address of the sender, and usually a phishing email is not 100% correct.

Mobile security: Mobile apps are full of spyware, which takes your data and shares it in the background without you having any knowledge that your data is being shared. Also,before you download an app check the permissions it is asking for

Passwords: many people use the same password for many other different sites, and hackers would have access to many of your profiles.

Public and private wifi: Do not use public wifi to access sensitive information such as mobile account because you could connect someone else’s computer and they are collecting people’s information.

Be aware: Beware, cyber-criminals are using face to face or telephone conversations, pretending to be a customer or a person wanting to do business with you to information that they can use.

AMD Acknowledges Newly Disclosed Flaws In Its Processors — Patches Coming Soon

November 26, 2018 by Manogna Alahari Leave a Comment

AMD has acknowledged 13 critical vulnerabilities, and exploitable backdoors in its Ryzen and EPYC processors disclosed earlier by Israel-based CTS Labs and promised to roll out firmware patches for millions of affected devices ‘in the coming weeks.’
According to CTS-Labs researchers, critical vulnerabilities (RyzenFall, MasterKey, Fallout, and Chimera) that affect AMD’s Platform Security Processor (PSP) could allow attackers to access sensitive data, install persistent malware inside the chip, and gain full access to the compromised systems.
Although exploiting AMD vulnerabilities require admin access, it could help attackers defeat important security features like Windows Credential Guard, TPMs, and virtualization that are responsible for preventing access to the sensitive data from even an admin or root account.
In a press release published by AMD, the company downplays the threat by saying that, “any attacker gaining unauthorized administrative access would have a wide range of attacks at their disposal well beyond the exploits identified in this research.”

https://thehackernews.com/2018/03/amd-processor-hacking.html

November 26, 2018 by Manogna Alahari Leave a Comment

A 15-year-old security researcher, Saleem Rashid has discovered a serious flaw in cryptocurrency hardware wallets made by Ledger, a company which designs products to protect the user’s private keys from malicious software that might try to gather those credentials from the user’s computer. Rashid mentions that if the attacker has the physical access to the device, who could update the devices with malicious code that would wait for a potential buyer to use it, and then route the private key and drain the user’s cryptocurrency account, when the user goes to use it. The major problem with ledger device is that it contains a secure processor chip and a non- secure microcontroller chip, where the attackers use the insecure microcontroller chip to run the malicious software.

– The authentication to the microcontroller should be strong enough so that any insecure element cannot authenticate to microcontroller.

– Ledger should include tamper protection seal which warns the customers that the device has been physically opened or modified prior to its first use by customer.

– One of the chances where attackers gain the physical access to the device is when the products frequently outrun the company’s ability to produce them and this lead the chief of the company state that their products can be purchased from the third party sellers. I feel it’s a good idea to purchase this kind of devices directly from the source.

– In Ledger device the secure processor chip and in-secure microcontroller chip still passes the information with each other, while the attacker can use the in-secure microcontroller chip and generates the displayed receive address using the code running on the machine

– The ledger wallet doesn’t implement any integrity-check/anti-tampering to its source files, meaning they can be modified by anyone.

– New ledger users would typically send all their funds to the wallet once initialized. If the machine was pre-infected, this first transaction may be compromised causing the user to lose all of his funds.

https://community.mis.temple.edu/mis5211sec001fall2018/2018/11/26/5965/

First ‘Jackpotting’ Attacks Hit U.S. ATMs

November 14, 2018 by Manogna Alahari 1 Comment

https://krebsonsecurity.com/2018/01/first-jackpotting-attacks-hit-u-s-atms/

Jackpotting- Installing malicious software and/or hardware in an untheorized manner at the ATM machines which target the control of the dispense in order to Cash-Out the ATM.
Ability to connect a chord of ATM to a laptop and the press of a button to install malware and start controlling the ATM using the keyboard or an SMS message. ATMs of a particular manufacturer using Windows XP as OS on ATMs are prone to this attack, the manufacturer was recommended to upgrade the OS of ATMs to Windows 7.
I think there should not be an option to connect external machines with the ATM machine on site, even for repair, one needs to bring in a new machine replace with a new machine and only repair the machine at a centralized location.
If the above option is not feasible there should be an alert mechanism which alerts the nearest bank or police station when someone tries to connect an external device to the ATM at the site.

Would You Have Spotted This Skimmer?

October 31, 2018 by Manogna Alahari 3 Comments

https://krebsonsecurity.com/2018/02/would-you-have-spotted-this-skimmer/

Skimming is a form of theft by which credit card or debit card information is stolen/captured by recording by installing a bit of technology, typically at the credit card terminal.
While more banks are issuing credit and debit cards containing a minute computer chip these days, which is more difficult to forge, not all vendors accept them yet. So, most cards still have magnetic strips attached to the back of the cards. This makes it possible to steal the information from the strips and allows criminals to use the fake cards created by skimming. It is difficult to identify whether a skimming device is installed in the ATM or not because of the miniature size of the device and different places where criminals install.. All the retail outlet should use few protective steps like running a baseline scan of the store, installing skimmer detection devices, inspecting the seal etc

Chronicle: A Meteor Aimed At Planet Threat Intel?

October 17, 2018 by Manogna Alahari 1 Comment

https://krebsonsecurity.com/2018/01/chronicle-a-meteor-aimed-at-planet-threat-intel

In this article, it is mentioned, on what factors do the companies rely on security software and what factors do IT staff generally miss out, The article also talks about challenges faced by a new company which is entering into Cyber security or anti virus firm, how the new company example- CHRONICLE- (a malware intelligence service acquired by Google) should be able to differentiate itself from the existing available tools in the market.

https://medium.com/chronicle-blog/give-good-the-advantage-75ab2c242e45

Companies CEO Stephen Gillett mentions that they would include new features like machine learning, artificial intelligence also massive data analytics and storage capabilities which hopefully enable to help these organizations to reach the present standards.

Basic rules for securing IoT

October 10, 2018 by Manogna Alahari 1 Comment

Article: https://krebsonsecurity.com/2018/01/some-basic-rules-for-securing-your-iot-stuff/

Every software design should strictly adhere to cyber principles. On top of that, I strongly believe any software that is being developed should be “secured from design”. Securing the software right from the design phase off the application , should be the primary design checklist.

Below are few what I can think off additionally from what is posted in the above article.
1. SECURE FROM DESIGN – think about security right from the application design phase.
2. LOAD TESTING – DNS servers should have been tested with a high load in their lower environments (performance), to ensure they can manage heavy traffic.
3. DNS servers on CLOUD – cloud has capabilities of autoscaling when the traffic exceeds the threshold additional servers automatically spin up.
4. FAULT TOLERANCE- DNS servers should also think about fault tolerance. Automatically diverting faulty traffic or vice versa

Learn how to protect against ransomware attacks

September 26, 2018 by Manogna Alahari 2 Comments

Ransomware attack that causes serious digital disruptions has quickly become one of the top types of cyber-attacks. Any ransomware attacks normally affect systems most often through phishing attacks and malicious executables. Once a PC is compromised, the malware then encrypts files before throwing up a landing page warning that if the victim does not pay up, they will never receive a key to decrypt their systems. Ransomware which infiltrates by exploiting vulnerabilities or guessing weak passwords uses mechanisms like the popular password discovery tool to start to gain control of a network.
To protect your systems from such attacks, here are a few countermeasures:
1. Patch all vulnerable versions of Microsoft, critical patches are released ahead of their Patch Tuesday.
2. Update your antivirus and anti-ransomware definitions regularly.
3. Regularly backup your critical data. In the advent of a ransomware attack, backups are the only way one can minimize the damage.