Tag Archives: daily read

Learn how password cracking works?

The biggest security problem is a weak password. Either individual password or enterprise server passwords. Maintaining good password is very challenging. And, We all end up using same weak password in multiple places.

This video gives a good understanding of how password can be cracked within a seconds. Listen here.

Advertisement

News of the day: China hacks govts, browser can track ultrasonic signals etc

Your browser can pick up ultrasonic signals you can’t hear, and that sounds like a privacy nightmare to some

People can generally hear audio frequencies ranging from 20 Hz and 20,000 Hz, though individual hearing ranges vary. Audio frequencies below and above the threshold of human hearing are known as infrasound and ultrasound, respectively.

A few years ago, digital ad companies began using ultrasonic signals to track people’s interests across devices: if a TV advert, for example, emits a sneaky inaudible signal, a nearby smartphone could pick it up and pass it to an app, which updates the owner’s ad-targeting profile with details of what they were watching and when. Now you know when someone’s into cooking shows on the telly, or is a news junkie, or likes crime documentaries, and so on. Read more in

New cybersecurity report says China-based group is hacking Asia-Pacific governments

A China-based hacking group has been quietly carrying out a five-year cyber espionage campaign against Asia-Pacific governments after it previously “slipped off the radar,” a new report claims. 

  • A China-based hacking group has quietly been carrying out a five-year cyber espionage campaign against governments in the Asia Pacific region, a new report by Check Point revealed.
  • The collective known as Naikon has targeted countries including Australia, Indonesia, Philippines, Vietnam, Thailand, Myanmar and Brunei.

Read more in

For six years Samsung smartphone users have been at risk from critical security bug. Patch now

Samsung has released a security update for its popular Android smartphones which includes a critical fix for a vulnerability that affects all devices sold by the manufacturer since 2014.

On its Android security update page Samsung thanks researcher Mateusz Jurczyk of Google Project Zero for the discovery of the vulnerability that could – he claims – be exploited to run malicious code on a targeted device, without alerting the user.

Such an attack, if successful, could result in a remote hacker gaining access to a wide variety of information – including a user’s call logs, address book, SMS archive, and so forth. Read more in

Daily Read: Cyber Resilience: Doing More with Less

Abstract

It’s definitely not business as usual. Threat actors are taking full advantage of these uncertain times by launching a wave of new cyber-attacks, leveraging tactics such as phishing, ransomware, and credential stuffing. Ransomware attacks alone skyrocketed 148% in the past month, according to VMware Carbon Black threat researchers. At the same time, many organizations are being forced to downsize staff and delay planned IT security projects. 

To improve cyber resilience under the current conditions, it’s vital to focus on the effectiveness of security controls in the context of hackers’ tactics, techniques, and procedures ― often called TTPs.

The following five best practices, based on an analysis of threat actors’ TTPs, can improve cyber resilience without the need for more resources:

  • Establish Secure Remote Access… for Workforce and IT Admins
  • Avoid Taking the (Phishing) Bait
  •  Step Up Your Multi-Factor Authentication Game
  • Boost Your Infrastructure Immunity Against Ransomware 
  • Enforce Least Privilege

Read more in

https://www.securityweek.com/cyber-resilience-doing-more-less

Daily Read: What is an advance persistent thread (APT)?

Advanced persistent threats (APTs) are attacks that gain an unauthorized foothold for the purpose of executing an extended, continuous attack over a long period of time using a variety of tools to achieve a single and specific malicious objective.

While small in number compared to other types of malicious attacks, APTs should be considered a serious, costly threat. In fact, according to the NETSCOUT Arbor 13th Annual Worldwide Infrastructure Security Report, only 16% of enterprise, government or education organizations experienced these threats in 2017, but 57% of these organizations rate them as a top concern in 2018.

Most malware executes a quick damaging attack, but APTs take a different, more strategic and stealthy approach. The attackers come in through traditional malware like Trojans or phishing, but then they cover their tracks as they secretly move around and plant their attack software throughout the network. As they gain a foothold, they can then achieve their goal – which is almost always to continually and persistently extract data – over a period of months or even years.

Read more in

https://www.carbonblack.com/resources/definitions/what-is-advanced-persistent-threat/