Archive for December 2015
The BYOD (bring your own device) trend increasingly blurs the lines between personal and company data.
Employees now regularly access work data and social media accounts on their personal devices, or use work computers to check personal emails and social media accounts. As we change the way we work, social media security is growing in importance.
Why Does Social Media Security Matter?
Spear phishing is one of the most effective and damaging types of attack, often designed for the collection and resale of sensitive information.
Spear phishing is a type of highly targeted email scam which gets most of its efficacy from social media accounts, with friend and personal data used to customise and personalise malicious emails. Personalised emails are sent to the employees of an organisation, from an apparently trusted source like your boss, or one of your colleagues. These emails contain malware, or a link to a website harbouring malicious code, in order to extract sensitive information and login credentials.
Improved social media security and awareness will help employees to secure their personal data, and reduce the efficacy of spear phishing.
Connected Accounts :
Professional social media accounts (like LinkedIn) are often used at work, and in some cases company social media accounts are linked to an employee’s personal social media accounts. If that employee’s Facebook account is hacked, your company’s Facebook account will also be compromised.
Additionally, growing numbers of cloud-based apps allow you to log in with your social media account. So if your social account is breached, it’s not just one account that is compromised – it’s every account that’s linked to it.
How to Improve Social Media Security :
1.Don’t link accounts – yes, linking your accounts makes things more convenient because you only need to remember one set of log-in details. But the same is true for the hacker. If they break into one account, they can break into all that are linked and steal sensitive data.
2.Learn how websites use your information – some social media websites sell your data to third parties. The less information they have, the less can be hijacked in the event of a data breach.
3.Use privacy settings – these determine who can see what information about you on social media. Many social media websites change their settings regularly, so be sure to keep up to date to keep your data private.
4.Choose what data you share – you may be mindful about posting your address or phone number on your profile, but think about your status updates. Most people won’t think twice about sharing pet photos, but one in six people use a pet’s name in their password! Status updates, interests and personal information will all help hackers guess your passwords.
5.Roll out a social media security training programme – research shows that 91% of successful data breaches rely on the manipulation of an organisation’s employees and customers.
Considering implementing a security awareness training program? If so, a computer-based training program is well worth consideration.
Whilst not an alternative to a well developed training strategy (security training should be an ongoing priority, with training based on functions within the organisation), computer-based awareness training can make for great foundational training for all your staff.
1) Staff Can Train When They Have Time :
A key benefit of computer-based training is that your staff can fit it around their work schedule. Rather than having to mark a day or two out for a training course, they can open up the software during downtime and cover the material then.
This helps employees to stay productive, and minimises any impact on your employees' key responsibilities.
2) Great for Establishing Basic Knowledge :
A computer-based security awareness training program is great for establishing the minimum knowledge that all of your employees need, from receptionists to senior management. A good program introduces basic concepts like: password best practices, email/web security, creditcard handling best practices, avoiding social engineering, securing mobile devices, staying safe on social media, secure remote working, how to use anti-virus software and physical security.
These are all things that people throughout your entire organisation need to have knowledge of, and computer-based training software can rapidly be rolled out organisation wide.
3) Cheaper Than Conventional Training :
The costs of enrolling your entire organisation in conventional training programs soon add up. There are two big costs that need to be considered:
The cost in terms of lost productivity, of taking your entire company out of their day-to-day roles for a day or two to train.
The cost in terms of training -- hiring trainers to educate your entire team.
Computer-based software is much more cost effective, saving your budget. Security awareness training software can start from as little as £60 per individual, and not having to take time out of the day minimises lost productivity.
4) Staff Can Easily Refresh Knowledge :
With computer-based training software, it's easy for staff to refresh their knowledge. You can test staff on key concepts at regular intervals, and have them revise with the software in their own time. This is very different to traditional instructor-led training, where running a refresher exercise is a huge endeavour in itself, much akin to running the initial training program.
Linux is regarded as the preferred os for all the computer wet works, on its ethical side as well the dark side. As Android really is a Linux structured operating system that allowed developers to create many hacking applications for Android itself. Therefore, we are showing a summary of Android hacking software that can switch your android system straight into a hacking device.
These hacking tools are easy to use and not difficult to operate plus most of them have a graphical user interface that allows the operator easy access and understandability of the software.
RAT is basically a Remote Accessing Tool and Andro well you guessed it stands for Android, which makes it a remote accessing tool for many Android devices, this is essentially a host client program that is utilized to manipulate a system without the need of touching the device in order to gain entry to the operating system.
SpoofApp application effectively pretends as the same software by falsifying information and thus achieving an obscure edge. One can place phone calls using anybody’s phone number. However, if one wants to do that, they would require an extra piece of work commonly known as spoof cards. The software also includes voice changers and allow the user to record the whole conversation. If the software is being installed for the first time, then the user receives free five minutes.
WhatsApp Sniffer is much like Wire Shark that is also a sniffing tool, though WhatsApp Sniffer is solely made for sniffing WhatsApp messages one can use this application to gain access to other peoples WhatsApp messages, their WhatsApp images, WhatsApp video clips and audios but for that one is required to make their device the Wi-Fi hotspot so the traffic can be filtered though there device.
APK Inspector enables you to view the source code of the application you are going to use; it is an excellent tool for viewing what permissions does the application has, and it allows its user to edit features making it possible to enable, disable and deleting them altogether.
This is a fun application; it allows people to kick a person to see how many people are using a WiFi device and then one can kick the person of that wifi network also they can block them.
Since everyone is on Facebook today, so a lot of people want to know how to get information on other people’s accounts. DriodSheep allows its user to capture cookies of the social media, but the condition is that the target should be present on the same network. And in order to fully understand it, one should have sound knowledge of session hijacking.
You can guess by its name what this software can do if you can’t then let us explain. This application successfully connects two people via a call that makes them believe that they called one another. The software allows its user to record and save the conversation(s).
These are some advanced hacking apps that are specially designed for the security professional and safety researchers.
This android tool was created by Scott Herbert, which can be used to start a Denial of Service attack(s) or DoS attacks through your smartphone. It was produced as an effective stress examining the program. If used with the right amount of internet speed it is an extremely powerful tool, it can also be used to take down servers. But try not to go ahead, since it is one of the fast methods of getting behind bars and you don’t want that now that holidays are here.
This application stands out as the tool set for almost any hacker who wants it to use this programs as means to test network scanning, pinging their systems, scan DNS servers, trace routes, check for exploits, etc. Though written in the description was that it still happens to be in its testing phase and people can expect the full version soon.
Nmap and Zenman (a graphical unit of Nmap) are regarded as a highly used and respected tool in the realm of hackers, whether white, gray or black. Now that they are available on Andriod devices – it allowed its users to scan networks and provided a lot of information such as what operating system that target machine has, what ports can be exploited so on so forth. However, it works on both rooted and non-rooted devices, but it works best on a rooted device.
This is another piece of work that is used for network analysis and pen testing, a complete suite for a smartphone. As soon as dSploit is fired up, it is possible to map effortlessly one’s networking system, identify operating systems and functioning services, look up current weaknesses, check login processes of numerous Transmission Control Protocol or TCP protocols, live traffic manipulation, password sniffing, etc.
This application is used for hacking WiFi passwords; Biogo Ferreira created the app for testers, and it is an excellent piece of work for WEP/WPA WiFi key decoding. Though, it can crack a limited amount of routers but with its latest version the list of routers has increased.
Although this is not a stand-alone software, a haven for any professional, the software was jointly created by Offensive Security (makers of Kali Linux) and one of their community member, who goes by the alias of Binky Bear. The operating system is currently available on Nexus 5, Nexus 6, Nexus 7, Nexus 9, Nexus 10 and OnePlus One devices, with their regular updates, one can be sure of not falling behind the line.
Cyber threats are growing in volume and sophistication, and company employees are often the weak link within company defences. The increased presence of cyber threats has amplified the necessity of password hygiene from a best practice to a serious security mandate.
The survey revealed even more alarming statistics in this Password Hygiene Survey (Infographic):
1.54 percent of respondents overlap their personal and work passwords. The consequence? If you are exposed at home or at work, you are exposed in both.
2.88 percent of respondents record their work passwords in an unsecured location. The consequence? No password is secret if it is stored where it can be easily accessed by bad actors.
3.79 percent of respondents are required to change their work passwords less than once a month. The consequence? This gives the criminals more time to find and exploit vulnerabilities.
The effects of cyber attacks can be harmful and long-lasting. These eight easy-to-follow tips can help protect your and your company’s valuable information:
1.The longer the password the better.
2.Do not use passwords that are simply keyboard patterns or easily guessable.
3.Make sure to reset temporary passwords on newly created accounts.
4.Use different passwords for every application.
5.Use a password manager.
6.Use multi factor authentication whenever possible.
7.Avoid shared accounts.
8.Passwords should be treated like underwear - changed often.
“But wait, there’s more!” Here are two extra tips to pad your arsenal of password protection with:
1.Avoid reusing the same password twice.
2.Never use a default password.
Discover 10 compelling reasons why your next developer security training course should be computer-based, and not classroom-based.
1) Fit Training Around Developer Commitments
Application developers work to incredibly tight deadlines, and it's never feasible to dedicate entire days of work to classroom-based security training. When training is forced upon developers, it can seriously impact project work, creating a conflict of interest for the attending developers.
Thankfully, computer-based security training is designed to accommodate developer workloads. It can be engaged with in short, manageable snippets, and fitted around existing commitments - allowing developers to improve their security knowledge without impacting their day-to-day responsibilities.
2) Improve Developer Engagement
As well as fitting in around existing responsibilities, computer based training can be used to improve how developers engage with their training: using real code examples and practical hands-on training.
3) Reduce Training Costs
Classroom-based training can be expensive. In addition to the costs of hiring a venue, organising transport and finding a speaker, there's the opportunity cost associated with pulling your developers away from several days of billable work. With a more flexible structure, computer-based training can be rolled-out in a much more cost-effective way - allowing training to happen without decimating your development capabilities.
4) Measure Attendance and Analyse efficiency
Computer-based training offers visibility into crucial performance metrics, from attendance rates through to course completion. It's also easy to gauge the efficacy of each training program, as small end-of-module tests can be used to test a developer's security knowledge, and identify areas that need supplementary training,
5) Self-Paced Learning is More Effective
Traditional classroom-based training forces all participants to engage with the course at the same speed - irrespective of different learning styles or levels of existing knowledge.
Some developers will already be familiar with aspects of the course, and require less time to understand the teaching. For other developers, the course will cover entirely new material, and require additional time to become familiar with the concepts introduced.
Computed-based training facilitates these different learning styles, allowing developers to progress at their own pace, and engage with material as little, or as often, as required.
6) Standardize Core Training
Computer-based training makes it easy to role out essential training to both in-house and remote staff, and easily monitor their attendance and completion rates. As well as improving organisation-wide security awareness, this can be extremely helpful for monitoring essential compliance training (like PCI compliance).
7) Customize Role-Specific Training
Computer based training is extremely modular in nature, making it possible to pick-and-choose only the most relevant training modules. Instead of forcing developers to engage with irrelevant material (like C++ security for a Java developer), or topics they're already familiar with, you can build a customized syllabus to suit the role-specific requirements of each participant.
8) Supplement with Additional Resources
With unparalleled visibility into course completion and pass rates, it becomes easy to identify areas that need supplementary training. Thanks to the flexible nature of computer-based training, it's a simple process to schedule additional training around existing commitments - whether it's a short Q&A with a security expert, or setting up an organisation-specific developer knowledge base.
9) Improve Knowledge Retention
For developer security training to be effective, completed courses and passed exams need to translate into a real-world reduction in vulnerabilities.
The insights learned in a single classroom-based session can be hard to remember and act upon. Thankfully, the flexible, ongoing nature of computer-based training will help developers practice and apply the principles of their training in the real-world, consulting supplementary resources (like a training knowledge base) whenever they need to revisit their training.
10) Future-Proof Your Training
The best practices of application security change faster than most classroom-based courses can update their syllabus, and very quickly, important elements of the course's content can become outdated and irrelevant.
Thankfully, computer-based developer security training can be updated much more readily. Outdated modules can be updated remotely, and revisions can be pushed-out on a regular basis - allowing developers to learn how to combat the newest threats and vulnerabilities as soon as they appear.