Tespok Kenya icsirt: Enterprise Cyber Threat Attack Targets Report
|
|
- Barbara Reynolds
- 8 years ago
- Views:
Transcription
1 Tespok Kenya icsirt: Enterprise Cyber Threat Attack Targets Report
2 About this Report This report was compiled and published by the Tespok icsirt in partnership with the Serianu Cyber Threat Intelligence Team and USIU s Centre for Informatics Research and Innovation (CIRI), at the School of Science and Technology. Data Collection and Analysis The data used in the analysis was collected from various sensors deployed within Kenyan organisations. We have deployed sensors to enable us to gather statistics and precise information on the cyber threats that target local internet users. We are currently in the process of deploying more sensors across various educational institutions, local businesses and enterprises. We would like to invite local partners who are interested in information security to join our cyber security efforts and awareness initiative by installing a sensor on their network edge. Deployed Sensors Having a large number of sensors across various industry sectors will enable us to more accurately model the various attack processes targeting Kenyan internet users. This is an ongoing effort that offers local businesses and individual internet users a new way to quickly and easily identify local phenomena that are worth investigating. The sensor installation is facilitated by our security experts which involves furnishing new partners with the sensor image and configuration files. The sensor will not interfere in any way with the normal functioning and operation of your organization s network and its assets. In exchange, we give our partners access to regular attack reports enriched with information specific to their organization. We are also developing a dedicated research, investigation and response team to make response time faster and more efficient. The project is triggering interest from many academic, industrial, and governmental organizations. For more information on how to become a partner, please visit co.ke or sc3@serianu.com or icsirt@tespok.co.ke for enquiries. 2
3 Data Analysis and Reporting As previously explained, we collect and analyze attack files from each sensor and these data is aggregated to provide as these reports. The attack data collected includes a large variety of information, such as: Raw data packets (entire frames including the payloads are captured); TCP level statistics; Passive Operating System fingerprinting obtained; IP geographical localization obtained; DNS reverse lookups, whois queries, etc In theory, no traffic should be observed from the sensors we have set up. As a matter of fact, many packets hit the different sensors, coming from different IP addresses. Typically, if an attacker decides to choose one of our sensors as their next victim, they try to establish direct TCP connections or to send UDP, or ICMP, packets against it. Attackers will use diverse tactics when attacking each sensor and this enables us to identify the payloads used and attack methods deployed on each sensor. 3
4 Executive Summary This Report provides statistics on enterprise assets (applications, systems, devices and other information assets) that are being targeted by cyber criminals. Majority of these assets are targeted as a result of known vulnerabilities that are easily exploitable. The Tespok icsirt Enterprise Attack Targets is a compiled list of vulnerabilities that require immediate remediation. Cyber criminals are constantly looking for vulnerable systems that they can exploit for malicious purposes. Systems that display known commercial vulnerabilities are soft targets. International trends have shown that enterprises are increasingly under what is termed as Advanced Persistent Threat (APT). This means that organizations are specifically targeted by hackers in ways that are very sophisticated and that exploit vulnerabilities that have not yet been patched and mitigated. The attackers are now taking time to study enterprise systems to know them intimately and to craft exploits that are specific to them and that buy pass their detection mechanisms. They are then covering up their tracks in ways that are getting harder to detect. In many cases multiple malware instances are launched at the enterprise to guarantee the hackers persistent presence and access to the systems. We at icsirt are devoting resources to work with our partner organizations to warn them of threats that are targeted against them and their systems and how they can avoid them. 4
5 Report Highlights Attacked Enterprise Resources/Assets a. VOIP Servers VoIP technology has seen rapid adoption during the past couple years. At the same time, there has been an increase in security scrutiny of typical components of a VoIP network such as the call proxy and media servers and the VoIP phones themselves. What is being exploited? Various VOIP products from various vendors have been found to contain vulnerabilities that can either lead to a crash or complete loss of control over the vulnerable server/device. How is it being exploited? By gaining a control over the VoIP server and phones, attackers are able to carry out VoIP phishing scams, eavesdropping, toll fraud or denialof-service attacks. Remedy - Scan the VoIP servers and phones to detect open ports. Firewall all the ports from the Internet that are not required for keeping up the VoIP infrastructure. b. Webmail: Almost every organization uses s to communicate. It is a quick and efficient method to pass information. This said it should be noted that if your is not encrypted, one can easily read the contents of these s in plain text when your traffic is sniffed. Webmail can be exploited through DNS cache poisoning, injection attacks, chunkedencoding transfer attempts and redirect access. What is being exploited? The lack of encryption on the webmail service. How is it being exploited? Poorly configured web servers and lack of encryption. Remedy To better secure your s, make sure you utilize encryption and secure the web servers. A quick and cost-effective method is by implementing PGP as an opensource solution for encrypting your s. 5
6 c. Web Applications Cacti Cacti is a network graphing solution that is sometimes used by web hosting providers to display bandwidth statistics for their customers. It can be used to configure the data collection itself, allowing certain setups to be monitored without any manual configuration. What is being exploited? Cacti is prone to a remote command-execution vulnerability as the application fails to properly check the user-supplied input to the computer. Through this vulnerability attackers are able to execute malicious commands on the server. Other vulnerabilities include path disclosure, http response splitting and xss. These vulnerabilities affect version Version0.8.7h and lower. How is it being exploited? By dumping malware on vulnerable servers and waiting for internet users to inadvertently activate these malwares. These then create a communication link with the hacker. The hacker is then able to execute commands remotely. Remedy - The remediation of this vulnerability is through updating cacti to the most recent version and patching the current software version. cpanel This is a web hosting control panel that provides a graphical interface and automation tools designed to simplify the process of hosting a web site. cpanel enables administrators and end-user website owners to control the various aspects of their website and server administration via a web browser. What is being exploited? cpanel is prone to HTML-injection and cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. How is it being exploited? An attacker takes advantage of this vulnerability to execute malicious code in the browser of the affected site. This allows the attacker to steal authentication credentials, control how the site is rendered to the user and launch other attacks. Remedy - The remediation of this vulnerability is through updating cpanel to the most recent version and patching the most recent software version. 6
7 d. Database Slammer worm Slammer worm attacks vulnerable web servers by forcing the cache servers or web browsers into disclosing confidential information. What is being exploited? This worm targets hosts that are running an unpatched copy of Microsoft SQL Server Resolution Service; the host immediately becomes infected and begins spamming the Internet with more copies of the worm program. How is it being exploited? Once it infects a system, it provides the hacker with remote access to the compromised server. Remedy T o prevent infection, patch the server with updates from Microsoft. In the case of suspected infection however, use trusted malware removal tools provided by reputable vendors. SQL slammer SQL Slammer is a computer worm that causes a denial of service on some Internet hosts and dramatically slows down general Internet traffic. What is being exploited? The worm exploits buffer overflow vulnerabilities in the SQL Server Monitor that overwrites the execution stack and executes the rest of the exploit. How is it being exploited? The slammer worm on the infecting computer sends a UDP datagram to port 1434 on the target. When it is in the target s memory it begins sending datagrams of its exploit and worm code to random IP addresses to infect new targets. MS SQL These are Microsoft based servers that run SQL oriented services. It is a relational web hosting database that is used to store web site information like blog posts or user information. MS SQL is the most popular type of database on Windows servers. What is being exploited? The vulnerability is a cross-site-scripting (XSS) vulnerability that allows elevation of privileges, enabling an attacker to execute commands on the SQL Server Reporting Services (SSRS) site in the context of the targeted user. How is it being exploited? The attacker could exploit this vulnerability by sending a specially crafted link to the user and convincing the user to click the link. The attacker could also host a website that contains a webpage designed to exploit the vulnerability. In addition, compromised websites or those that accept or host user-provided content 7
8 or advertisements could contain specially crafted content that could exploit this vulnerability. Remedy - Patch the server with updates from the Microsoft website. e. File sharing Applications These applications are used to download and distribute data such as music, video, graphics, text, source code etc. P2P applications are also used legitimately for distribution of certain applications. However, often times the data is either of a questionable nature or is copyrighted. What is being exploited? The peer-to-peer (P2P) file-sharing network is used as a propagation vector for malware propagation. While file sharing malicious programs open a backdoor through which an attacker can remotely control the compromised machine, send spam, or steal a user s confidential information How is it being exploited? Malware is disguised as files that are frequently exchanged over P2P networks, these malicious programs infect the user s host if downloaded and opened, leaving their copies in the user s sharing folder for further propagation. Remedy -.The best way to minimize infections through file sharing is to use an up to date antivirus or malware removal tool in your computer or host as well as properly configured firewalls which can readily block malicious traffic before they reach your computer. User Applications Adobe Adobe reader is software that is commonly used to read pdf documents. What is being exploited? The sandbox technology in Adobe Reader X is designed in such a way that even if attackers exploited a bug in the software, the malicious code would not be able to access other parts of the computer. This attack successfully bypasses that defense by breaking out of the sandbox. How is it being exploited? The victims receive an with an attached PDF, which in turn contains highly obfuscated JavaScript. Upon opening the attachment, the embedded malware downloads two DLL files, one which displays a fake error message and opens a PDF document, and the other which drops callback software onto the victim s computer. Once installed, the malware calls back to a remote server. Remedy - Patching the Adobe reader software with updates from the adobe website as well as always enabling the protected view option. 8
9 f. Software Activation Sirefef Win32/Sirefef is malware that uses advanced stealth techniques in order to hinder its detection and removal. It downloads and executes arbitrary files and contacts remote hosts. Sirefef includes a self-defense mechanism to protect against security related software by disabling features in these softwares. What is being exploited? Exploits and programs that promote software-piracy such as keygens and cracks. These are programs designed to bypass software licensing. How is it being exploited? Sirefef drops two files to a chosen directory and then makes changes to the registry to ensure that Sirefef runs each time you start your computer. When executed, Sirefef attempt to replace a randomly-selected system driver with its own malicious copy. Remedy - As a consequence of being infected with this threat, you need to repair and reconfigure some Windows security features and also remove the malware completely using reputable malware removal tools. g. Content Management Systems Joomla This is a content management system (CMS), which enables you to build websites and online applications. What is being exploited? The Joomla s XSS vulnerability. How is it being exploited? A malicious hacker injects client-side script in a website which is executed by the victims when they access the website. Remedy Users should regularly patch Joomla with updates from the vendor website. Wordpress This is a web-based application that is used to create websites or blogs. Tim thumb is a script primarily used for resizing and cropping of images. It allows images from remote websites to be fetched and cropped as well the storing them on the server. The list of allowed remote websites is listed within the plugin, and checked against any fetched files. What is being exploited? The Timthumb vulnerability allows third parties to upload and execute arbitrary PHP code in the Timthumb cache directory on the server that hosts wordpress. 9
10 How is it being exploited? Using the Timthumb vulnerability to upload a malicious file, it allows the attacker to compromise the site and run malicious code on the server. We have identified a number of local ISPs hosting word press sites that have this vulnerability and are currently being compromised. Remedy - The remedy for this vulnerability is to update to the latest version of Timthumb or completely disable the plugin is not needed on the site. The Timthumb Vulnerability Scanner plugin is also another remedy. The vulnerability scanner will scan the entire wpcontent directory for instances of any outdated and insecure version of the Timthumb script, and then give you the option to automatically upgrade them with a single click. Performing this scan and update will protect you from hackers looking to exploit this particular vulnerability. Conclusion Over the past couple years; the number of vulnerabilities that are reported has increased with the discovery of new vulnerabilities every other day. At this rate of vulnerability detection and reporting, even small organizations with a single server can expect to spend considerable time reviewing and applying critical patches. Unpatched devices and software leave businesses vulnerable to attacks. Most cyber criminals have access to the same vulnerability information and testing systems that businesses have. Therefore, lack of patch management processes leave Kenyan businesses open to potential data breaches. A robust, pragmatic approach to vulnerability management is required to keep up with the vulnerabilities and keep organisation s information assets safe and secure. Patches are additional pieces of code that have been developed to address specific problems or flaws in existing software. About Cyber Usalama Cyber Usalama is an initiative of the Telecommunications Service Providers Association of Kenya (TESPOK). TESPOK is a professional, non-profit organization representing the interests of Telecommunication service providers in Kenya. Cyber Usalama s main objective is to educate and empower Kenyan internet and computer users to use the Internet safely and securely at home, work, and school, protecting the technology individuals use, the networks they connect to, and the Kenyan cyber space. Through the publication on regular critical cyber Threat incident reports and security awareness reports, Cyber Usalama engages public and private sector partners to raise awareness and educate Kenyans about Cyber security, and increase the resiliency of the Kenyan Cyber space. 10
11 Bibliography Adobe Acrobat Reader: cvedetails. (2013). Retrieved from cvedetails website: cvssscoremin-4/cvssscoremax-4.99/adobe-acrobat-reader.html Nikolaenko, D. P. (2013). Advisories:Secure list. Retrieved from A Kaspersky Lab Website: Rubenking, N. (2013, Feb 21st). Software-patches: Security Watch. Retrieved 2013, from A PC Mag website: SecureWorks. (2013). SecureWorks Counter Threat Unit. Retrieved from Powered by Serianu CyberThreat Intelligence Service 11
Integrated Network Vulnerability Scanning & Penetration Testing SAINTcorporation.com
SAINT Integrated Network Vulnerability Scanning and Penetration Testing www.saintcorporation.com Introduction While network vulnerability scanning is an important tool in proactive network security, penetration
More informationProtecting Your Organisation from Targeted Cyber Intrusion
Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology
More informationKASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com
KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES www.kaspersky.com EXPERT SERVICES Expert Services from Kaspersky Lab are exactly that the services of our in-house experts, many of them global
More informationTespok Kenya icsirt: Enterprise Cyber Threat Attack Report. Quarter 3 July - September 2013
Tespok Kenya icsirt: Enterprise Cyber Threat Attack Report About this Report This report was compiled and published by the Tespok icsirt in partnership with the Serianu Cyber Threat Intelligence Team and
More informationCYBERTRON NETWORK SOLUTIONS
CYBERTRON NETWORK SOLUTIONS CybertTron Certified Ethical Hacker (CT-CEH) CT-CEH a Certification offered by CyberTron @Copyright 2015 CyberTron Network Solutions All Rights Reserved CyberTron Certified
More informationPenetration Testing Report Client: Business Solutions June 15 th 2015
Penetration Testing Report Client: Business Solutions June 15 th 2015 Acumen Innovations 80 S.W 8 th St Suite 2000 Miami, FL 33130 United States of America Tel: 1-888-995-7803 Email: info@acumen-innovations.com
More informationWeb Security. Discovering, Analyzing and Mitigating Web Security Threats
Web Security Discovering, Analyzing and Mitigating Web Security Threats Expectations and Outcomes Mitigation strategies from an infrastructure, architecture, and coding perspective Real-world implementations
More informationIntroduction: 1. Daily 360 Website Scanning for Malware
Introduction: SiteLock scans your website to find and fix any existing malware and vulnerabilities followed by using the protective TrueShield firewall to keep the harmful traffic away for good. Moreover
More informationAdvanced Endpoint Protection Overview
Advanced Endpoint Protection Overview Advanced Endpoint Protection is a solution that prevents Advanced Persistent Threats (APTs) and Zero-Day attacks and enables protection of your endpoints by blocking
More informationIBM Protocol Analysis Module
IBM Protocol Analysis Module The protection engine inside the IBM Security Intrusion Prevention System technologies. Highlights Stops threats before they impact your network and the assets on your network
More informationMalware B-Z: Inside the Threat From Blackhole to ZeroAccess
Malware B-Z: Inside the Threat From Blackhole to ZeroAccess By Richard Wang, Manager, SophosLabs U.S. Over the last few years the volume of malware has grown dramatically, thanks mostly to automation and
More informationHoneyBOT User Guide A Windows based honeypot solution
HoneyBOT User Guide A Windows based honeypot solution Visit our website at http://www.atomicsoftwaresolutions.com/ Table of Contents What is a Honeypot?...2 How HoneyBOT Works...2 Secure the HoneyBOT Computer...3
More informationWeb Application Security
E-SPIN PROFESSIONAL BOOK Vulnerability Management Web Application Security ALL THE PRACTICAL KNOW HOW AND HOW TO RELATED TO THE SUBJECT MATTERS. COMBATING THE WEB VULNERABILITY THREAT Editor s Summary
More informationGuide to DDoS Attacks December 2014 Authored by: Lee Myers, SOC Analyst
INTEGRATED INTELLIGENCE CENTER Technical White Paper William F. Pelgrin, CIS President and CEO Guide to DDoS Attacks December 2014 Authored by: Lee Myers, SOC Analyst This Center for Internet Security
More informationLearn Ethical Hacking, Become a Pentester
Learn Ethical Hacking, Become a Pentester Course Syllabus & Certification Program DOCUMENT CLASSIFICATION: PUBLIC Copyrighted Material No part of this publication, in whole or in part, may be reproduced,
More informationWhat is Web Security? Motivation
brucker@inf.ethz.ch http://www.brucker.ch/ Information Security ETH Zürich Zürich, Switzerland Information Security Fundamentals March 23, 2004 The End Users View The Server Providers View What is Web
More informationSecurity Threat Kill Chain What log data would you need to identify an APT and perform forensic analysis?
Security Threat Kill Chain What log data would you need to identify an APT and perform forensic analysis? This paper presents a scenario in which an attacker attempts to hack into the internal network
More informationRecommended Practice Case Study: Cross-Site Scripting. February 2007
Recommended Practice Case Study: Cross-Site Scripting February 2007 iii ACKNOWLEDGEMENT This document was developed for the U.S. Department of Homeland Security to provide guidance for control system cyber
More informationBotnets: The Advanced Malware Threat in Kenya's Cyberspace
Botnets: The Advanced Malware Threat in Kenya's Cyberspace AfricaHackon 28 th February 2014 Who we Are! Paula Musuva-Kigen Research Associate Director, Centre for Informatics Research and Innovation (CIRI)
More informationINDUSTRIAL CONTROL SYSTEMS CYBER SECURITY DEMONSTRATION
INDUSTRIAL CONTROL SYSTEMS CYBER SECURITY DEMONSTRATION Prepared for the NRC Fuel Cycle Cyber Security Threat Conference Presented by: Jon Chugg, Ken Rohde Organization(s): INL Date: May 30, 2013 Disclaimer
More informationStreamlining Web and Email Security
How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Streamlining Web and Email Security sponsored by Introduction to Realtime Publishers by Don Jones, Series Editor
More informationNetworking for Caribbean Development
Networking for Caribbean Development BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n o g. o r g N E T W O R K I N G F O R C A R I B B E A N D E V E L O P M E N T BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n
More informationAgenda. Taxonomy of Botnet Threats. Background. Summary. Background. Taxonomy. Trend Micro Inc. Presented by Tushar Ranka
Taxonomy of Botnet Threats Trend Micro Inc. Presented by Tushar Ranka Agenda Summary Background Taxonomy Attacking Behavior Command & Control Rallying Mechanisms Communication Protocols Evasion Techniques
More information2014 Entry Form (Complete one for each entry.) Fill out the entry name exactly as you want it listed in the program.
2014 Entry Form (Complete one for each entry.) Fill out the entry name exactly as you want it listed in the program. Entry Name HFA Submission Contact Phone Email Qualified Entries must be received by
More informationWeb Application Threats and Vulnerabilities Web Server Hacking and Web Application Vulnerability
Web Application Threats and Vulnerabilities Web Server Hacking and Web Application Vulnerability WWW Based upon HTTP and HTML Runs in TCP s application layer Runs on top of the Internet Used to exchange
More informationCommon Cyber Threats. Common cyber threats include:
Common Cyber Threats: and Common Cyber Threats... 2 Phishing and Spear Phishing... 3... 3... 4 Malicious Code... 5... 5... 5 Weak and Default Passwords... 6... 6... 6 Unpatched or Outdated Software Vulnerabilities...
More informationCSE 3482 Introduction to Computer Security. Denial of Service (DoS) Attacks
CSE 3482 Introduction to Computer Security Denial of Service (DoS) Attacks Instructor: N. Vlajic, Winter 2015 Learning Objectives Upon completion of this material, you should be able to: Explain the basic
More informationSecurity A to Z the most important terms
Security A to Z the most important terms Part 1: A to D UNDERSTAND THE OFFICIAL TERMINOLOGY. This is F-Secure Labs. Learn more about the most important security terms with our official explanations from
More informationSymantec enterprise security. Symantec Internet Security Threat Report April 2009. An important note about these statistics.
Symantec enterprise security Symantec Internet Security Threat Report April 00 Regional Data Sheet Latin America An important note about these statistics The statistics discussed in this document are based
More informationThick Client Application Security
Thick Client Application Security Arindam Mandal (arindam.mandal@paladion.net) (http://www.paladion.net) January 2005 This paper discusses the critical vulnerabilities and corresponding risks in a two
More informationIBM Advanced Threat Protection Solution
IBM Advanced Threat Protection Solution Fabio Panada IBM Security Tech Sales Leader 1 Advanced Threats is one of today s key mega-trends Advanced Threats Sophisticated, targeted attacks designed to gain
More informationThis session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit.
The hidden risks of mobile applications This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit. To learn more about TraceSecurity visit www.tracesecurity.com
More informationWORMS : attacks, defense and models. Presented by: Abhishek Sharma Vijay Erramilli
WORMS : attacks, defense and models Presented by: Abhishek Sharma Vijay Erramilli What is a computer worm? Is it not the same as a computer virus? A computer worm is a program that selfpropagates across
More informationSECURITY TERMS: Advisory Backdoor - Blended Threat Blind Worm Bootstrapped Worm Bot Coordinated Scanning
SECURITY TERMS: Advisory - A formal notice to the public on the nature of security vulnerability. When security researchers discover vulnerabilities in software, they usually notify the affected vendor
More informationCybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix
Cybercrime myths, challenges and how to protect our business Vladimir Kantchev Managing Partner Service Centrix Agenda Cybercrime today Sources and destinations of the attacks Breach techniques How to
More informationEmerging Network Security Threats and what they mean for internal auditors. December 11, 2013 John Gagne, CISSP, CISA
Emerging Network Security Threats and what they mean for internal auditors December 11, 2013 John Gagne, CISSP, CISA 0 Objectives Emerging Risks Distributed Denial of Service (DDoS) Attacks Social Engineering
More informationWEB APPLICATION FIREWALLS: DO WE NEED THEM?
DISTRIBUTING EMERGING TECHNOLOGIES, REGION-WIDE WEB APPLICATION FIREWALLS: DO WE NEED THEM? SHAIKH SURMED Sr. Solutions Engineer info@fvc.com www.fvc.com HAVE YOU BEEN HACKED????? WHAT IS THE PROBLEM?
More informationAdvancements in Botnet Attacks and Malware Distribution
Advancements in Botnet Attacks and Malware Distribution HOPE Conference, New York, July 2012 Aditya K Sood Rohit Bansal Richard J Enbody SecNiche Security Department of Computer Science and Engineering
More informationArcGIS Server Security Threats & Best Practices 2014. David Cordes Michael Young
ArcGIS Server Security Threats & Best Practices 2014 David Cordes Michael Young Agenda Introduction Threats Best practice - ArcGIS Server settings - Infrastructure settings - Processes Summary Introduction
More informationWebsite Security: What do I need to know? What do I need to do?
Website Security: What do I need to know? What do I need to do? This document describes some of the emerging security issues for and threats to websites as well as some of the options to address them.
More informationWhat Do You Mean My Cloud Data Isn t Secure?
Kaseya White Paper What Do You Mean My Cloud Data Isn t Secure? Understanding Your Level of Data Protection www.kaseya.com As today s businesses transition more critical applications to the cloud, there
More informationWho Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015
Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence AIBA Quarterly Meeting September 10, 2015 The Answer 2 Everyone The relationship between the board, C-suite, IT, and compliance leaders
More informationINFORMATION SECURITY TRAINING CATALOG (2015)
INFORMATICS AND INFORMATION SECURITY RESEARCH CENTER CYBER SECURITY INSTITUTE INFORMATION SECURITY TRAINING CATALOG (2015) Revision 3.0 2015 TÜBİTAK BİLGEM SGE Siber Güvenlik Enstitüsü P.K. 74, Gebze,
More informationGuidance Regarding Skype and Other P2P VoIP Solutions
Guidance Regarding Skype and Other P2P VoIP Solutions Ver. 1.1 June 2012 Guidance Regarding Skype and Other P2P VoIP Solutions Scope This paper relates to the use of peer-to-peer (P2P) VoIP protocols,
More informationDetecting peer-to-peer botnets
Detecting peer-to-peer botnets Reinier Schoof & Ralph Koning System and Network Engineering University of Amsterdam mail: reinier.schoof@os3.nl, ralph.koning@os3.nl February 4, 2007 1 Introduction Spam,
More information2015 TRUSTWAVE GLOBAL SECURITY REPORT
2015 TRUSTWAVE GLOBAL SECURITY REPORT Rahul Samant Trustwave Australia WHY DO CYBERCRIMINALS DO WHAT THEY DO? 1,425% Return on Investment (ROI) Estimated ROI for a one-month ransomware campaign Based on
More informationProtecting against DoS/DDoS Attacks with FortiWeb Web Application Firewall
Protecting against DoS/DDoS Attacks with FortiWeb Web Application Firewall A FORTINET WHITE PAPER www.fortinet.com Introduction Denial of Service attacks are rapidly becoming a popular attack vector used
More informationReducing the Cost and Complexity of Web Vulnerability Management
WHITE PAPER: REDUCING THE COST AND COMPLEXITY OF WEB..... VULNERABILITY.............. MANAGEMENT..................... Reducing the Cost and Complexity of Web Vulnerability Management Who should read this
More informationINFORMATION SECURITY REVIEW
INFORMATION SECURITY REVIEW 14.10.2008 CERT-FI Information Security Review 3/2008 In the summer, information about a vulnerability in the internet domain name service (DNS) was released. If left unpatched,
More informationPractical Threat Intelligence. with Bromium LAVA
Practical Threat Intelligence with Bromium LAVA Practical Threat Intelligence Executive Summary Threat intelligence today is costly and time consuming and does not always result in a reduction of successful
More informationWEB ATTACKS AND COUNTERMEASURES
WEB ATTACKS AND COUNTERMEASURES February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in
More informationCS5008: Internet Computing
CS5008: Internet Computing Lecture 22: Internet Security A. O Riordan, 2009, latest revision 2015 Internet Security When a computer connects to the Internet and begins communicating with others, it is
More informationETHICAL HACKING 010101010101APPLICATIO 00100101010WIRELESS110 00NETWORK1100011000 101001010101011APPLICATION0 1100011010MOBILE0001010 10101MOBILE0001
001011 1100010110 0010110001 010110001 0110001011000 011000101100 010101010101APPLICATIO 0 010WIRELESS110001 10100MOBILE00010100111010 0010NETW110001100001 10101APPLICATION00010 00100101010WIRELESS110
More informationWEB SECURITY. Oriana Kondakciu 0054118 Software Engineering 4C03 Project
WEB SECURITY Oriana Kondakciu 0054118 Software Engineering 4C03 Project The Internet is a collection of networks, in which the web servers construct autonomous systems. The data routing infrastructure
More informationPenetration Test Report
Penetration Test Report Acme Test Company ACMEIT System 26 th November 2010 Executive Summary Info-Assure Ltd was engaged by Acme Test Company to perform an IT Health Check (ITHC) on the ACMEIT System
More informationSECURITY TRENDS & VULNERABILITIES REVIEW 2015
SECURITY TRENDS & VULNERABILITIES REVIEW 2015 Contents 1. Introduction...3 2. Executive summary...4 3. Inputs...6 4. Statistics as of 2014. Comparative study of results obtained in 2013...7 4.1. Overall
More informationCS 356 Lecture 25 and 26 Operating System Security. Spring 2013
CS 356 Lecture 25 and 26 Operating System Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control
More informationWHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats
WHITE PAPER FortiWeb and the OWASP Top 10 PAGE 2 Introduction The Open Web Application Security project (OWASP) Top Ten provides a powerful awareness document for web application security. The OWASP Top
More informationThe Top Web Application Attacks: Are you vulnerable?
QM07 The Top Web Application Attacks: Are you vulnerable? John Burroughs, CISSP Sr Security Architect, Watchfire Solutions jburroughs@uk.ibm.com Agenda Current State of Web Application Security Understanding
More informationQUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY
QUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY EXPLOIT KITS UP 75 PERCENT The Infoblox DNS Threat Index, powered by IID, stood at 122 in the third quarter of 2015, with exploit kits up 75 percent
More informationApril 11, 2011. (Revision 2)
Passive Vulnerability Scanning Overview April 11, 2011 (Revision 2) Copyright 2011. Tenable Network Security, Inc. All rights reserved. Tenable Network Security and Nessus are registered trademarks of
More informationWeb Vulnerability Assessment Report
Web Vulnerability Assessment Report Target Scanned: www.daflavan.com Report Generated: Mon May 5 14:43:24 2014 Identified Vulnerabilities: 39 Threat Level: High Screenshot of www.daflavan.com HomePage
More informationFirewall and UTM Solutions Guide
Firewall and UTM Solutions Guide Telephone: 0845 230 2940 e-mail: info@lsasystems.com Web: www.lsasystems.com Why do I need a Firewall? You re not the Government, Microsoft or the BBC, so why would hackers
More informationBeyond the Hype: Advanced Persistent Threats
Advanced Persistent Threats and Real-Time Threat Management The Essentials Series Beyond the Hype: Advanced Persistent Threats sponsored by Dan Sullivan Introduction to Realtime Publishers by Don Jones,
More informationWHITEPAPER. How a DNS Firewall Helps in the Battle against Advanced Persistent Threat and Similar Malware
WHITEPAPER How a DNS Firewall Helps in the Battle against Advanced Persistent Threat and Similar Malware How a DNS Firewall Helps in the Battle against Advanced As more and more information becomes available
More information2010 Carnegie Mellon University. Malware and Malicious Traffic
Malware and Malicious Traffic What We Will Cover Introduction Your Network Fundamentals of networks, flow, and protocols Malicious traffic External Events & Trends Malware Networks in the Broad Working
More informationMalicious Network Traffic Analysis
Malicious Network Traffic Analysis Uncover system intrusions by identifying malicious network activity. There are a tremendous amount of network based attacks to be aware of on the internet today and the
More informationVulnerability Assessment and Penetration Testing
Vulnerability Assessment and Penetration Testing Module 1: Vulnerability Assessment & Penetration Testing: Introduction 1.1 Brief Introduction of Linux 1.2 About Vulnerability Assessment and Penetration
More information6WRUP:DWFK. Policies for Dedicated SQL Servers Group
OKENA 71 Second Ave., 3 rd Floor Waltham, MA 02451 Phone 781 209 3200 Fax 781 209 3199 6WRUP:DWFK Policies for Dedicated SQL Servers Group The sample policies shipped with StormWatch address both application-specific
More informationABC LTD EXTERNAL WEBSITE AND INFRASTRUCTURE IT HEALTH CHECK (ITHC) / PENETRATION TEST
ABC LTD EXTERNAL WEBSITE AND INFRASTRUCTURE IT HEALTH CHECK (ITHC) / PENETRATION TEST Performed Between Testing start date and end date By SSL247 Limited SSL247 Limited 63, Lisson Street Marylebone London
More informationWith so many web applications, universities have a huge attack surface often without the IT security budgets or influence to back it up.
1 2 Why do we care about web application security? With so many web applications, universities have a huge attack surface often without the IT security budgets or influence to back it up. We constantly
More informationWhere every interaction matters.
Where every interaction matters. Peer 1 Vigilant Web Application Firewall Powered by Alert Logic The Open Web Application Security Project (OWASP) Top Ten Web Security Risks and Countermeasures White Paper
More informationDetecting and Exploiting XSS with Xenotix XSS Exploit Framework
Detecting and Exploiting XSS with Xenotix XSS Exploit Framework ajin25@gmail.com keralacyberforce.in Introduction Cross Site Scripting or XSS vulnerabilities have been reported and exploited since 1990s.
More informationTHE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS
THE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS INCONVENIENT STATISTICS 70% of ALL threats are at the Web application layer. Gartner 73% of organizations have been hacked in the past two
More informationTop five strategies for combating modern threats Is anti-virus dead?
Top five strategies for combating modern threats Is anti-virus dead? Today s fast, targeted, silent threats take advantage of the open network and new technologies that support an increasingly mobile workforce.
More informationCan Consumer AV Products Protect Against Critical Microsoft Vulnerabilities?
ANALYST BRIEF Can Consumer AV Products Protect Against Critical Microsoft Vulnerabilities? Author Randy Abrams Tested Products Avast Internet Security 7 AVG Internet Security 2012 Avira Internet Security
More informationWeb-Application Security
Web-Application Security Kristian Beilke Arbeitsgruppe Sichere Identität Fachbereich Mathematik und Informatik Freie Universität Berlin 29. Juni 2011 Overview Web Applications SQL Injection XSS Bad Practice
More informationMedical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak DryView 8150 Imager Release 1.0.
Medical Device Security Health Imaging Digital Capture Security Assessment Report for the Kodak DryView 8150 Imager Release 1.0 Page 1 of 9 Table of Contents Table of Contents... 2 Executive Summary...
More informationINSTANT MESSAGING SECURITY
INSTANT MESSAGING SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part
More informationDetecting Web Application Vulnerabilities Using Open Source Means. OWASP 3rd Free / Libre / Open Source Software (FLOSS) Conference 27/5/2008
Detecting Web Application Vulnerabilities Using Open Source Means OWASP 3rd Free / Libre / Open Source Software (FLOSS) Conference 27/5/2008 Kostas Papapanagiotou Committee Member OWASP Greek Chapter conpap@owasp.gr
More informationCOURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM
COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM Course Description This is the Information Security Training program. The Training provides you Penetration Testing in the various field of cyber world.
More informationHacking Database for Owning your Data
Hacking Database for Owning your Data 1 Introduction By Abdulaziz Alrasheed & Xiuwei Yi Stealing data is becoming a major threat. In 2012 alone, 500 fortune companies were compromised causing lots of money
More informationSecure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines
Secure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines 1. Implement anti-virus software An anti-virus program is necessary to protect your computer from malicious programs,
More informationSymantec Endpoint Protection Analyzer Report
Symantec Endpoint Protection Analyzer Report For Symantec Customer Table of Contents Statement of Confidentiality... 3 1. Introduction... 4 2. Environmental Analysis Overview... 5 2.1 Findings Overview...
More information1 hours, 30 minutes, 38 seconds Heavy scan. All scanned network resources. Copyright 2001, FTP access obtained
home Network Vulnerabilities Detail Report Grouped by Vulnerability Report Generated by: Symantec NetRecon 3.5 Licensed to: X Serial Number: 0182037567 Machine Scanned from: ZEUS (192.168.1.100) Scan Date:
More informationPenetration Testing with Kali Linux
Penetration Testing with Kali Linux PWK Copyright 2014 Offensive Security Ltd. All rights reserved. Page 1 of 11 All rights reserved to Offensive Security, 2014 No part of this publication, in whole or
More informationCRYPTUS DIPLOMA IN IT SECURITY
CRYPTUS DIPLOMA IN IT SECURITY 6 MONTHS OF TRAINING ON ETHICAL HACKING & INFORMATION SECURITY COURSE NAME: CRYPTUS 6 MONTHS DIPLOMA IN IT SECURITY Course Description This is the Ethical hacking & Information
More informationCyber Security in Taiwan's Government Institutions: From APT To. Investigation Policies
Cyber Security in Taiwan's Government Institutions: From APT To Investigation Policies Ching-Yu, Hung Investigation Bureau, Ministry of Justice, Taiwan, R.O.C. Abstract In this article, we introduce some
More informationThe purpose of this report is to educate our prospective clients about capabilities of Hackers Locked.
This sample report is published with prior consent of our client in view of the fact that the current release of this web application is three major releases ahead in its life cycle. Issues pointed out
More informationHow To Prevent Hacker Attacks With Network Behavior Analysis
E-Guide Signature vs. anomaly-based behavior analysis News of successful network attacks has become so commonplace that they are almost no longer news. Hackers have broken into commercial sites to steal
More informationICTN 4040. Enterprise Database Security Issues and Solutions
Huff 1 ICTN 4040 Section 001 Enterprise Information Security Enterprise Database Security Issues and Solutions Roger Brenton Huff East Carolina University Huff 2 Abstract This paper will review some of
More informationExternal Supplier Control Requirements
External Supplier Control s Cyber Security For Suppliers Categorised as Low Cyber Risk 1. Asset Protection and System Configuration Barclays Data and the assets or systems storing or processing it must
More informationCourse Content: Session 1. Ethics & Hacking
Course Content: Session 1 Ethics & Hacking Hacking history : How it all begin Why is security needed? What is ethical hacking? Ethical Hacker Vs Malicious hacker Types of Hackers Building an approach for
More informationDescription: Course Details:
Course: Malicious Network Traffic Analysis Duration: 5 Day Hands-On Lab & Lecture Course Price: $ 3,495.00 Description: There are a tremendous amount of network based attacks to be aware of on the internet
More informationExternal Vulnerability Assessment. -Technical Summary- ABC ORGANIZATION
External Vulnerability Assessment -Technical Summary- Prepared for: ABC ORGANIZATI On March 9, 2008 Prepared by: AOS Security Solutions 1 of 13 Table of Contents Executive Summary... 3 Discovered Security
More informationProtecting Critical Infrastructure
Protecting Critical Infrastructure SCADA Network Security Monitoring March 20, 2015 Table of Contents Introduction... 4 SCADA Systems... 4 In This Paper... 4 SCADA Security... 4 Assessing the Security
More information6WRUP:DWFK. Policies for Dedicated IIS Web Servers Group. V2.1 policy module to restrict ALL network access
OKENA 71 Second Ave., 3 rd Floor Waltham, MA 02451 Phone 781 209 3200 Fax 781 209 3199 6WRUP:DWFK Policies for Dedicated IIS Web Servers Group The policies shipped with StormWatch address both application-specific
More informationHack Your SQL Server Database Before the Hackers Do
Note: This article was edited in Oct. 2013, from numerous Web Sources. TJS At the Install: The default install for SQL server makes it is as secure as it will ever be. DBAs and developers will eventually
More informationEvading Infrastructure Security Mohamed Bedewi Penetration Testing Consultant
Evading Infrastructure Security Mohamed Bedewi Penetration Testing Consultant What infrastructure security really means? Infrastructure Security is Making sure that your system services are always running
More informationReducing the Cost and Complexity of Web Vulnerability Management
WHITE PAPER: REDUCING THE COST AND COMPLEXITY OF WEB..... VULNERABILITY.............. MANAGEMENT..................... Reducing the Cost and Complexity of Web Vulnerability Management Who should read this
More information