My First Post      My Facebook Profile      My MeOnShow Profile      W3LC Facebook Page      Learners Consortium Group      Job Portal      Shopping @Yeyhi.com

Pages










Showing posts with label Vulnerability. Show all posts
Showing posts with label Vulnerability. Show all posts

Thursday, December 3, 2020

Various Social Engineering Threats

Social engineering is the clever manipulation of people to gain access to privileged information. It can occur on the telephone, in person, or via email.


SHOULDER SURFING

Shoulder surfing refers to looking over someone's shoulder to obtain information. Be mindful of people nearby when working with sensitive business information. If you step away from your computer, lock it so that others can’t see or access confidential information.

Use a privacy screen to cover your laptop or tablet screen while in use. If you witness someone hovering, acknowledge the person to see what they need. Bring to your supervisor's attention if you are suspicious of their intentions.


TAILGATING

Tailgating is an unauthorized person attempting to gain access to secure office space. Be mindful of people entering behind you. Do not allow tailgating.

Refer anyone without a company badge to reception or security. If you feel threatened or notice suspicious behavior, report the incident to concerned department in your org. In the event of imminent harm, contact local emergency services.


EAVESDROPPING

Eavesdropping refers to secretly listening in on conversations to capture information. Be mindful of who is around when discussing or conducting company business. Do not discuss company business in hallways, shared building spaces, or public places.

Keep confidential discussions behind closed doors.


VISHING

Vishing (voice phishing) happens when you receive a phone call from someone impersonating a trusted source, like your bank, a client, or an employee. They may say there's a problem with your bank account, or credit card and direct you to a web site or phone number where you will be asked to provide personal or company information to verify your identity or account. Beware! They are trying to steal your money, identity, or gain access to organization systems. If you access the Vishing web site from your workstation or smart device, it's possible for hackers to access anything stored there.

Follow your policies and procedures; do not provide personal or payment information to unsolicited callers. Do not attempt to call the number back. Do not take direction from the caller about navigation or use of your tools and systems.

Do not disclose any information unless you are able to verify them, and they are authorized (e.g., if they state they're an employee try to reach them on IM). If you receive a call or a text you suspect to be vishing or smishing, contact spoof@majftech.com with as much information as is available.


SMISHING

Smishing happens when you receive a text message (SMS = smishing) from someone impersonating a trusted source, and the same threats apply as with Vishing.

Do not text scammers back. If you receive a call or a text you suspect to be vishing or smishing, contact spoof@majftech.com with as much information as is available.


PHISHING

Phishing is a form of social engineering in which a fraudulent message is sent to you with the intent of tricking you into opening an attachment, clicking a link, or responding to the message. Phishing typically occurs over email, but can happen during a phone call, through a chat program, in a text message, or even in-person!

Successful phishing attacks can steal your credentials (passwords), install malware on your computer, trick you into disclosing confidential company data, or convince you to take unauthorized actions that benefit the phisher. It is no surprise, that phishing is one of the most common attacks leading to data breaches you see in the news.cWith all the technological defenses in place to prevent phishing emails from landing in your inbox, it’s still one of our biggest security vulnerabilities! Our best resource in defending against phishing is YOU!



Learn the warning signs of such emails:

  • Unexpected sender or content
  • Threats, urgency, and secrecy
  • Phishing or Spam?
  • Promised lottery or super amazing deals


What to do If you think you have received a phishing email:

  • DO NOT reply to the message.
  • DO NOT click on links or open attachments.
  • DO report the email by creating a new email message, attaching the phish email, and sending to spoof@majftech.com.
  • DO NOT send or "forward" the phishing email to anyone as this can cause further exposure.
  • DO permanently delete the phishing email.
  • Does the message push for urgent action?
  • Does the message threaten bad things will happen if you don't do what it says?
  • Is it unusual to use email as authorization for wire transfer? 

Posted by at No comments:

Monday, October 16, 2017

Threat hunting, mitigation and Vulnerability Management




This article is a part of my series 'Security is our duty and we shall deliver it'

Threat hunting is a very deep and strong method to deal with security issues in markets and solutions that need stringent regulations, policies and have risks involved. It is the process of proactively and iteratively searching through networks to detect and isolate advanced threats that evade existing security solutions. According to SANS institute, the threat hunters are actively searching for threats to prevent or minimize damage. The formal process of threat hunting should not be confused with an attempt to prevent adversaries from breaching the environment or for defenders to eliminate vulnerabilities in the network. 


We employ SIEM tools typically only provide indicators at relatively low semantic levels. There is therefore a need to develop SIEM tools that can provide threat indicators at higher semantic levels. As the industry itself is developing around it, we also have our feets wet in the process. We have our Chief Security consultant actively involved in all the three methods viz. Analytics-Driven, situational-Awareness Driven and Intelligence-Driven. As an accompalished engineer he is a master of monkey and fuzzy tests as well.


For bug logging and defect tracking we use home grown technologies as well as Atlassian tools like Jira. For the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities, i.e Vulnerability management we have adept leaders to lead and guide teams in teams in using vulnerability scanners. We have successfully employed Coverity and various checkstyles and PMD level rules. 


We have a set of our own scripts and systems to analyze and investigate for known vulnerabilities such as open ports, insecure software configurations, and susceptibility to malware infections. Like stated above, we have masters of fuzzer techniques who can work with us 24x7. Unknown vulnerabilities, such as a zero-day, and complex threats are all under our hand. We have consultants worked with a variety of antivirus software and heuristic analysis mechanisms. You remember we said, we have smartest of security consultants!


You can read and download the article from:
https://www.slideshare.net/toughjamy/security-is-our-duty-and-we-shall-deliver-it-white-paper

Read on LinkedIn:
https://www.linkedin.com/pulse/security-our-duty-we-shall-deliver-mohd-anwar-jamal-faiz/
Posted by at No comments:

Monday, July 4, 2011

Mohd Anwar Jamal Faiz wins in Symantec Cutting Edge Capture the Flag Hacking Vulnerability contest 2011

Hi
I am glad to post this news to my readers. The tilte is self explanatory:
"Mohd Anwar Jamal Faiz wins in Symantec Cutting Edge Capture the Flag Hacking Vulnerability contest 2011"

Obviously, Mohd Anwar jamal Faiz is me ;)

Symantec Cutting Edge Winners

You can click on the above link to find all Cutting Edge 2011 winners and also look at my photo.
Posted by at 2 comments:
Subscribe to: Comments (Atom)