Skip to main content

Posts

Showing posts from January, 2020

Top 10 most common types of cyber attack

A cyber attack is any type of offensive action that targets computer information systems, infrastructures, computer networks or personal computer devices, using various methods to steal, alter or destroy data or information systems. Today I’ll describe the 10 most common cyber attack types: 1.Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks 2.Man-in-the-middle (MitM) attack 3.Phishing and spear phishing attacks 4.Drive-by attack 5.Password attack 6.SQL injection attack 7.Cross-site scripting (XSS) attack 8.Eavesdropping attack 9.Birthday attack 10.Malware attack 1. Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks A denial-of-service attack overwhelms a system’s resources so that it cannot respond to service requests. A DDoS attack is also an attack on system’s resources, but it is launched from a large number of other host machines that are infected by malicious software controlled by the...

What is Mouse hover attack

'Mouseover' technique relies on users hovering over hyperlinked text and images in Microsoft PowerPoint files to drop Trojan.  Researchers have found a new form of attack that abuses the action of hovering over hyperlinked text and images in a Microsoft PowerPoint presentation. Trend Micro researchers discovered the "mouseover" technique, used by a Trojan downloader also found in a spam campaign hitting EMEA businesses in the manufacturing, education, pyrotechnics, logistics, and device fabrication industries. The downloader they analyzed delivers a version of the OTLARD banking Trojan, also known as GootKit. "This is the first occurrence of malware using the 'hover' method to initiate a download that we know of," says Mark Nunnikhoven, Trend Micro's VP of cloud security. GootKit first appeared in 2012 and grew into an information-stealing Trojan with remote access, persistence, network traffic monitoring, and browser manipulation c...

What is Juice Jacking, A new way to steal your data.

Juice Jacking        You may have the best and the most costly mobile, however it may not prevent your data being stolen with so much ease as never before. What one needs is just a charging station with power connectivity and a cable. Let me try explaining why I say so…. The power/data cable that we see in public charging stations, provides unauthorized access to attackers during the charging process; leveraging illegitimate access to get our personal information taken away. This is known as Juice Jacking – a type of cyber attack which originates from USB charging port installed at public places such as airports, cafes, bus stands, etc. Once the device is plugged-in and connection is established, it either installs malware or secretively copies sensitive data from a smartphone, tablet, or any other computer device. The attack could be as simple as extracting all your contact details and private pictures or can be an invasive attack of injecting mali...

Reasons for multilevel authentication

In a recent survey of more than 10,000 IT managers, 71 percent said they believe IT must serve as in-house brokers for on-demand services to help business growth. One imagines that, immediately after answering that question, they emitted a collective groan.  That's because the IT manager's plate is already heaped with a mountain of priorities. In addition to keeping the network up and running, and fulfilling the many competing requests from departments across the organization, they now need to think strategically about supporting business growth while also keeping security top of mind.          Admins have installed antivirus software, raised the firewall, deployed encryption technology, and periodically run vulnerability tests. But the sobering reality is that if multi-factor authentication (MFA) is not in place, these other security measures can be bypassed. A best practice for IT managers is to categorize their systems to identify the ones that co...

3 Types of Password Security Attacks and How to Avoid Them

We’ve all heard the warnings about password security. Never share your password. Never use the vendor default password (like Netgear1). Never use an easy-to-guess password (like Password123 or Mike1982). No matter what industry you work in, chances are, you’re hearing more about these password “rules” at your job. Recent high-profile security breach scandals, like the Target credit card information breach and the Adobe hack, have more business owners and companies taking steps to ensure that their network, and the sensitive information stored on it, is safe and secure.  But while most people do their best to adhere to their employers’ password security guidelines, many are still unsure of why these password protocols are even effective. I recently worked with a large online retailer to help them get up to speed on security protocols. One of the questions asked in our initial meeting helped to give me some perspective on how password security is still viewed by many people. “I...

Types of password hacking

 Understanding the password-cracking techniques hackers use to blow your online accounts wide open is a great way to ensure it never happens to you. You will certainly always need to change your password, and sometimes more urgently than you think, but mitigating against theft is a great way to stay on top of your account security. You can always head to www.haveibeenpwned.com to check if you're at risk, but simply thinking your password is secure enough to not be hacked is a risky position to take. So, to help you understand just how hackers get your passwords, secure or otherwise, we've put together a list of the top ten password-cracking techniques used by hackers. Some of the below methods are certainly old-fashioned, but that doesn't mean they aren't still being used. The top ten password-cracking techniques used by hackers: 1. Dictionary attack The dictionary attack uses a simple file containing words that can be found in a dictionary, hence...

What is OS

An operating system or OS is a software program that enables the computer hardware to communicate and operate with the computer software. Without a computer operating system, a computer and software programs would be useless.  When computers were first introduced, the user interacted with them using a command line interface, which required commands. Today, almost every computer is using a GUI (Graphical User Interface) operating system that is much easier to use and operate. In other words an operating system or OS is software installed on a computer's the hard drive that enables computer hardware to communicate with and run computer programs. Without an operating system, a computer and software would be useless. In the picture is an example of Microsoft Windows XP, an early popular operating system and Windows 10 would be the latest operating system. Win-XP Win 10 Examples of computer operating systems: Microsoft Windows 10 - PC and IBM compatible op...

Resource | Performance monitor in windows

Resource Monitor: Short form for Resource Monitor, Resmon is a feature introduced with Windows Vista that enables users to view real-time resource information about software and hardware on their computer. It shows things like memory, disk, CPU and network performance, as well as which software handles and file modules are working. Go to run and resmon in the box and press enter, as given below. resmon command in run  Below is an example of the Windows Resource Monitor in Windows OS and type of information it provides to users. Resource monitor UI Each tab in the Resource Monitor provides different information. Overview - Provides a quick look at CPU usage, memory usage, disk activity, and network activity. Clicking on and expanding each gray bar provides data for that category. CPU - Displays a list of processes running on the computer, how many active threads they are using, and the percentage of CPU resources being utilized Memory - Displays a li...