People are critical to Email security! The Human Firewall

One of the biggest targets of Spammers/Cyber Criminals are Companies Email Systems which have larger Business. The reason being due to their greater surface area of Risk and opportunity to exploit.

According to Recent Survey, more than half of the Organization invest a big part of their profit in resources, time in building a strong email system, the System wouldn't be worth if Humans, Employees are not on Board --- The Human Firewall.

Your Human Firewall are the first one who should understand the best Security practices and how to handle that. As of now most of the organizations aren't not educating their employees.

Some Steps that Companies Should take to secure their data from Breach. 

It starts with focusing on both technology and people using it.

1. Put absolute security protocols in place and build partnerships with in Business.

Email Security System needs to work from the time the message was sent, to when it received, weather its coming in or going out of your network.

There are several important elements to put this foundation in place, including:

·         Encryption, such as Transport layer Security (TLS): it’s basically lets the Email Servers to communicate in a Secure manner over an encrypted channel, blocking bad actors from accessing the content of emails that they intercept.

·         Email Verification System: Domain-based Message Authentication, Reporting Conformance (DMARC) is an effective system that lets servers validate that lets servers validate that incoming mail actually comes from the organization that is listed as the sender. its build on both a Sender Policy Framework(SPF) and Domain Keys Identified Mail(DKIM), ties them together to verify email addresses and automatically discards any messages that fail the test.

·         DMARC/SPF records. In addition to testing inbound mail, you should publish DMARC/SPF records for your organization's domains, and sign outgoing messages with DKIM, to prevent the sending of fake emails that appear to come from your company.

·         The right role for security team. Administrative controls should allow the security team to have transparency and operational security oversight of the email platform. This includes using separate administrative accounts as well as monitoring access to these accounts, since they are often prime targets for hackers.

 2.  Educate and engage employees on how to use security tools properly and make them aware of their individual responsibilities and company policies with ongoing training and communications.

Implementing security best practices for all employees — i.e., policies for "bring your own device" and mandated password changes — plays an important role in employees making the right decisions around email security. However, these protocols should also resonate with employees. Creative communication techniques — such as webcasts and quizzes — can help employees realize the importance of security practices by linking important aspects of security from their private lives to their work lives.

Engaging employees will also help security teams overcome the challenge of employees viewing security as an obstacle that prevents them from doing their work. Instead, when security becomes personal, employees are encouraged to be active partners in helping to protect the organization.

3. Continually monitor and measure effectiveness of your security program and human firewall to manage your risk.

Monitoring and measuring the effectiveness of email security programs and the human firewall must be an ongoing effort. Employee security awareness must evolve with the constantly changing technology industry. This starts with keeping metrics that track the security awareness of employees over time. Metrics to use should include the number of reported incidents, visits to unapproved sites, email violations, phishing report rates, and insider threats, percentage of infections while employees are remote, and the average time it takes employees to report a lost device.

You can also monitor for employee compliance by testing your employees with simulations, such as periodic phishing awareness. Organizations should use this tactic to get a sense of whether communications, training, and policies are connecting with employees and are effective in securing the email system.  

Emails are accessed by every employee and contain confidential information about your company and customers, making them both difficult and crucial to secure. Because of the human element, a mix of comprehensive security protocols, educating and engaging employees, and continuous monitoring is needed to prevent emails from becoming a gateway for hackers.

IoT(Internet Of things) Booming Technology is No more Safe

Source Code IoT Botnet Mirai is responsible for World's Largest DDoS Attack.

Mirai: Mirai is a piece of malware designed to target IoT devices in order to perform DDoS attacks This Botnet is used in the 620 Gbps DDoS attack on Brian Kreb’s blog and the 1.1 Tbps attack on OVH a few days before. It is responsible for the largest DDoS attack.

IoT: IoT is Internet of Things, a booming technology which used to describe the new generation of “smart” internet connected devices (fridges, toasters, CCTV)

It’s just text a message on your mobile if your fridge, CCTV any device connected to the IoT device used in questionable way.

Mirai propagates by bruteforcing telnet servers with a list of 62 horribly insecure default passwords, starting with the famous username passwd combination admin:admin. Although Mirai could technically infect any box upon successful login, it uses a busybox specific command which causes the infection to fail if busybox is not present. Once inside a box, the malware will attempt to kill and block anything running on ports 22, 23, and 80, essentially locking out the user from their own device and preventing infection by other malware. Despite Mirai killing most control panels, it is possibly to use Shodan to see which services of  the box was exposing prior to infection, giving us an idea of the type of boxes which are infected.

The source code that powers the “Internet of Things” (IoT) botnet responsible for launching the DDoS Attack against KrebsOnSecurity last month has been publicly released, virtually guaranteeing that the Internet will soon be flooded with attacks from several new botnets powered by insecure routers, IP cameras, digital video recorders and other easily targeted devices.

The leak of the source code was announced Friday on the English-language hacking community Hack Forums. The malware, dubbed “Mirai,” spreads to vulnerable devices by continuously scanning the Internet for IoT systems protected by  default username passwords or hard-coded usernames and passwords.

Brian Krebs, the popular cybersecurity researcher, reported the Unfortunate development and stated that it is the same botnet responsible for attack on his website (OVH’s). The botnet is based on the trojan malware ‘Mirai’, and utilizes vulnerable or compromised Internet of Things (IoT) devices. It continuously scans for smart home systems protected by default username and passwords or hard-coded login credentials and sends them to report to a centralized ‘control’ server.

The botnet is, thus, powered by a sum of insecure routers, IP cameras, digital video recorders and other easily targeted devices and has led to fears that it can now practically be used by anyone to flood the internet with a DDoS attack. Sources have reported to Krebs that Mirai is one of the two malware families (the other being Bashlight) being employed to quickly create IoT-based DDoS armies. Botnets based on Bashlight are currently exploiting data from about a million IoT devices to flood the attack site with gigs of traffic.

Hacker, In his post in Hack forums he says that:

When I first go in DDoS industry, I wasn’t planning on staying in it long. I made my money, there’s lots of eyes looking at IOT now, so it’s time to GTFO. So today, I have an amazing release for you. With Mirai, I usually pull max 380k bots from telnet alone. However, after the Kreb DDoS, ISPs been slowly shutting down and cleaning up their act. Today, max pull is about 300k bots, and dropping.

With the release of such a powerful malware, the hackers can now access the publically available code and add it to their arsenal. And since the code is available to all, it will become extremely difficult for the govt. authorities to put a halt to the chaos that’s upon them. It will become a little difficult for them to pin-point and track the ‘master’ operator of the malware. Link for source Code:

https://github.com/jgamblin/Mirai-Source-Code/blob/6a5941be681b839eeff8ece1de8b245bcd5ffb02/mirai/bot/scanner.c#L123

It is like two faces of the same coin that is morphing with each passing day. He’s also stated that infected systems can be cleaned up by simply rebooting them as it removes the malicious data from the memory. But to protect your IoT device from repeated scanning and intrusion, you’ll need to change your default login credentials.

If you’re unaware, KrebsonSecurity website was recently hit with one of the largest DDoS attacks and kncked offline. With traffic amounting to a total of 620 Gbps, the attackers flooded his website in retaliation of him uncovering the masterminds behind some of the largest DDoS attacks in the last decade. His DDoS protection provider Akamai — who provides pro-bono services — to the website pulled support amid the attack and Krebs had to seek support from the Google Shield Project to bring back their website from the dead.

And after this, OVH, a french hosting company was attacked with the world’s largest-known DDoS attack. It was a record-breaking attack, where two simultaneous attacks hit the server and one of the two attacks alone peaked to 799 Gbps of traffic. The hackers had targeted Minecraft servers hosted on the OVH network, and the attack was carried out using a botnet made up of arround 145,000 IoT devices.

Tutorial: Rootkit Virus: Part 1

Tutorial Rootkits: Part-1

What are rootkits?

As the name specifies it’s a combination of two words root and kit. Root defines administrative name onUNIX and Linux operating system and in windows its administrative access and kit refers to a bunch of programs.

So Rootkit is a collection of tools that enables Administrative level access to a computer or computer network. Tools may be key logger, spyware, Backdoor, downloader etc. it can be anything which can take benefit of the vulnerability and exploit the user (victim).

A rootkit is a type of malicious software that is activated every time your system boots up and penetrates Windows API’s.

Behavior of Rootkits

A rootkit allows hacker to establish a command and control server on the victim’s machine without the user knowing about it. Once it is installed the hacker can remotely access user’s machine and change system configuration on the user’s machine and do anything on the victim’s machine.

     Basic Analysis of Root kits

 This kind of virus is not easily be removed as it sneaks in the deepest of computer system and inserts the hidden malcode in certain folders that can't be detected by Anti Virus tools. It can even disable applications like malware bytes, tdsskiller etc.

There are several kind of rootkits here we are going to analyze a type which hides its functionality and all the hidden files are stored in the system. To view we need to first change settings in Folder and Search options as follows:

Now you will find any hidden folder here the sample having folder name Installer C:\Windows\Installer

There is one other hidden folder which seems interesting and is a root kit.

Even if you try to delete this file you will not be able to do it even you can see that date modified is also old and even if you want to rename it you can’t do it.

This folder contains some folders and system files as

What this folder contains and what it’s basically doing

·                       It’s disabling all the antivirus and anti malware programs.

·                       Inability to access registry Editor.

·                       Inability to access application.

·                       Creates a”backdoor” to steal your personal information, including banking passwords Etc.

Now go to location C:\Users\Default\AppData\Local you will find the same hidden folder which is a rootkit and having only one sys file which is stopping us to running anything.

This is all about where it actually resides and what its doing as we seen that I already explained that we were not able to delete that file.

So now question is How to remove this virus?

                                        Removal of Rootkit Malware

There are several ways of removing it Here we are using here is Puppy Linux which is a free ware you can download it easily and now first

1.      We will restart our system and we will boot puppy linux and will mount our Windows sytem as follows

               Here you can see the Windows folder which is the same where the hidden Installer folder resides.

2.      Now will go to same folder and same file we have seen their where actually the virus resides

3.      Now we are going to delete this file just right click on that you will find Dir and folder name just move the cursor on it you will get a delete option.

4.      Click on delete and remember one thing while deleting you have to check the force checkbox which will come once you click on delete.

5.      Now go to the users path and delete folder from there as well.

6.      Now your rootkit has been deleted.

For more like what that rootkit doing what registry entries that is changing wait for Part 2

Update[Be Cautious]:Google, Facebook May be Leaking your Data

We are aware about the fact that most websites are tracking our location and saving our data and may be selling them that to third party. But the Question is that two top Brands

Google Facebook are also doing that???

Let focus on research done by top Researcher Tim Libert, a privacy researcher at the University of Pennsylvania, reveals how serious this problem actually is.

According to Libert's research, 9 out of 10 websites leak users' data to a third party, usually without the knowledge and the consent of the user.

In Research it has been shown that Google is the "worst perpetrator" for tracking 80% of the websites globally and don't respect DNT(Do Not Track) signals.

For the study, Libert used webXray, his own open source software creation and has been used to analyze trackers on health and porn websites. He found that most websites were not only leaking user data, but also sharing it on the internet.

About his latest findings, Libert wrote, "Sites that leak user data contact an average of nine external domains, indicating that users may be tracked by multiple entities in tandem."

Libert told Motherboard website that if when one visits any of the top one million websites there is a 90% chance that largely hidden parties will get information about his/her browsing. "Most troubling is that if you use your browser setting to say 'Do Not Track' me, the explicitly stated policy of nearly all the companies is to flat-out ignore you," he further told the website.

Interestingly, Libert called search giant Google as the 'worst perpetrator' for tracking 80% of the websites globally and not respecting the DNT (Do Not Track) signals.

On being contacted by Motherboard on the issue, Google's representative pointed to their 'terms of service', which the report says state "it is against company policy for Google Analytics to send personally identifiable information to third-parties. Google also offers extended privacy controls, data sharing settings and an opt-out browser extension for Chrome."

Libert says, this however is misleading. As he told motherboard, "The company acts as though users have a choice to follow special instructions to opt-out of Analytics, but this is absurdly disingenuous as all Google needs to do is check a simple, and universally available, browser setting," he said. "It is even more comical when you consider most people never get any notification Google is tracking them. Of course this goes for Facebook and pretty much all other Internet companies as well."

Facebook appears more forthcoming in its policy which clearly warns its users -- in its Terms of Services -- that they can and will be tracked on and off the website.

However, microblogging website Twitter seems to have a different approach here. According to Libert, "...the positive takeaway is that Twitter is taking a real lead in the industry by respecting DNT and deserves some serious credit,"

Share to Twitte

iPhone 6S and 6S plus has new WhatsApp Update 2.12.9 with 3D touch technology

WhatsApp has increased their users from millions to billions due to their multi feature facility in their application.

One application with lots of features which stolen their users heart now comes up with new feature for there iPhone Customers with new 3D touch Technology for iPhone 6S and 6 Splus Users 

iPhone 6S and 6S plus users get ready for new 3D touch Technology in your new WhatsApp Update 2.12.9.

As other applications Facebook Messenger, Google Plus, Dropbox etc providing so many features for iPhone Users corresponding to that WhatsApp Comes with a brilliant idea as always with 3D Touch Technology.

How Does this Technology Beneficial?

“3D touch is the ability to experience the virtual world in much the same way the real world is experienced --- intuitively, interactively, and with a full complement of complex tactile sensations

3D Touch brings a new dimension to iOS with “Peek” and “Pop,” making it easier for users to get information at a glance at navigation between applications. And developers will have free reign over how they want to implement the new technology into their apps. For Detail”

Use of peek and pop gestures on WhatsApp is now possible

What the new update brings to iPhone 6S and 6S Plus is the ability to use Peek and Pop gestures that are heavily dependent on the amount of pressure applied on the phone’s screen. According to the Apple Store listing, the app’s change log points out that users will now be able to “quickly Peek and Pop photos, links, videos, locations and contact cards” that they send and receive when chatting with friends.

Just to jog your memory, the new 3D Touch technology that made its debut with this year’s iPhone models allows the smartphones to detect and differentiate between long pressing and quick-tapping the screen and the results will be different options on the user interface.

Use More bug fixes in WhatsApp 2.12.9 for iOS

Other than the newly added support for 3D Touch, the new version of WhatsApp 2.12.9 also comes in with minor improvements in performance as well as fixes to bugs that affected the previous versions, among them issues with a viewing of media on older iOS versions. Also, the new app’s UI can now be quickly mirrored as well as optimized for languages that are written from right to left, for instance, Arabic.

From the app’s change log in the iTunes App Store, the developers also shed some light on the Starred messages feature that was introduced in the previous version. This feature allowed users of WhatsApp to press and hold on a chat to star it, making the process of finding this message later easier.

On a separate note, there are some users of iOS 9.1 beta who are claiming that WhatsApp has received an update that allows them to access a Quick Reply option.

Hackers has now eye On Ubuntu Touch Store

 

First Malware App hits Ubuntu Touch Store

If you the having Ubuntu OS on your phone then “Be aware of the Hackers”.

They are now targetting Ubuntu Touch Store with the App Name “test” .

"The Ubuntu Touch platform is still very young, and it doesn't have millions of apps in the store, but someone has just uploaded a malicious application that managed to get past the automated testing."

This application is uploaded which was uploaded on the store with name “test” and was able to change bootsplash for the phone.

"This application is doing something dangerous which may harm your phone badly so Ubuntu developers are advising to uninstall this application as soon as possible."

At this point of time it is not clear that how many users has downloaded it as it has a  generic name as well. A much more important problem is the fact that it passed through the regular security filters, and that such important modifications were possible.

Canonical responded immediately

Ubuntu developers will have to reassess the security measures they have in place for Ubuntu Touch, and they need to make sure that the problems will be quickly fixed.

It has come to our attention via our community that a potentially malicious application has been submitted to the Ubuntu Store. We have identified that you are one of the users who downloaded the application. We have removed the application from the store as soon as we were made aware and are taking steps to ensure this does not happen again. The application is called 'test' published by developer mmrow, version 0.1 and only affects armhf based mobile devices," reads the email sent by Canonical.

Users have been advised to uninstall it as soon as possible, so hopefully whatever the problem was, it will soon be fixed. We'll probably see something in the change log for the next OTA update in this regard. We also have a video via one of the Ubuntu community members (many thanks to Szymon Waliczek for taking the time to do this).

Update of Ubuntu Touch Store

You can now enjoy the first update by Ubuntu Community Team Manager David Planella.

Not much users are affected a handful of users are only affected as it was informed at the initial stage and is been fixed.

"If any user gets this type of application please don’t install it. If already been installed please uninstall it."

Updation will help you to get rid from this app.

Threat Buckler: Another New Zero Day exploit Hits Adobe Flash Play...

Threat Buckler: Another New Zero Day exploit Hits Adobe Flash Play...: After so much efforts of Adobe Flash Player attackers find a way New Zero-Day exploit Hits Adobe Flash Player.  Flash, attackers fro...