Connect with us

Cyber Security

Antivirus Software – The Art of Denial

Avatar

Published

on

Cyber AttacksReading Time: 4 minutes

It’s pretty clear to most people by now that Antivirus for pc just isn’t doing the job. Not only can you not tell if it’s a three percent success or a ninety percent success, this measurement is simply impossible to determine. The reasons are also obvious. It is a tool left over from another time, and although it still has its uses, it simply isn’t suited to being your major line of defense.  It’s not up to the job.

To start with, an AV scanner will only detect what you are already infected with.  In the old days of the amateur viruses, there was an activation date for the virus (Michelangelo, for example, activated on Friday March 6th) and that left all the time leading up to the trigger date to detect and remove the infection. We no longer hear about a trigger date. Malware is there for a reason, whatever that reason is.

Today, there are more new and unique samples of malware each day than were produced in the entire first decade of virus history. (more than two hundred thousand new samples each day as of this writing, probably more by the time you read this) These malware samples mostly don’t replicate, and can almost never be reported to be in the wild.  Finally they are only in circulation for an average of 27 hours.  This is too much work and not enough time for even the best old fashioned AV scanner. Taken with other facts known about scanning and malware, one thing becomes clear: The AV scanner is obsolete.

Other things have been tried, and they all have their place

Many different schemas have been applied to malware and security problems, with varying amounts of success.  A firewall isn’t enough to protect you, but can be a powerful tool to detect and analyze outgoing packets of data.  Host based intrusion prevention relies on pattern files for the functionality of malware (instead of its actual content strings) but can be easily defeated by simply varying the attack structure sufficiently to evade the patterns being used.  Heuristics, Reputation Services, Network filters and many other things each target one part of the malware and hacker problem, often with very good results, but none of them is up to the task.

It might be better to examine the major source of the problem.

The design philosophy of our existing systems comes from an era of inconsequential threat.  The computer programmers who made up PC DOS 1.0 had never seen a virus, Trojan or worm.  They were not anticipating cloud computing or botnets or international cyber crime.  These were science fiction concepts, and like all the best such concepts, actually and eventually came to not only live up to their fictional roots but surpassed them in every way.  Since the personal computer began in the happy go lucky 1980’s, everything was designed with a default allow architecture.  This means that all incoming content is trusted by the personal computer, and will be run or installed without any scrutiny on either the part of the user or the part of the computer itself.  You might say that out computers are not only insecure, but that they are actually promiscuous. This is a pity because in the era that came before the pc era, mainframe computers had very strict permissions settings. In the world of a pc every man is his own system administrator. We call this condition Default Allow mode.

So we blithely let every program we find on the internet (when one browses the internet one picks up programs without ever even seeing them) to run and install and then check them against a database of known malware, after the fact.

The alternative is Default Deny, and it is known by many names, Whitelisting, Lowered Privileges User, to name just a few. Previous attempts to limit accessibility to the Computing Client have put the burden of approval on the user.  This is working pretty well on the Mac, but their method simply requires a password for each executable file that is downloaded or installed.  This is not only not powerful enough a denial, but it bothers users who are accustomed to having full admin privileges on a Wintel based system.  Likewise, the recent Vista and Win7 forays into Denial have met with very negative user previews.  Users simply do not like to be the gatekeeper on any systems, preferring to leave that to the AV vendor.

Default Deny assumes that the user’s machine is clean and malware free to start with, and should be arranged on either a brand new machine or on a machine that has just been formatted specifically for the purpose.  In a world where AV cannot detect everything, you are best served by not removing malware as it is found, but starting with a blank page.

To date, producing an adequate denial system has proved beyond the various AV vendors and also beyond the Giant of Redmond.  Here at Comodo we have a different perspective, because we are a different kind of company. Our Whitelist arrives at your computer already knowing more than eighty million certified applications. As a Certificate Authority, we have actually measured and catalogued most every common application in the world. If you encounter any application that doesn’t fit the whitelist, the program is run in a secluded sandbox, well away from the ability to do any real damage. This combination keeps the client very secure, and does It without bothering or frightening the end user.

This is only part of a comprehensive security strategy that includes backup, malware scanning, HIPS, behavior recognition, a firewall, and comprehensive technical support. Comodo offers a full spectrum of security products for the end user, the small and medium business and the largest enterprise.  After all, we’re a trusted authority.

Comodo is so confident that this comprehensive security offering can safeguard your system that we actually offer a guarantee that includes an offer to repair any system problems caused by any failure of ours to protect you up to five hundred dollars.  No other vendor has ever made such a claim, and, to date, we have never had to pay. (legal restrictions apply, guarantee only good on paid version of the software, not the free version). For full details visit Comodo.com/news/press_releases/2010/04/comodo-internet-security-complete-v4.html.

You can try out Comodo’s Default Deny protection at antivirus.comodo.com/download-free-antivirus.php.

TEST YOUR EMAIL SECURITY GET YOUR INSTANT SECURITY SCORECARD FOR FREE Source: https://blog.comodo.com/pc-security/the-art-of-denial/

Cyber Security

Chrome VPN Gives Basic Security Protection

Avatar

Published

on

The advancement of technology and the ever-increasing need to be “online,” whether for work, shopping, or just browsing the web for information, does, unfortunately, go hand in hand with the advanced actions and methods that hackers and cybercriminals use to access your personal information and data. 

Any Cybersecurity expert worth his (or her) salt would recommend getting a Virtual Private Network (VPN) for both your business and for your own personal use.  The good news is that anyone who is still in doubt regarding these VPN apps’ actual worth can now try a free VPN browser extension for Chrome, which will undoubtedly allay any fears and help you make up your mind. 

Internet Explorer seems a distant memory when it comes to web browsers these days, and Google Chrome has been at the forefront for a while now and has fast become the most popular web browser in the world, so realistically, it’s not really surprising that consumers are pleased that their choice of VPN for Google Chrome is free.

When it comes to versatility, Google Chrome has plenty to offer. Chrome’s security, stability, and user-friendly set up are just some of the reasons why most of us consumers have bid farewell to Internet Explorer, Firefox and Edge and have opted for the ease of access use of Chrome. The countless number of customization options that Chrome can offer by using and installing their available range of extensions and, hey-presto, Chrome turns into a bespoke personal browser that has been tweaked, modified, and finely tuned to your own exact preferences, whatever they may be.

The CyberGhost VPN extension that Google Chrome offers for free is, according to Google, so simple to use that basically anybody can have it up and running and be using it in less than one minute.

You can use it for free for as long as you like; essentially, a free VPN proxy server that ultimately lets users access all aspects of the world wide web and also gives them the ability to unblock geo-restricted websites.  

This free VPN has more than 100 worldwide servers, allowing you to unblock and access content that may not be readily available in your own country, school, or company.  All you need to do is to connect to any server in any location to change your “public” location and alter your IP address.

The installation instructions are simple and clear, and with a few clicks, you will have your free VPN for Chrome which is the fastest and simplest to use proxy service on the market. 

You don’t even need to log in, register or create an account to use Chrome’s free VPN service. You simply install the extension, and you are good to go. Once the VPN extension is installed, you should be confident that you have the right to deal with your surfing and other activities online.

Ease of use should be paramount. Depending on why you have opted for a VPN in the first place, you will undoubtedly be looking to ensure that your privacy is protected whilst you are surfing the web. You will want to circumnavigate censorship from a website or gain access to content that has been geo-restricted because of the location of your IP address. Of course, it goes without saying that your passwords, encryption, and protocol should follow best cybersecurity practices and be as hacker-proof and watertight as they are on all your mobile devices.

Key performance levels are also crucial, especially if you are looking at using Chrome to access streaming services or downloading torrents – you don’t want your VPN to slow down what you’re doing.

Regardless of the varying prices and offers and marketing fluff that companies will be throwing at you, while you make your mind up which VPN service is going to be your “go to, top of the pile, best on the market” choice, picking up a free option may suit you better until you have made your final decision.

Once you see the benefits that the free extension service provides, it won’t be so much of a leap to go for the full VPN package. These are cost-effective and most providers allow you to install the VPN on multiple devices in the home, or workplace. They can be used on cell phones, laptops, desktops and tablets.

Continue Reading

Cyber Security

Three of the Major Threats to Application Security and How to Mitigate Them

Avatar

Published

on

With the increased dependency of our lives on the internet and mobile apps, application security is important, now more than ever. 

The importance of applications in our lives cannot be overemphasized. We depend on them for everything from dating to banking and from bookkeeping to private messaging. 

To give you an idea of just how essential applications are in our lives, 105 billion applications were downloaded in 2018. The number has increased by more than 25 percent over the last two years.

That means one thing, applications are here to stay for quite a bit of time. And if they do have to be a part of our life, they better be secure.

You cannot make anything secure unless you don’t know what exactly you are securing it against. For that matter, we’ll have a look at some of the common security threats applications are facing. Then we’ll see how they can be mitigated.

Major Application Security Threats 

There are more application threats than can be covered in any blog post of reasonable dimensions. We’ve picked the most common threats to give you an idea of what you need to steer clear of as a developer or a user.

Brute Force Hacking 

This is the most primitive and perhaps the rawest method of hacking into a secure environment. As the name suggests, these attacks rely on the use of force to break into an application. 

The way this is done is simple. A hacker programs a computer to try all possible combinations of letters, symbols, and numerals to guess a password. 

Definitely, that takes the computer quite a bit of time to crack the password but given enough time it can do that every single time. 

As of now, there are no active defenses to stop or prevent such an attack. There are some measures that can minimize the possibility. 

How to Avoid Brute Force Hacking?

There are two things that can secure an application against a brute force attack: 

  • The use of a strong password that has a long combination of letters, numbers, and symbols in it. 
  • Limiting the number of login attempts allowed from an IP address within a certain period of time.

Injection Hacking

Another common form of attacks on applications is injection attacks. The target of such attacks is mostly the web-based applications that run on data provided by the user. 

The way these attacks work is by “injecting” data into the application that compromises the security of the system from within.

The most common types of injection hacking attacks include cross-site scripting, code injection, and SQL injection attacks.

Cross-Site Scripting 

These are the attacks where the attackers inject malicious scripts into a trusted application. This causes the application to execute these scripts and behave in a way that exposes sensitive information about the users. 

Code Injection Attacks 

In these attacks, the hackers compromise the application by injecting malicious code into it. When executed, these codes can prevent the application from properly working.

SQL injection 

These attacks involve injecting the application with malicious SQL codes. This makes it possible for the hackers to remotely control the application and access the sensitive data in its databases.

How to Prevent Injection Hacking? 

Unlike brute force hacking, injection hacking can be prevented. Here are some precautionary measures that can secure applications against such attacks:

  • Enforce strict access criteria for getting into the app.
  • Put in place strong screening measures for all the data entered by the users into the app.

Malware Attacks 

Malware is probably the single largest threat not only to application security but to the computer systems as a whole.

This is mainly because of the sheer amount of new malware coming to the market every year. It is estimated that as many as 317 million new computer viruses and malware were created in 2018 alone.

The effects of malware differ from one to another but once they have infected an application they can: 

  • Allow the cybercriminals to make illegal backdoors into the application. 
  • Give unauthorized access to the application.
  • Result in massive data breaches and privacy compromise. 

How to Prevent Malware Attacks

As new malware is coming to the scene every day, there cannot be a singular solution to this problem. However, application security against malware can be improved by: 

  • Putting strong antivirus and firewalls in place.
  • Releasing security patches for the application as and when a new threat is revealed. 
  • Scanning the app for vulnerabilities and fixing them.

While all these measures are to secure applications against specific attacks, there are some things that need to be made a part of the app development process in order to make the apps safer.

Making the Development Environment Secure 

It goes without saying that it is of paramount importance for the developers to make the applications secure. However, just like it is very difficult to proofread what you have written, it is an ego-shattering thing to enforce application security measures. 

A recent study has shown that as much as 83% of developers globally release their apps without implementing proper security measures.

Here are some things that every developer needs to do to ensure application security: 

  • Applications must be developed in accordance with the security standards of the industry leaders and regulators. 
  • Updates and patches must regularly be released to cope with the ever-lurking threat of malware.
  • All the open-source components of the application must be regulated and made at par with the application security standards being followed.

However, it is not just up to the developers to ensure application security. Application users also need to play their part to make sure that the applications they use and the data they have are safe. The things that the users can do include:

  • The use of long and mixed passwords that are hard to guess even for a computer. 
  • Install a firewall on their devices.
  • Don’t download any application from an untrusted source.
  • Keep their credentials safe. 

Continue Reading

Cyber Security

Fintechs are ransomware targets. Here are 9 ways to prevent it.

Avatar

Published

on

Cybercriminals are clever, and they often target fintechs for two reasons. They know fintechs handle a lot of sensitive and financial information on a daily basis, and that they probably have the means to meet hackers’ demands and get back to business as usual.

Ransomware attacks are one of the most common fintech cybersecurity risks, and falling victim to one can be devastating — or disruptive at the very least. So, we asked the experts at ESET to explain how to prevent ransomware, and secure your business from the inside out.

Firstly, what is ransomware and how does it work?

With a ransomware attack, a cybercriminal hacks into their victim’s systems and essentially holds their data “hostage” until they pay a ransom. Since hackers know how valuable data is to a business, they tend to set ransoms in the thousands or even millions of dollars.

There are two types of attacks: crypto ransomware encrypts all the files, folders and hard drives on the infected computer, while locker ransomware locks users out of their devices. For cybercriminals, the goal is to get you to pay up so you can retrieve your files and mitigate any damage to your business.

What to do after a ransomware attack

Unfortunately, you don’t have too many options if you fall victim to a ransomware attack. You’ll need to decide to pay the ransom or not, and that involves weighing up how much your data is worth. Just keep in mind that giving in to a cybercriminal’s demands may encourage them to attack you again — and there’s no guarantee that your data will be restored.

Either way, it’s important to go into disaster recovery mode right away. Follow these steps for what to do if you get ransomware:

1. Alert your IT department. If your company has IT professionals or a Chief Information Security Officer, notify them about the attack. Hopefully, they’ll have a plan of actions for situations like these and be able to guide your team through these steps.

2. Trace the source of the attack. Most ransomware attacks have a countdown clock before all your files are deleted forever, so the sooner you find the source, the faster you can act. Typically, ransomware sneaks its way into your system through a malicious link or email attachment. The best-case scenario is the ransomware only attacks that one device, and the worst-case is it infects your entire system. Once you’ve found the culprit, ask the user if they’ve opened other suspicious emails or noticed anything weird about their computer.

3. Remove that device from your network. To stop the ransomware from spreading through your network, you’ll need to unplug the infected device.

4. Let your employees and clients know about the breach. While it’s important not to cause panic, you do need to be transparent. The truth is, most cyber breaches are the result of human error, so your employees need to know what happened and what’s expected of them. As for your clients or customers, contact them if you have proof their data has been compromised. In other words, avoid putting out a statement until you have all the information.

5. Invest in better security systems. When you’ve gotten through the aftermath, look into more sophisticated cybersecurity in fintech practices.

9 ways to prevent ransomware attacks

Ransomware is incredibly common, and as you now know, there are limited ways to deal with an attack. You need to be proactive and prepared, and implement measures to prevent an attack.

As you might have guessed, fintech cybersecurity should be a priority. These are our tips for how to protect against ransomware: 

Set up sophisticated email filters. The majority of ransomware is delivered by spam or phishing emails. To stop ransomware before it has a chance to infect your systems, employ email filters that scan all email content for spam, viruses and other forms of malware.

Run regular security audits. It’s worth assessing your security systems to identify any gaps or weaknesses. If you can, consider outsourcing your cybersecurity, reallocating resources or hiring in-house professionals to give your fintech peace of mind.

Use an up-to-date antivirus and anti-ransomware software. To protect your company devices from ransomware, malware, identity theft and more, install a third-party antivirus software designed for businesses. ESET Digital Security for Business offers the best ransomware protection and defence against a range of advanced cyber threats, and can be tailored to the size and scope of your fintech. Along with blocking persistent threats, it secures your devices with endpoint protection, which is especially handy if you have employees who work remotely.

Accept all software updates. Cybersecurity companies often release new patches to fix bugs and address vulnerabilities, which is why it’s essential to stay on top of any updates. In other words, you could have the most sophisticated antivirus ransomware software in the world, but that won’t do you any good if you ignore every notification that pops up! Updates usually take a few minutes to download and require you to restart your computer, but they make your company much less vulnerable to ransomware.

Implement multi-factor authentication. Two-factor authentication is good, but multi-factor authentication is better. This means employees will need to enter their username, password and one more piece of additional information — usually a code sent to their phone or email — before they can log into the system. It also makes it harder for hackers to break in.

Create a whitelisting program. This is effective in preventing ransomware, and it involves restricting the applications that can run within your company’s system. Think of it as the opposite of blacklisting — only applications that have passed the approval process will work.

Encrypt your company files. Ideally, all of your data should be end-to-end encrypted, and access limited to the people who need that information to do their jobs. The good news is, most computers and phones have built-in operating systems that encrypt stored data and prevent unauthorised users.

Tighten your cloud security. Speaking of the cloud, some cloud services don’t offer secure encryption and can’t distinguish between authorised users and other people trying to access the cloud. ESET Cloud Office Security will configure your cloud security so hackers can’t bypass your company’s policies and tap into sensitive information.

Routinely back up your data and systems. By backing up your data regularly, you’ll be able to recover any lost or corrupted data if your server crashes or if you fall victim to a ransomware attack. We recommend always having two encrypted backups: one on the cloud, and one an external hard drive.

Get in touch with ESET today!

Ready to protect your business from the inside out? With ransomware, prevention is always better than cure, so head to ESET’s site to learn more about their top-rated cybersecurity systems.

Coinsmart. Beste Bitcoin-Börse in Europa
Source: https://australianfintech.com.au/fintechs-are-ransomware-targets-here-are-9-ways-to-prevent-it/

Continue Reading

Cyber Security

What are Insecure Direct Object References (IDOR)?

Avatar

Published

on

HackerOne Hacker Noon profile picture

@hacker0x01HackerOne

HackerOne empowers the world to build a safer internet.

Insecure Direct Object References (or IDOR) is a simple bug that packs a punch. When exploited, it can provide attackers with access to sensitive data or passwords or give them the ability to modify information. On HackerOne, over 200 are found and safely reported to customers every month. 

What is an IDOR?

There are several types of IDOR attacks, including:

  • Body Manipulation, in which attackers modify the value of a checkbox, radio buttons, APIs, and form fields to access information from other users with ease.
  • URL Tampering, in which the URL is modified at the client’s end by tweaking the parameters in the HTTP request. 
  • HTTP Requests in which IDOR vulnerabilities are typically found in GET, POST, PUT, and DELETE verbs.
  • Mass Assignment, where a record pattern can be abused to modify data that the user should not be able to access. While not always a result of IDOR vulnerabilities, there are many powerful examples of this being the result of it. 

In its simplest and most common form, an IDOR vulnerability arises when the only input required to access or replace content is from the user. This vulnerability submitted to Shopify by California-based hacker Rojan Rijal (a.k.a. @rijalrojan) in 2018 is the perfect example.

By observing how file attachments were labeled when sending a query to Shopify’s Exchange Marketplace application, Rojan was able to replace documents by leveraging the same file name from different accounts. 

Figure 1: IDOR vulnerability reported by @rijalrojan to Shopify on the HackerOne platform.

For retail and ecommerce companies, IDOR vulnerabilities represent 15% of what organizations pay bounties for and represent the top vulnerability for programs across government (18%), medical technology (36%), and professional services (31%) industries. 

If they’re so simple, why are they so common? 

In short, IDORs can not be detected by tools alone. 

IDORs require creativity and manual security testing to identify them. They require you to understand the business context of the target application. While some scanners might detect activity, it takes a human eye to analyze, evaluate, and interpret. Understanding the deeper context is an innately human skill that machines cannot replicate. In traditional pentests, unless a pentester tests every possible parameter in every request endpoint, these vulnerabilities can go undetected. 

What are the implications of an IDOR vulnerability? 

Perhaps the most infamous IDOR vulnerability as of late is that found in alt-tech social media platform Parler. The company ordered their posts by number in the URL, a telltale sign of IDOR. If you add a sequential digit to a Parler post URL, you could access the next post on the platform indefinitely. Without authentication or access limits, an attacker could easily build a program to download every post, photo, video, and data from the entire site. While this was just public posts (not necessarily IDs used to verify accounts), geolocation data from posts was also downloaded, which could reveal GPS coordinates of users’ homes.  

How can you prevent IDORs from cropping up?

“Avoiding IDOR is only possible by building a robust access control mechanism, choosing the best fit methodology for your scenario, log all access and if possible do an audit with a post authorization check,” said HackerOne hacker Manoel Abreu Netto, better known online as @manoelt.

“However, if you want to reduce the impact of an IDOR, avoid using a simple pattern to reference objects in the backend, thus not using a sequential integer value but something like uuid or even a MAC (hashed ID) with a salt per user session.

This does not eliminate the IDOR, but reduces the overall impact and the ability to enumerate objects.”

To remediate IDOR vulnerabilities, below are a few best practices. 

  1. Developers should avoid displaying private object references such as keys or file names.
  2. Validation of parameters should be properly implemented.
  3. Verification of all the referenced objects should be checked.
  4. Tokens should be generated in such a way that it can only be mapped to the user and is not public.
  5. Ensure that queries are scoped to the owner of the resource. 
  6. Avoid things like using UUIDs (Universally unique identifier) over Sequential IDs as UUIDs often let IDOR vulnerabilities go undetected.

For more information about reducing risk and getting started with hacker-powered security, check out our CISOs Guide to Deriving Value from Hacker-Powered Security.

Tags

Join Hacker Noon

Create your free account to unlock your custom reading experience.

Coinsmart. Beste Bitcoin-Börse in Europa
Source: https://hackernoon.com/what-are-insecure-direct-object-references-idor-hz1j33e0?source=rss

Continue Reading
Blockchain3 hours ago

Stanislovas Tomas im Interview: „NFTs können unsere Gesellschaft verändern“

Esports7 hours ago

Dota 2: DPC Weekly Recap — SEA Apr 12-17, 2021

Esports9 hours ago

Apex Legends Season 9 will add new hero, fix Banglore bugs

Esports10 hours ago

Reapered joins 100 Thieves as the new head coach, Zikz leaves

Esports10 hours ago

Zayt Retires From Competitive Fortnite For The Second Time

Esports11 hours ago

LoL: 100 Thieves Sign Reapered As LCS Head Coach

Esports11 hours ago

Dota 2 patch 7.29b brings nerfs to Phantom Lancer and Lifestealer amongst other hero balance changes

Esports12 hours ago

RLCSX EU top six is taking shape after Spring Regional 3 Day 2

Esports12 hours ago

OWL 2021 Power Rankings – #10 Washington Justice

Esports12 hours ago

How to Calculate Steam Market Tax on CSGO Items

Esports15 hours ago

New CSGO Update Makes Items Purchased From Store Non Tradable for a Week

Esports15 hours ago

Radiant Valorant streamer Solista banned for cheating on live stream

Esports15 hours ago

Valve removes permaban on Jamppi, other VAC-banned CSGO pros

Esports16 hours ago

Valve is working on Source 2 for CSGO: Report

Esports18 hours ago

Wild Rift: All Upcoming Champions Calendar

Esports18 hours ago

Summit1g shows off new mouse worth $100,000

Esports19 hours ago

Omega and BOOM Esports take the lead in the DPC Southeast Asia upper division

Esports19 hours ago

How to get Kelly and Ford for free using Free Fire redeem code

Esports19 hours ago

Dota 2 Patch 7.29b Nerfs Phantom Lancer, Lifestealer & Huskar

Esports20 hours ago

PUBG Mobile India: Dynamo drops hints about Release Date in a satirical manner

Esports20 hours ago

OTV Valorant Tournament: How to Watch

Esports20 hours ago

Gloo is Mobile Legends: Bang Bang’s first tank in a while

Esports21 hours ago

Rocket Launcher, Cuddle Fish vaulted from Fortnite competitive

Esports21 hours ago

Lycan gets big buffs in patch 7.29b after Necronomicon removal

Esports21 hours ago

India’s next Olympian from esports

Esports21 hours ago

Dota 2: Biggest Changes In Update 7.29b

Esports22 hours ago

Genshin Impact: Free Primogem Codes for April 2021

Esports23 hours ago

Top Five Free Fire Characters for Clash Squad Mode for April 2021

Esports23 hours ago

Cloud9 Valorant: Relyks departs, floppy to fill in

Esports1 day ago

Free Fire Redeem Code for Today 17th April

Trending