a-brief-weekly-review-of-top-stories-that-dominated-the-cyberworld
Posted in Miscellaneous

A Brief Weekly Review of Top Stories that Dominated the Cyberworld

Latest Blogs

a-brief-weekly-review-of-top-stories-that-dominated-the-cyberworld

By AMSAT September, 10, 2021

A Brief Weekly Review of Top Stories that Dominated the Cyberworld

The outgoing week saw legions of developments on the cybersecurity front. From technology giant Apple delaying the rollout of child protection tools, to the FBI’s warning about the impact of a ransomware attack on the food supply chain, the security domain had its fair share of headline-grabbing events.

 

Here’s a brief review of the major developments of the past week.    

Apple Delayed Rollout of Child Protection Tools

 

Technology behemoth Apple revealed it would delay the rollout of its contentious new child pornography safety tools, accused by some of disrupting the confidentiality of its devices and services.

 

Apple cited the feedback from customers, human rights groups, researchers and others for the delay.

 

In a statement, the company said: “We have decided to take additional time over the coming months to collect input and make improvements before releasing these critically important child safety features,” the company said in a statement.

FBI Warned Ransomware Attack Could Impact Food Supply Chain

The Federal Bureau of Investigation (FBI) warned businesses in the Food and Agriculture sector about a surge in ransomware assaults that could disrupt the food supply chain.

 

The high dependance on smart technologies, Internet-connected (IoT) devices, and industrial control systems expose the sector to several types of cyberattacks that might lead to disrupted processes, impacting the whole food supply chain.

 

The FBI said that all types of organizations in the sector — including farms, manufacturers, markets, and restaurants — were vulnerable.

BladeHawk Hackers Spied on Kurds with Forged Android Apps 

Experts at ESET said that bogus Android apps were being installed on the handsets of Kurds in a spying drive promoted across social media.  

 

The researchers also said that a string of attacks executed by the BladeHawk hacking group was focused on targeting the Kurdish ethnic group through their Android handsets.

 

 

Believed to have been active for more than a year, the campaign was exploiting Facebook and using the social media platform as a trigger for the distribution of forged mobile apps. 

TAGS

  • Cyber Crime
  • Security Updates

Recent Blogs

Share this article

Ready to Get Started?

Our specialists are ready to tailor our security service solutions to fit the needs of your organization.

    By submitting the form, you agree to the Terms of Use and Privacy Policy

    a-detailed-overview-of-iot-internet-of-things-security
    Posted in Miscellaneous

    A Detailed Overview of IoT (Internet of Things) Security

    Latest Blogs

    a-detailed-overview-of-iot-internet-of-things-security

    By AMSAT July 12, 2021

    A Detailed Overview of IoT (Internet of Things) Security

    IoT, or the Internet of Things, incorporates everything linked to the internet, but it is widely used to define objects that speak to each other. In simple words, the IoT is made up of devices such as simple sensors to smartphones and wearables linked together. The arrival of highly affordable computer chips and the omnipresence of wireless networks have ensured that anything from as small as a needle to as large as an airplane can be easily converted into a part of the Internet of Things. Linking up all these diverse objects and adding sensors to them allow them to transfer real-time data without a human’s involvement. The IoT is making the world around us much smarter and more receptive, integrating the digital and physical worlds.

    How IoT works

    The internet has changed the way we work and interact with one another. Similarly, IoT has also transformed our lives by linking numerous devices simultaneously to the internet, thus enabling human-to-machine and machine-to-machine communications. Nevertheless, this IoT system is not limited to a specific field but has commercial applications in fields such as home, vehicle, and factory line automation, retail, healthcare and more. The connectivity, interacting and communication procedures used with these web-enabled devices mainly rely on the precise IoT applications arranged. IoT can also take advantage of artificial intelligence (AI) and machine learning to help make data accruing procedures easier and livelier.

    Significance of IoT Device Security

    The idea of IoT dates back to the 20th century as something of an accidental concept, but is now considered to be the future of our very livelihood, mainly due to astonishing technological developments and fast-paced consumer adaptability.


    The potential for IoT execution is enormous. IoT is expected to lead to increased productivity and efficiency, reduced crime rates as well as accidents caused by human error. Yet, the success of IoT application at universal levels is under continuous risk from breach of secrecy and data security. Here are the key reasons why IoT device security is important.

    Data is more valuable than anything else

    The phrase “knowledge is power” has been taken to a whole new level by IoT technology that has been adapted in varied areas. Governments have executed the use of IoT devices in their activity processes such as the use of military drones while IoT devices are used by healthcare facilities and hospitals to provide high-quality healthcare services. The massive amount of data shared across different IoT devices makes these devices highly vulnerable to cybercriminals, swindlers and other immoral users interested in such data. The data, once landed in the wrong hands, could put the safety and security of entire companies and government agencies at stake.

    Hackers emboldened by IoT device defects

    While smartphone and computers have been around for a long time, IoT is a relatively new phenomenon. Therefore, manufacturers and software developers have had adequate time to address the vulnerabilities relating to their data breach. IoT devices, alternatively, are enormously useful and come with various capabilities. Manufacturers still face issues such as lack of hardware that is strong enough to scrutinize and encode data yet trivial enough to fit inside the restricted space. Threat actors can access your home Wi-Fi network through such indiscreet devices and use the opportunity to watch your home surveillance camera to perpetrate a crime.

    Cybercriminals compromise the object of IoT execution

    The key object of implementing IoT devices across several segments is to create a completely cohesive smart city. With this integration, any device used in a manufacturing industry can link to another being used by government organizations, healthcare providers, trades or even one’s home network. Nevertheless, the law is yet to formulate privacy protection laws that cover all weaknesses across the different sectors. Cybercriminals continue to take advantage of this shortcoming, which results in the loss of revenue already invested into the project.


    Undoubtedly, IoT is the future of the world. However, manufacturers and software designers need to protect its data for comprehension of a smarter, safer and more resourceful world.

    How to secure IoT networks

    Here are some of the steps that can boost the security of your IoT network.

    Know your IoT network

    The first measure to take to enhanced security is to recognize and learn what you have and what needs to be safeguarded. While it may seem one of the fundamental steps, several companies tend to overlook this. Having an appropriate list of what’s on your IoT network and updating it regularly is key to security in any IoT network.


    An IoT network usually comprises numerous devices and any of these devices can be used as a source to upset an entire IoT network. Organizations should focus on fixing the fundamentals to face the mounting cyber-risks in IoT.

    IoT network security architecture

    Most of the typically used surveillance devices hardly support the wireless network security standards such as WPA2 or WPA3, which makes them highly susceptible, capable of easily falling into the hands of cybercriminals. Companies find upgradation of all these devices very expensive, so they should think about redesigning their network security architecture.

    Divide the responsibility

    One of the key problems with IoT security is that companies often end up with security defects since they have too much to gain. Businesses that have their own IoT network typically acquire or hire equipment and services from a number of services or device providers. Since IoT has to do with all these devices working together in a network, this mix of equipment can open up several holes that can be used to upset the system.

    Setting up one-way connections

    Setting up one-way connections is very important in an IoT network. If the endpoints in an IoT network have more privileges, threat actors can exploit them for cyberattacks. With the increase in the number of devices being a part of the IoT, the surface area for the invaders to attack is also on the rise. Hence, organizations should restrict the skills of these IoT devices for security purposes. Often, IoT devices are arranged in a way that they can start network connections by themselves. Although this provides much flexibility and other gains, it can also lead to many security problems. By applying the exercise that all IoT devices are able to stay connected or start connections only using network firewalls and access lists will ensure better safety.

    TAGS

    • Cyber Crime
    • IoT
    • Internet of Things

    Recent Blogs

    Share this article

    Ready to Get Started?

    Our specialists are ready to tailor our security service solutions to fit the needs of your organization.

      By submitting the form, you agree to the Terms of Use and Privacy Policy

      Posted in Miscellaneous

      Types of Industrial Control System and Common ICS Threats

      Latest Blogs

      By AMSAT June 29,2021

      Types of Industrial Control System and Common ICS Threats

      What is industrial control system?

      Industrial control system (ICS) is a term used to define various types of control systems and associated procedures, which include the devices, structures, systems, and controls used to run and/or automate industrial procedures. Depending on the industry, each ICS works in a different way and is built to automatically manage tasks capably. Today, the devices and procedures employed in an ICS are used in virtually every industrial segment and critical setup such as the trade, transportation, energy, and water treatment industries.

      The majority of industrial control systems today are, in one way or the other, connected to the internet. This introduces them to vulnerabilities like any other linked system. The difference is that interruption or penetration of an ICS network could lead to massive outages, millions of affected users and even national calamity. ICS security is a security basis that guards these systems against unintended or deliberate risks.

      Types of ICS

       

      Several industries take advantage of a wide range of ICS electronic applications. Almost all critical infrastructure and parts of industrial production need some type of industrial control system, as well as processes and devices associated with it.

       

      Some of the most critical ICSs include:

       

      Programmable Logic Controllers (PLCs)

       

      These are solid-state control structures with sturdy, strong structure and a group of special functionalities, including an intuitive programming interface, I/O control, three modes control, calculation, counting and timing systems and sequential control.

       

      PLCs are created to be highly robust, able to hold up to severe weather conditions such as very high and low temperatures, high moisture, electrical sounds and solid vibrations. These controllers are intended to screen and handle huge numbers of actuators and sensors, and they are prominent when compared to distinctive computer and processor systems owing to their high number of I/O setups.

       

       Distributed Control System (DCS)

       

      In a Distributed Control System, there are numerous control systems spread in a way that they can be separately controlled. They are systems of controllers, sensors and specific computers that are spread through industrial plants. Each element of the distributed control system has a special purpose, such as graphical presentation, process control, data procurement and data storage. The DCS serves like the industrial plant’s key system whose elements communicate with each other through a central control computer network, a kind of local area network.

       

      Supervisory Control and Data Acquisition (SCADA)

       

      The SCADA is a computer system that procedures and gathers data and employs operational controls over large distances. These systems were projected to solve communication problems, mostly data veracity and interruption issues arising from the many communication media. SCADA systems are used in many applications, including pipeline systems, power transmission and distribution, microwaves, satellites, and more.

       

      Common ICS Threats

       

       

      Protecting industrial systems is a difficult task. The majority of them were built before the first cyber threat emerged, and had no in-built exterior security controls considered for their design. Here are some key ICS threats.

      External Threats and Targeted Attacks

      External threat detection in the industrial control systems is of paramount importance. When you think that ICSs often come under the purview of chemical engineering, manufacturing, delivery and healthcare, there’s no doubt that these systems are often attacked by terrorist groups, hackers and other groups with ulterior motives. The objective of politically-driven attacks is typically focused on wreaking physical harm or operational trouble, while industrial spying attacks will be more fixated on stealing or damaging Intellectual Property (IP).

      Internal Threats

      Insider threats are well recognized when it comes to IT networks, but they can also represent a huge risk to industrial networks. From dissatisfied employees to contractors with malicious intent, the internal threat detection is tangible. Most ICS networks need virtually no authentication or encryption that controls or limits user activity, implying that any insider will usually have boundless access to any device that exists on the network.

      Human Error

      Making mistakes is human nature. Nevertheless, when errors are made on an ICS network, they can cost dearly with a possibility to weaken systems and undermine credibility. In fact, in numerous situations, human error is considered the key threat to an ICS network. Human errors can comprise making improper configurations, PLC programming errors or forgetting to oversee key metrics or signals.

      Security Measures to Secure ICS against Threats

       

      Here are the three key methods that can secure ICS systems against any threats.

      1) Protecting the Network

      Industrial organizations seeking to shield their networks should ensure they have a good network design in place. They should then separate their networks by implementing the ISA IEC 62443 standard, protect all wireless applications, and discover secure remote access solutions to help with quick resolution of problems.

      2) Protecting the Endpoints

      OT experts might feel their companies’ endpoints are protected against digital attacks, but they’re mistaken. The moment workers, contractors, or supply chain staffs bring their laptop or USB within the limit of the business network, security rules are often disregarded.

      It is important to ensure all endpoints are protected and to prohibit staff from connecting their own personal devices to the network. Certainly, cybercriminals can attack PC-based endpoints in the OT environment. Companies must also secure their IT endpoints against attacks that navigate the OT setting.

      3) Protecting the Controllers

      Digital actors can gain access to critical devices that cause a company’s systems to malfunction. However, those wicked people have no direct way of doing so without gaining access to the control level.

      Businesses can protect industrial controllers against digital attacks by increasing their detection capabilities and visibility into ICS changes and threats, executing security measures for susceptible controllers, monitoring for doubtful access and change control, and noticing/controlling threats in a timely manner.

       

      Conclusion

      We live in an inter-connected world today. Connectivity has made our personal lives easier, while organizations use this facility to boost productivity. The reason companies, large and small, are putting ICS systems online is that the jobs that once were done manually can now be carried out remotely or with the aid of automation.

       

      To secure ICS systems against today’s online security threats, organizations must take adequate steps to come up with effective industrial security programs. Challenging though it may be, but doing so will help the organizations protect their systems from threat actors and cybercriminals in the long run. 

      TAGS

      • ICS Threats
      • Security Updates

      Recent Blogs

      Share this article

      Ready to Get Started?

      Our specialists are ready to tailor our security service solutions to fit the needs of your organization.

        By submitting the form, you agree to the Terms of Use and Privacy Policy

        Posted in Miscellaneous

        A Brief Weekly Review of Top Stories that Dominated the Cyberworld

        Latest Blogs

        top-stories-that-dominated-the-cyberworld

        By AMSAT June 11,2021

        A Brief Weekly Review of Top Stories that Dominated the Cyberworld

        The outgoing week saw a number of events that had far-reaching effects on the world of cybersecurity. From critical vulnerabilities found in CODESYS software to a constituent platform used by the Congress hit by a ransomware, the cybersecurity domain was full of headline-grabbing developments. 

         

        Here’s a brief review of what took place in the past week.   

        Critical Flaws Found in CODESYS Software 

        At least 10 flaws, a majority of them critical, were discovered in CODESYS industrial automation software that is used in several industrial control system (ICS) products.

         

        Experts at Russian cybersecurity company Positive Technologies recognized the flaws in several products made by CODESYS. Six of the flaws have been rated critical and they can be exploited using specially created requests for remote code execution or to crash the system. The three vulnerabilities rated high severity can be leveraged for DoS attacks or remote code execution using specially crafted requests.

        Windows Server Containers Targeted by ‘Siloscape’ Malware

        According to security researchers at Palo Alto Networks, a newly identified piece of malware, Siloscape, targeted Windows Server containers.

         

        The heavily obscured malware was designed to install a backdoor into Kubernetes clusters, which can then be used to run malicious containers and execute various other evil activities.

        Palo Alto Networks researcher Daniel Prizmant said that Siloscape, believed to be part of a larger campaign, has snagged at least 23 victims so far. The researcher discovered that it was hosting a total of 313 users.

        Ransomware Hit Constituent Platform Used by Congress 

        News reports revealed that a ransomware hit iConstituent, a platform created to facilitate communication between politicians and local people. 

         

        iConstituent was not available for comment, but it was reported that nearly 60 members of Congress use the platform. Chief Administrative Officer of the House Catherine Szpindor said that they were informed of a ransomware attack on iConstituent’s e-newsletter system, which House members buy access to.

         

        But Szpindor added that no data from the House had been taken or accessed and there was no impact on the network used by the House. 

        TAGS

        • Cyber Crime
        • Security Updates

        Recent Blogs

        Share this article

        Ready to Get Started?

        Our specialists are ready to tailor our security service solutions to fit the needs of your organization.

          By submitting the form, you agree to the Terms of Use and Privacy Policy

          types-of-network-security-attacks
          Posted in Miscellaneous

          Network Security Attacks and Their Types

          Latest Blogs

          types-of-network-security-attacks

          By AMSAT June 01,2021

          Network Security Attacks and Their Types

          Internet is one of the greatest sources of livelihoods for millions of people around the globe, as they rely on it for various professional, social, and personal activities. The communication, sharing of data, business transactions, or in short, the entire trade and commerce industry is dependent on the network. Though the internet can network and connect the world-at-large, some people may attempt to damage and disrupt these networks repeatedly for various reasons. These attackers violate privacy and intrude the internet-connected devices either to retrieve information or to make it inoperable.

           

          In the wake of a variety of existing frequent network attacks and the threat of new destructive future attacks, network security has gained prominence in the scope of computer networking.

          Common Types of Networking Attacks

          1. Virus

          A virus needs the user’s communication to infect a computer and spread across the network. An instance is an email with a suspicious link or malicious attachment. When a recipient opens the attachment or clicks the link, the suspicious code gets triggered and avoids the systems security controls and makes them unworkable. In this case, the user unintentionally corrupts the device.

          2. Malware

          This is one of the most critical cyberattacks that is explicitly intended to destroy or gain unlawful access over a targeted computer system. When malware infects a specific system, it enters the internet and then affects all the systems linked to the internet in the network. An outside endpoint device, if linked, also get infected, working remarkably quicker than other types of malicious content.

          3. Worm

          A worm can enter a device without the user’s help. When a user runs a susceptible network application, a hacker on the same internet connection can send malware to that application. The application may agree to take the malware from the internet and implement it, thus creating a worm.

          4. Phishing

          This is the most common type of network attack. Phishing stands for sending emails claiming as from known resources or bankers and generating a sense of urgency to stimulate user to act on it. The email may contain suspicious link or attachment or may ask to share private information.

          5. Botnet

          In botnet the attacker controls all the computers on the network without the owner’s information. Each computer on the network is considered as zombies as they are aimed at spreading and infecting several devices or as directed by the attacker.

          6. DoS (Denial of Service)

          A DoS is a vital attack that terminates, completely or partially, a victim’s network or the complete IT setup to make it inaccessible to the genuine users. The DoS attacks can be pigeonholed in three parts: connection flooding; vulnerability attack; and bandwidth flooding.

          7. Distributed Denial of Service (DDoS)

          It is a multifaceted version of a DoS attack and is much tougher to spot and protect compared to a DoS attack. In DDoS attack, the attacker uses numerous compromised systems to attack a single DoS attack targeted system.

          8. Man-in-the-middle

          This attack is someone who stands in between the talk happening between you and the other individual. By being in the middle, the cyber-attacker captures, oversees, and controls your communication efficiently. For instance, when the lower layer of the network sends information, the computers in the layer may not be able to find out the recipient with which they are trading information.

          9. Packet Sniffer

          When a passive recipient located in the terrain of the wireless transmitter, it registers a copy of every packet transmitted. These packets can hold private information, sensitive and critical data, trade secrets, etc., which when hovered over a packet receiver will get through it. The packet receiver will then operate as a packet sniffer, snuffling all the transported packets entering the range. The best protection against packet sniffer is cryptography.

          10. DNS Spoofing

          It is about affecting a computer by debasing domain name system (DNS) data and then presenting in the resolver’s cache, causing the name server to return an inappropriate IP address.

          11. IP Spoofing

          It is the procedure of inserting packets in the internet using an incorrect source address and is one of the ways to ploy as another user. An end-point verification that ensures the inevitability of a message originating from the place we found would help protect from IP spoofing.

          12. Compromised Key

          In this type of attack, a threat actor gains unlawful access to a secured communication using a compromised key, a secret number or code vital to interpret key information without any intimation to the sender or receiver. When the key is gained by the attacker, it is mentioned as a compromised key which serves as a means to retrieve information.

          In a Nutshell

          Managed network security provides a major revenue opportunity for solution providers and can offer respite for clients that may not have the knowhow or resources to take on the crucial network defense tasks. We live in an era where technology is always changing and cyber threats are becoming harder to spot. Whether you’re in the cloud, the data center, or both, AMSAT’s network security solutions streamline your security without affecting network performance, provide an integrated approach for efficient operations, and enable you to scale for sustained business growth.

          TAGS

           

          • Managed Network Secuirty
          • Network Security Solutions
          • Network Security Firewalls

          Recent Blogs

          Share this article

          Ready to Get Started?

          Our specialists are ready to tailor our security service solutions to fit the needs of your organization.

            By submitting the form, you agree to the Terms of Use and Privacy Policy

            review-of-trickbot-a-pernicious-crimeware-tool
            Posted in Miscellaneous

            Review of TrickBot: A pernicious crimeware tool

            Latest Blogs

            review-of-trickbot-a-pernicious-crimeware-tool

            By AMSAT May 21,2021

            Review of TrickBot: A pernicious crimeware tool

            Trickbot is an important type of malware developed for a banking Trojan. Developed in 2016, the malware is one of the latest banking Trojans, and several of its original characteristics have been inspired by Dyreza. As well as targeting a wide range of international banks via its web injects, Trickbot can also steal from Bitcoin wallets.

             

            TrickBot comes in units along with a configuration file. Each module has a particular job like obtaining persistence, proliferation, stealing credentials, encryption, and so on. The endpoint user does not experience any symptoms of a Trickbot contagion. Nevertheless, a network admin is expected to see amendments in traffic or efforts to get to banned IPs and domains.

            How do you know if you have been infected by Trickbot?

            Stealing your online bank login credentials is not only quite bad, but Trickbot can also stake out other details to obtain access to email accounts, system and network information, tax information and more. The malware can begin spreading junk emails, and this is how it can proliferate to other victims. It is thought to have affected at least 250 million email accounts, and can also install a backdoor to your system so that it can be reached remotely and employed as a part of a botnet.

            Currently, Trickbot is particularly a threat to business networks, but it has also been used to attack consumer networks. When aiming at companies, Trickbot’s information stealing abilities are particularly harmful and lucrative.

            What can be done to prevent TrickBot infections?

            To help prevent Trickbot infections, you should do the following.

             

            • Train workers about social engineering and phishing.

             

            • If there is no policy regarding doubtful emails, consider making one and mention that all doubtful emails should be sent to the security and/or IT departments.

             

            • Spot external emails with a banner signifying it is from an external source. This will help users detect hoaxed emails.

             

            • Apply appropriate fixes and updates shortly after suitable testing.

             

            • Perform filters at the email gateway for emails with known malspam pointers, such as identified malicious subject lines, and block suspicious IP addresses at the firewall.

             

            • To reduce the possibility of hoaxed or revised emails, execute Domain Message Authentication Reporting and Conformance (DMARC) policy and verification, beginning by applying the Sender Policy Framework (SPF) and the DomainKeys Identified Mail (DKIM) standards.

             

            • Stick to the principal of least privilege, ensuring that users have the least level of access vital to achieve their duties. Limit administrative IDs to designated administrators.

            What if a Trickbot infection is identified?

            If a TrickBot infection is recognized, deactivate Internet access at the impacted site to help abate the degree of exfiltration of IDs linked with outside, third-party resources. Also, assess affected subnets to identify multi-homed systems which may unfavorably impact control efforts. In addition, think about briefly taking the network offline to perform identification, avoid reinfections, and stop the proliferation of the malware.

             

            • Recognize, shut down, and take the infected machines off the network.

             

            • Intensify monitoring of SMB communication or complete block it between workplaces, and configure firewall rules to only allow access from recognized administrative servers.

             

            • Evaluate the need to have ports 445 (SMB) open on systems and, if needed, consider restricting connections to only precise, trusted hosts.

             

            • As TrickBot is identified for scraping both domain and local IDs, it is recommended that a network-wide password rearrange take place. This is best done after the systems have been cleaned and moved to the new VLAN. This is recommended so new passwords are not scraped by the malware.

            How to remove Trickbot infection

            To eliminate Trickbot infection, it’s important to engage a reliable security software, capable of replicating genuine computer processes or files. Thus, trying to find and remove all malware-related files from the computer is a difficult and complex task that might lead to permanent damage to the system. It’s highly recommended that Reimage, SpyHunter 5 or Malwarebytes be installed and properly scan the system aided by one of those security programs. Finally, it must be kept in mind that the malware should be instantly removed because this data-stealing trojan might result in loss of money and other serious privacy-related problems.

            TAGS

            • Cyber Crime
            • Security Updates
            • TrickBot
            • TrickBot infections

            Recent Blogs

            Share this article

            Ready to Get Started?

            Our specialists are ready to tailor our security service solutions to fit the needs of your organization.

              By submitting the form, you agree to the Terms of Use and Privacy Policy

              Cybersecurity Weekly News Roundup
              Posted in Miscellaneous

              A Brief Weekly Review of Top Stories that Dominated the Cyberworld

              Latest Blogs

              Cybersecurity Weekly News Roundup

              By AMSAT Dec 24,2020

              A Brief Weekly Review of Top Stories that Dominated the Cyberworld

              The outgoing week saw a handful of incidents
              rocking the cybersecurity landscape: a zero-day flaw that led to the hacking of
              36 Al Jazeera staff’s cellphones; security flaws in in Dell Wyse Thin clients; and
              closure of Safe-Inet, Insorg VPN services by law enforcement agencies, to name
              just a few. 

              Here is a brief review of some of the noteworthy cybersecurity events in the week gone by.

               At least 36 Al Jazeera employees’ iPhones hacked through zero-day flaw

              At least 36 Al Jazeera journalists, producers, anchors, and executives, along with a journalist at London-based Al Araby TV, had their iPhones hacked using a zero-day no-user contact vulnerability in the iOS iMessage app.

              Critical Flaws Exposed Dell Wyse Thin Client Devices to Attacks

              Security experts revealed two critical security flaws it found in Dell Wyse Thin clients that could have potentially let hackers remotely perform malicious code and access arbitrary files on compromised devices.

              Law enforcement agencies shut down Safe-Inet, Insorg VPN services

               

              Law enforcement agencies from the United States, Germany, France, Switzerland, and the Netherlands captured the web domains and server infrastructure of three VPN services that offered a safe haven for hackers to attack their victims.

              Windows zero-day with bad patch gets new public exploit code

               

              A few months ago, technology giant Microsoft issued a fix for a flaw in the Windows operating system that allowed hackers to raise their permissions to kernel level on an affected machine.

               

              TAGS

              • Cyber Crime

              Recent Blogs

              Share this article

              Ready to Get Started?

              Our specialists are ready to tailor our security service solutions to fit the needs of your organization.

                By submitting the form, you agree to the Terms of Use and Privacy Policy

                Penetration Testing Vs. Red Teaming
                Posted in Miscellaneous

                What is Penetration Testing Vs. Red Teaming

                Latest Blogs

                Penetration Testing Vs. Red Teaming

                By AMSAT Nov 23,2020

                Penetration Testing Vs. Red
                Teaming

                Although these terms are used interchangeably, penetration testing and red teaming are two distinct things. So, what exactly is the difference between the two? In the blog below, we’ll try to help you learn more about the two terms and which one might be the best fit for your organization.

                Penetration Testing

                This is the practice of testing a computer system, network or web application to find security flaws that a cybercriminal can take advantage of. Penetration testing can be automated with software applications or carried out manually. A skilled penetration tester can detect where and how a threat actor might target you; how your defenses would fare; and what the possible scale of the breach would be.

                Penetration testing seeks to recognize application layer vulnerabilities, network and system-level faults, and opportunities to affect physical security impediments as well. In the multifaceted cybersecurity world, penetration testing has become mandatory for a majority of industries; in fact, in many it’s required by law. For example, even companies that might think they don’t have any important information to defend could be at risk of someone seeking to capture the network, install malware, disrupt services, and more. With so many hackers out there, penetration testing keeps up with evolving technology.

                After all, your IT team develops, upholds, and supervises your security program on a daily basis. Regardless of how efficiently they do the job, though, they could take advantage of an outsider’s perspective through third-party testing.

                Red Teaming

                Penetration testing seeks to discover as many flaws and configuration issues as it can, misuse them, and ascertain risk levels. One interesting way to view this is that the pen testers are bandits, ready to tear and plunder at their own whim. By the same token, red teamers can be thought of as ninjas, furtively planning complicated, measured, and intensive attacks. Red team operations have narrowed aims and a concurrent approach. They often involve a number of people, resources and time as they delve into the details to completely appreciate the accurate level of risk and flaws against an organization’s technology, human, and physical assets.

                Red teaming is generally hired by companies with more developed or established security positions; however, this is not always the case. After doing penetration testing and fixing most flaws, they then find someone to come in and try again to access important information or break the defenses, in any conceivable way, from a number of perspectives. This engenders the need for a team of security specialists, focused on a specific target, preying on internal flaws by employing physical and electronic social engineering methods on the organization’s people, and taking advantage of physical defects to gain access to the premises.

                Just like any hacker or threat actor, red teamers take their time, willing to steer clear of detection. Red Team valuation is a wide-ranging attack mockup conducted by highly skilled security consultants to recognize physical, hardware, software, and human flaws; acquire a more accurate understanding of risk for an organization; and help deal with and correct all identified security flaws.

                TAGS

                • Penetration testing
                • Security Updates
                • red teamers
                • Red Teaming

                Recent Blogs

                Share this article

                Ready to Get Started?

                Our specialists are ready to tailor our security service solutions to fit the needs of your organization.

                  By submitting the form, you agree to the Terms of Use and Privacy Policy

                  Five Key Risk Mitigation Strategies
                  Posted in Miscellaneous

                  Five Key Mitigation Strategies You Should be Aware of

                  Latest Blogs

                  Five Key Risk Mitigation Strategies

                  By AMSAT Nov 11,2020

                  Five Key Risk Mitigation Strategies

                  When a production team kicks off a new project, there are integral risks that can be connected to a project’s processes. Nevertheless, there are approaches that can help alleviate these risks as well as anticipating the repercussions of these risks. These approaches can be used to recognize, evaluate, and examine risks and any associated consequences.

                  What is risk mitigation?

                  Risk mitigation refers to the method of planning and developing approaches and options to decrease threats, or risks, to the objectives of the project. A project team might enforce risk mitigation tactics to recognize, oversee and assess risks and implications integral to executing a specific project, such as new product creation. The process also comprises the actions put into place to handle issues and impacts of those issues concerning a project.

                  Five risk mitigation strategies with examples

                  Appropriate risk mitigation involves first identifying potential risks to a project—like team turnover, product failure or scope creep—and then planning for the risk by implementing strategies to help alleviate or halt the risk. The following strategies can be used in risk mitigation planning and monitoring.

                  1. Assume and accept risk

                  This strategy can involve alliance between teammates to spot the possible risks of a project and whether the effects of the recognized risks are satisfactory. Teammates are also likely to recognize and presume the possible flaws posed by the risks, while identifying risks and associated implications. This approach is commonly used for detecting and appreciating the risks that can impact a project’s productivity. The objective of this strategy helps bring these risks to the company’s attention, allowing everyone working on the project to have a mutual understanding of the risks and implications involved.

                  1. Risk avoidance

                  The avoidance strategy presents the accepted and assumed risks and consequences of a project and presents opportunities for avoiding those accepted risks. Some methods of implementing the avoidance strategy is to plan for risk and then to take steps to avoid it. For example, to mitigate risk on new product production, a project team may decide to implement product testing to avoid the risk of product failure before final production is approved. And this can be performed in these two ways.

                   

                  • Risk to performance

                  Mitigation of performance risks, such as inadequate resources to carry out the work, insufficient design or poor team dynamics, can let a project team recognize possible methods to steer clear of these types of risk circumstances that may cause issues with project performance. For example, a production team might test more robust product resources to evade the risk of product fiasco with less durable resources.

                  • Risk to schedule

                  Circumvention of schedule implications can be executed by recognizing issues that could arise, affecting the timeline of the project. Vital deadlines, due dates and final delivery dates can be impacted by risks, such as being excessively hopeful about the timeline of a project. The avoidance approach can help the project team strategize ways to avoid schedule conflicts. And this can be done by creating a managed schedule that demonstrates specific time allowances for planning, designing, and making changes as needed.

                   

                  1. Controlling risk

                  Teammates are also likely to enforce a control strategy when reducing risks to a project. This strategy works by considering risks recognized and accepted and then taking actions to decrease or remove the effects of these risks. The following examples highlight how control methods can be implemented for risk mitigation.

                  1. Transference of risk

                  When risks are identified and taken into account, mitigating the consequences through transference can be a viable strategy. The transference strategy works by transferring the strain of the risk and consequences to another party. This can present its own downsides, though, and when an organization enforces this risk mitigation strategy, it should be in a way that is acceptable to everybody involved.

                  1. Monitoring risk

                  Supervising projects for risks and consequences involves watching for and recognizing any changes that can affect the impact of the risk. Production teams might use this approach as part of a standard project appraisal plan. Cost, scheduling and performance or output are all features of a project that can be supervised for risks that may emerge during completion of a project. For example, a finance team or budget committee can assess and review risks to cost by generating a reporting routine to outline each expense of the company. This approach works by letting teams constantly measure the budget and change any cost plans accordingly.

                  TAGS

                  • Cyber Crime
                  • Security Updates
                  • risk mitigation
                  • Cyber Security

                  Recent Blogs

                  Share this article

                  Ready to Get Started?

                  Our specialists are ready to tailor our security service solutions to fit the needs of your organization.

                    By submitting the form, you agree to the Terms of Use and Privacy Policy

                    All You Need to Know about Phishing 101
                    Posted in Miscellaneous

                    All You Need to Know about Phishing 101

                    Latest Blogs

                    9-11-All-You-Need-to-about-Phishing

                    By AMSAT Nov 11,2020

                    All You Need to Know about Phishing 101

                    At a high level, phishing is trying to deceive people into doing something through an email that allows the cybercriminal to hack a target.

                    What is phishing?


                    When phishing is typically discussed, the emails that consumers receive are from someone mimicking a brand or an individual. For example, if the rival’s objective is to get the user to click a link that then leads to a suspicious website asking for personal information to help them log in to the target’s bank details, the link could be anything from “click to reset your password,” to an email mimicking your debt loan officer asking you to “click to pay your late fees.”

                    Another version of phishing is an email that comprises malevolent attachments. A common instance is an email purportedly from a mobile shipper telling users they have a bill past due and to open the attachment to view it. Once that infected document is opened, a few things can occur. There might be a link to a compromised site which may install ransomware on your computer or ask for your details. A computerized message from the attacker cloaked as a standard prompt may ask you to allow commands in the document, which then installs the threat on your machine. Otherwise, the document itself could hold an exploit, and you are likely to be infected if you simply open it.

                    Phishing attack tactics

                    We come across quite a few impersonated financial institutions and cloud provider phishing emails that are particularly seeking to steal user credentials. On the positioned malware side of things, you’ll get reports including bills from your bank or mobile shipper. We’ve also come across phishing attacks mimicking law enforcement and in the form of a court order or an unpaid fine. Generally, the strategies tend to circle around a call to action with some kind of resolve to get clients to click.

                    A few years ago, a unique tactic was employed where attackers exploited a huge breach to carry out targeted phishing attacks. They used users’ leaked personal information to send phishing emails laced with individual details that make the message appear real. If you receive an email that comprises information such as your full mail address and your phone number, for instance, that email will appear reliable enough that you might be lured to click. Whenever these big breaks happen, it’s generally suspected that people’s information is later being leveraged in these malicious attacks.

                     

                    What should users do to stay protected?


                    Users need to put security above and over everything else. In fact, ensuring cybersecurity is extremely important for your home computers and devices as well as your systems at workstations. Threat attackers use the same tactics on ordinary consumers as they do on companies, so you can’t let your guard down when you leave your workplace. You’re a target regardless of your location, and keeping that in mind will help you make better security decisions.

                    If you typically receive any email that appears too good to be true, it perhaps is. Here are some more actionable tips to keep in mind:

                     

                    Trust, but confirm. If you get an email from an organization you do business with, call them up instead of clicking on any links. This will help you verify whether the email is real without any possible harm. And if you’re one of the first people targeted in the phishing campaign, you could be helping the brand by notifying them that their name is being used spitefully.

                    Always create unique passwords for each personal account, particularly each bank account, you need to log in to and change them frequently

                    Enable 2-factor authentication when it’s available

                    Do not open attachments in emails from recipients you are not familiar with

                    Do not enable macros in document attachments received through email

                    If undecided, never give out your personal data

                    Back up frequently and keep a fresh backup copy off-site

                    Protect your computer with cutting-edge real-time security

                    TAGS

                    • phishing attack
                    • Security Updates
                    • cybercriminal

                    Recent Blogs

                    Share this article

                    Ready to Get Started?

                    Our specialists are ready to tailor our security service solutions to fit the needs of your organization.

                      By submitting the form, you agree to the Terms of Use and Privacy Policy