Wednesday, January 15, 2025
Home Blog Page 3

Cybersecurity on a Small Business Budget: Adapting to the Modern Threat Landscape

0
CyberSecurity

As a small business owner, you might feel a bit like David in a world of Goliaths, as they say, especially when it comes to cybersecurity. The reality, however, is that small businesses are often the most appealing targets for cyberattacks. As the one wearing multiple hats—CEO, CFO, CMO, and now even CISO (Chief Information Security Officer)—how do you protect your business without breaking the bank?

The Rising Tide of Cyberattacks on Small Businesses

Let’s dispel a common myth: “We’re too small to be noticed by cybercriminals.” In recent years, cyberattacks against small businesses have surged. In fact, 43% of all cyberattacks are aimed at small businesses. The reasons are clear: limited resources for cybersecurity make smaller enterprises attractive prey for cybercriminals​.

And these are not just minor inconveniences. A successful cyberattack can lead to devastating consequences, including data loss, tarnished reputation, and severe revenue setbacks. What’s worse, many smaller companies may not survive a major breach, with some statistics suggesting that up to 60% of small businesses that experience a significant cyber breach go out of business within six months.

Understanding Your Vulnerabilities

In 2023, the landscape of threats has grown more diverse and complex. Here are three key areas that you need to keep an eye on:

  1. Password Security: The most common passwords can be guessed by hackers in less than a second. Avoid easily guessable information such as your name, your company’s name, or your birth date when creating your passwords. Opt for complex passwords with special characters instead​.
  2. Outdated Software and Plugins: Outdated software and vulnerable plugins, themes, redunant code etc are the leading cause of malware infections. Regular updates are essential as they often include fixes for bugs and security holes​.
  3. Brute Force Attacks: These attacks have become increasingly common. Measures such as two-factor authentication, CAPTCHA, limiting login attempts, and restricting access to authentication URLs can help safeguard against them​.
  4. Web App Vulns: Injection Vulnerabilities, IDOR Vulnerabilities. See OWASP Top 10

Affordable Cybersecurity Strategies

Addressing these vulnerabilities does not necessarily mean spending thousands of dollars or hiring dedicated IT personnel. Here are some cost-effective measures that you can take to safeguard your business:

  1. Update Your Security Software: Keep your software up to date. Automate security updates where possible. Consider antivirus software providers such as MacAfee or Norton for additional protection​.
  2. Protect Your Files: Regularly back up important files offline, as well as in the cloud and on external hard drives​.
  3. Create Strong Passwords and Enable Multi-factor Authentication: Use strong passwords that include numbers, characters, and different cases. Update your passwords every 2-3 months and use different passwords for different devices. Multi-factor authentication can provide an extra layer of protection​.
  4. Secure Your Router: Change the default network name and password provided by your internet service provider. Update it with your own network name and password and disable the remote management function​.
  5. Train Your Staff: Regularly train your staff on cybersecurity best practices and risk factors. This can be done quarterly or biannually, depending on your business needs​.
  6. Enabling Firewall: Firewall protection is one of the most efficient cybersecurity solutions for small businesses to protect themselves against attacks. It allows businesses to protect their website and organizational data from unauthorized users, monitor traffic, and inspect network packets. Firewalls also help protect company networks and systems against any trojans that hackers use to collect information, enhance privacy and access control, protect from phishing attacks, and provide alerts about malicious activity.
  7. Using Identity and Access Management Solution: These solutions help small businesses limit, monitor, and control access to data and organizational resources. They prevent and identify unauthorized sources attempting to gain access. They use multi-factor authentication, which enables small businesses to implement authorization protocols such as facial recognition, iris scanning, and biometric verification. They also help eliminate the use of exploitable passwords and mitigate insider threats.
  8. Ensuring Network Security: Network security protocols use various techniques such as firewalls, encryption, and access control to secure all layers of a business’s network. They ensure that data is scrambled before being transferred and that unauthorized users cannot access it. Small businesses can implement network security by using multi-factor authentication, securing wireless connections, and using antivirus software.
  9. Implementing Cloud Security: Third-party cloud-based solutions are often the most vulnerable due to the lack of visibility. Therefore, developing a cloud security strategy is critical when using such solutions. Businesses should focus on implementing end-to-end encryption for protection against breaches and ransomware, conduct access and vulnerability assessments, and implement secure data transfers.
  10. Prioritizing Data Protection: When implementing cybersecurity, small businesses should develop a strategy for prioritizing data protection. They should determine which organizational data is critical, who has access to it, and where it’s being used. Once the data has been identified, they can prevent unnecessary remote access and use multi-factor authentication to ensure that only verified users can access the data.
  11. Disaster Recovery (DR) Plan: Developing and implementing a DR plan is critical to cybersecurity. It allows small businesses to define the required course of action that needs to be taken to ensure business continuity after a breach. A DR plan improves productivity due to the allocation of responsibilities and minimizes downtime​.
  12. Audit your company code:
    Any and all code bases should be routiently audited by professionals.

In the end, cybersecurity for small businesses is about being aware and being prepared. Even with a modest budget, you can take significant steps towards protecting your business from cyber threats. Remember, in this digital age, every business is a tech business, and every business owner needs to think about cybersecurity.

Want more? Why not download Cisco’s eBookSmall Businesses Deserve Big Protection to learn how to get enterprise-grade security on a small business budget”

Why not read our Definitive Guide [NCSC Toolkit V2 – Deep Dive] to Implementing a Vulnerability Disclosure Process 

Suggest an edit to this article

Cybersecurity Knowledge Base

Latest InfoSec News

Cybersecurity Academy

Go to Homepage

Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for our Weekly Cybersecurity Newsletter Today.

Remember, CyberSecurity Starts With You!

  • Globally, 30,000 websites are hacked daily.
  • 64% of companies worldwide have experienced at least one form of a cyber attack.
  • There were 20M breached records in March 2021.
  • In 2020, ransomware cases grew by 150%.
  • Email is responsible for around 94% of all malware.
  • Every 39 seconds, there is a new attack somewhere on the web.
  • An average of around 24,000 malicious mobile apps are blocked daily on the internet.
Bookmark
Please login to bookmarkClose

Secrets To Recon (Reconnaissance) – A Bug Hunter’s Guide

0

Hello, readers! Welcome back to our CyberSecurity Academy. Today, we’ll be taking a deep dive into one of the most important stages of ethical hacking or bug hunting: reconnaissance. This is where you gather as much information as possible about a target before you even begin to exploit any vulnerabilities. It’s a stage that is often overlooked by beginners, but it can make or break your efforts in a penetration testing or bug hunting context. Let’s take a look at how you can build a rock-solid foundation for your hacking endeavors.

What is Reconnaissance?

Reconnaissance, also known as “recon,” is the first stage in the ethical hacking process. It involves gathering information about your target system before attempting to identify vulnerabilities or weaknesses. This can include details about the system’s IP addresses, domain details, network topology, and more. The more information you can gather at this stage, the better equipped you will be to identify potential attack vectors.

Why is Recon Important?

The information gathered during the reconnaissance phase can provide invaluable insights that can help you identify vulnerabilities more effectively. For instance, knowing the operating system of a target server can allow you to focus on OS-specific vulnerabilities. Similarly, understanding the network topology can help you identify poorly secured entry points.

Passive vs Active Reconnaissance

Reconnaissance can be split into two main categories: passive and active.

Passive recon involves gathering information without directly interacting with the target system. This could be as simple as doing a WHOIS lookup on a domain or using a service like Shodan to find information about exposed devices.

Active recon, on the other hand, involves directly interacting with the target system. This could involve port scanning, DNS querying, or even sending crafted packets to the system to understand how it responds.

Both types of recon are important, and understanding how to do both effectively can significantly improve your bug hunting abilities.

Irrespective of type of recon, always respect rate limits and remain in-scope!

Tools of the Trade

There are numerous tools available that can aid in the recon process. Here are a few of the most popular ones:

  1. Burp Suite: This is a web application security testing platform. It can be used for various tasks in the security testing process, including mapping and analyzing application contents, inspecting and manipulating traffic between the browser and the web application, and more.
  2. ffuf: This is a tool used to find directories and files on web servers. It works by brute-forcing server directories and files using a wordlist. It’s a very fast web fuzzer written in Go.
  3. Shodan: This is a search engine for internet-connected devices. It can provide valuable information about a target system, such as exposed ports and running services.
  4. WHOIS lookup: This can provide information about who owns a domain, when it was registered, and other useful details.
  5. Google Dorks: These are advanced Google search techniques that can reveal sensitive information that has been accidentally exposed online.

Important: when using automated tools, please always ensure that you are setting rate limits/delay/sleeps and remain within scope

Best Practices for Recon

Here are a few best practices to keep in mind when performing reconnaissance:

  1. Always stay within legal boundaries: It’s crucial to remember that any form of hacking, including recon, can be illegal if you don’t have explicit permission from the owner of the system you’re targeting. Always ensure you have the necessary permissions before beginning any recon activities.
  2. Document everything: Keeping detailed notes on what you discover during the recon phase can be invaluable later on when you’re trying to exploit vulnerabilities.
  3. Don’t rush it: Recon is a process that shouldn’t berushed. Take your time to thoroughly explore and understand the target system.
  4. Use multiple tools: Don’t rely solely on one tool or method. Using a combination of tools and techniques can provide a more complete picture of the target system.

Reconnaissance is a critical first step in any ethical hacking or bug hunting endeavor. By taking the time to gather as much information as possible, you can lay a solid groundwork for your subsequent steps.

Advanced Reconnaissance Techniques

Sometimes, the standard tools and techniques might not be enough. That’s when advanced reconnaissance techniques come into play. Here are a few you might find helpful:

  • Subdomain enumeration: Subdomains can often host different applications and services from the main domain, providing potential additional attack vectors. Subdomain enumeration is a technique that involves identifying all the subdomains associated with a target domain. Tools like Sublist3r or Amass can be particularly useful for this purpose. They work by combining various techniques including search engines crawling, certificate transparency logs, and more. The result is a comprehensive list of subdomains that you can then further examine for potential vulnerabilities.
  • Web application testing: Web applications are complex systems with many components, and they often contain vulnerabilities that can be exploited. Manually testing is always a great start. Tools like OWASP ZAP and Burp Suite are designed specifically for web application testing. They can identify a wide range of vulnerabilities, such as injection vulnerabilities, cross-site scripting (XSS), and misconfigurations. Additionally, these tools often include functionality for manipulating HTTP requests and responses, allowing you to interact with the web application in ways a typical user or browser might not.
  • Content discovery: Not all directories or files on a web server are meant to be public. Sometimes, sensitive directories or files can be unintentionally exposed, providing a potential wealth of information. Content discovery tools like DirBuster, gobuster, or ffuf are designed to identify these hidden resources. They work by brute-forcing directory and file names against the web server and monitoring the responses.
  • Social Engineering: While not a technical method, social engineering is an incredibly effective reconnaissance technique. It involves manipulating people into revealing confidential information. Techniques can range from simple phishing attempts to complex scenarios involving multiple individuals and steps. It’s a stark reminder that humans can often be the weakest link in cybersecurity. Tools like the Social-Engineer Toolkit (SET) can help automate and streamline some social engineering efforts.
  • Data Leakage: Companies often have public and semi-public data repositories that can inadvertently contain sensitive information. This could include GitHub repositories, public Amazon S3 buckets, and more. Manually searching through these repositories can be time-consuming, but tools like GitRob, truffleHog, or Bucket Finder can automate the process, making it easier to identify potential data leakage.

Remember, these techniques should be used ethically and with permission. Always respect privacy and legality when conducting reconnaissance.

Reconnaissance is the first step in ethical hacking and bug hunting, and it’s an essential skill to master. By understanding your target thoroughly, you can plan your approach more effectively and increase your chances of success.

What to hunt for in 2023?

  • Insecure Direct Object References (IDOR): This is a type of access control vulnerability that arises when an application uses the actual name or key of an object when generating web pages. An attacker can manipulate these references to access unauthorized data. For example, a URL like “www.example.com/account?id=123” might allow an attacker to view other accounts just by changing the id parameter. Testing for IDOR vulnerabilities usually involves manual testing, trying to change parameters and observing the responses. However, tools like Burp Suite can help automate some aspects of this process, such as easily changing request parameters.
  • Injection vulnerabilities: These occur when an application sends untrusted data to an interpreter. Injection vulnerabilities can lead to data loss, corruption, or disclosure to unauthorized parties, denial of service, and full system compromise. SQL Injection, Command Injection, and Cross-site Scripting (XSS) are common types of injection vulnerabilities.
  • Broken Authentication: This happens when session management functions related to authentication are implemented incorrectly, allowing attackers to compromise passwords, keys, session tokens, or exploit other implementation flaws to assume the identities of other users.
  • Sensitive Data Exposure: Many web applications and APIs do not properly protect sensitive data, such as financial data, usernames and passwords, and health information. Attackers may steal or modify such weakly protected data to conduct credit card fraud, identity theft, or other crimes.

That’s it for today’s lesson. Remember, the aim of learning these skills is to strengthen security, not to exploit it. Always use your knowledge responsibly and ethically. Stay in Scope, Stay within limits, Stay safe, and happy hunting!’

Suggest an edit to this article

Check out our new Discord Cyber Awareness Server. Stay informed with CVE Alerts, Cybersecurity News & More!

Cybersecurity Knowledge Base

Homepage

Remember, CyberSecurity Starts With You!

  • Globally, 30,000 websites are hacked daily.
  • 64% of companies worldwide have experienced at least one form of a cyber attack.
  • There were 20M breached records in March 2021.
  • In 2020, ransomware cases grew by 150%.
  • Email is responsible for around 94% of all malware.
  • Every 39 seconds, there is a new attack somewhere on the web.
  • An average of around 24,000 malicious mobile apps are blocked daily on the internet.
Bookmark
Please login to bookmarkClose

10 Ways to Improve Your CSS skills and Make Styling More Enjoyable

0

CSS (Cascading Style Sheets) is a technology that first surfaced around 1996, ever since web developers often find it tough to work with. In a recent poll with over 75,000 responses, it was voted as the most painful technology. However, despite its flaws, CSS is an awesome style sheet language that has evolved over the last 20+ years. In this blog post, we’ll explore how to write clean CSS using modern features and avoid unnecessary code. Let’s dive in!

Learning CSS

To truly understand CSS, it’s important to learn the fundamentals rather than relying on frameworks like Bootstrap or Tailwind. While these tools can help create a visually appealing UI quickly, they hinder the learning process and make refactoring more difficult in the future.

Understanding the Box Model

The box model is a crucial concept in CSS that forms the basis for layout and positioning. Every HTML element can be thought of as a box with content, padding, border, and margin. By mastering the box model, you gain better control over your code and layout.

https://developer.mozilla.org/en-US/docs/Web/CSS/CSS_Box_Model

Debugging with Firefox

Instead of relying solely on Chrome’s dev tools for CSS debugging, consider using Firefox. Firefox’s dev tools provide a breakdown of the box model, allow property editing directly in the inspector, and offer helpful annotations in the HTML, dev tools have been around since 2005ish in Firefox.

Simplify Layout with Flexbox

Historically, layout and positioning in CSS have been challenging tasks. However, Flexbox provides an excellent solution. By using the “display: flex” property, you can easily create flexible columns or rows and align elements within them.

https://developer.mozilla.org/en-US/docs/Web/CSS/CSS_Flexible_Box_Layout/

Harness the Power of CSS Grid

For complex layouts, CSS Grid is a powerful feature that simplifies your code. Unlike Flexbox, Grid allows you to define columns and rows, providing more control over the overall layout. It eliminates the need for excessive container elements.

https://developer.mozilla.org/en-US/docs/Web/CSS/CSS_Grid_Layout

Responsive Layouts with Ease

Creating responsive layouts can be achieved by using media queries, but they can quickly become overwhelming. Instead, leverage functions like “min,” “max,” and “clamp” to set flexible width values based on the available space, reducing code redundancy.

https://developer.mozilla.org/en-US/docs/Web/CSS/clamp

Embrace CSS Custom Properties (Variables)

CSS custom properties, also known as variables, enhance code flexibility and maintainability. By defining variables on the root selector, you can reference and update them throughout your codebase easily. This feature enables the swift swapping of themes.

Perform Calculations with Calc()

CSS offers basic calculations through the “calc” function. This allows you to perform simple math operations and combine different units, making your code more dynamic and adaptable.

https://developer.mozilla.org/en-US/docs/Web/CSS/calc#try_it

Managing State with CSS

Surprisingly to some, CSS has a built-in state management mechanism, kind of.. By using CSS counters, you can automatically number headings or other elements without manual intervention. This simplifies maintenance and prevents the need for JavaScript for basic state handling.

Managing state with CSS counters is an interesting feature. CSS counters allow you to automatically number elements, such as headings, without the need for manual intervention or JavaScript.

Let’s say you have a document with multiple headings that you want to number. Traditionally, you might manually add the numbers to each heading in the HTML markup. However, this can become tedious and error-prone, especially if you need to insert or reorder headings later.

CSS counters offer a smarter solution. You can define a counter in your CSS code using the counter-reset property, giving it any name you prefer.

https://developer.mozilla.org/en-US/docs/Web/CSS/counter-reset

Simplifying Dropdown Menus

Building complex dropdown menus often involves JavaScript for state management. However, CSS offers the “focus-within” pseudo-class, which eliminates the need for JavaScript by maintaining the open state when child elements have focus.

https://developer.mozilla.org/en-US/docs/Web/CSS/:focus-within

Conlclusion

While CSS can be challenging at times, mastering its features and adopting modern approaches can significantly improve ones development experience. Understanding fundamentals, leveraging Flexbox and CSS Grid, and using tools like PostCSS and preprocessors can make your code more enjoyable to work with. Remember, with CSS, you have the power to create stunning and responsive designs. Happy coding!

Suggest an edit to this article

Check out our new Discord Cyber Awareness Server. Stay informed with CVE Alerts, Cybersecurity News & More!

Cybersecurity Knowledge Base

Homepage

Remember, CyberSecurity Starts With You!

  • Globally, 30,000 websites are hacked daily.
  • 64% of companies worldwide have experienced at least one form of a cyber attack.
  • There were 20M breached records in March 2021.
  • In 2020, ransomware cases grew by 150%.
  • Email is responsible for around 94% of all malware.
  • Every 39 seconds, there is a new attack somewhere on the web.
  • An average of around 24,000 malicious mobile apps are blocked daily on the internet.
Bookmark
Please login to bookmarkClose

Safely Integrating Large Language Models (LLMs) into Your Products: A White Hats Perspective

0

With the rise of AI startups and the availability of novel AI tools, particularly Large Language Models (LLMs), have created exciting opportunities for product integration. While LLMs, such as OpenAI’s API, offer incredible potential for adding meaningful AI features to products, it is essential to address security concerns. Prompt injections, in particular, pose a significant threat. In this exclusive blog post, we will explore strategies to defend against prompt injections and ensure secure integration of LLMs.

Understanding the Offense

To develop an effective defense, it is crucial to comprehend the threat model. However, the ever-evolving nature of AI and LLMs makes it challenging to establish a concrete understanding of the threat landscape. As an outsider to the machine learning field, I approach this topic with a hacker mindset, analyzing security from an IT perspective. While there are currently no definitive solutions to security issues arising from LLM integration, I aim to share my thoughts and provide engineers with valuable insights.

Reevaluating Prompt Injections as a Security Issue

Prompt injections exploit the inherent vulnerability of LLMs, where all text serves as input, potentially influencing the model’s response. However, redefining prompt injections as a feature rather than a vulnerability could change the perspective. Drawing a parallel with remote code execution vulnerabilities, which can be transformed into a service rather than a security flaw, prompts us to consider how LLMs can be implemented to allow user flexibility without compromising security. While this approach may not always be applicable, it encourages us to explore alternative defenses.

Rethinking System Architecture

To mitigate prompt injection vulnerabilities, we need to redesign the system architecture. By redefining the expected output from LLMs and implementing proper input validation, we can minimize the impact of prompt injections. For instance, in content moderation, changing the prompt to a yes/no output and focusing on individual comments rather than incorporating user names can enhance security. While not foolproof, this approach limits the consequences of prompt injections.

Isolating Users and Enhancing Resilience:

Isolating users within the LLM integration process can help mitigate security risks. If the AI model is only exposed to a user’s context and its output is directed solely to that user, prompt injections become a self-contained issue. However, implementing this design can be challenging due to the possibility of untrusted inputs contaminating the user context. In such cases, adopting a layered defense approach, similar to the swiss cheese model, becomes crucial. This involves combining multiple techniques to improve the overall resilience against malicious injections.

Strategies to Focus the AI on the Task

Language models are generalists, capable of performing a wide range of tasks. This generality, however, makes them susceptible to prompt manipulations. Employing techniques like Few-Shot and Fine-Tuning can help address this challenge. Few-Shot learning allows the model to be conditioned with task demonstrations at inference time, limiting its flexibility. Fine-Tuning further enhances performance on specific tasks by training the model on a supervised dataset. By fine-tuning LLMs and focusing their capabilities, we can reduce the impact of prompt manipulations.

It is important to acknowledge that the threat model surrounding LLM integration is still evolving, and there are ongoing research and advancements in the field. As an outsider to the machine learning domain, one cannot claim to have all the answers. However, by leveraging IT security principles and applying them to LLM integration, valuable insights can be gained.

Additional Defense Tips:

  • Reducing the length of malicious input can make prompt injections less effective.
  • Setting the temperature parameter close to 0 ensures deterministic output during development and aids in identifying potential model confusion.
  • Implementing redundant prompts, although expensive, can enhance consistency and reliability, especially in critical systems.

Conclusion

Integrating Large Language Models (LLMs) into products requires a proactive and security-conscious approach. Redesigning prompt structures, implementing robust input validation mechanisms, and redefining expected outputs can help mitigate prompt injection vulnerabilities. Isolating users within the LLM integration process, employing techniques like Few-Shot and Fine-Tuning, and incorporating additional defense measures such as reducing input length and utilizing redundant prompts can enhance system resilience. Staying updated with the latest research and engaging in human red-teaming during the training phase are crucial for addressing biases, improving training data quality, and enhancing the overall security of integrated LLMs. By combining these strategies and fostering collaboration, we can strive towards safer and more secure integration of LLMs into products.

The following papers were used to aid me in writing this article.

[A Holistic Approach to Undesired Content Detection in the Real World –  https://arxiv.org/pdf/2208.03274.pdf]

[Language Models are Few-Shot Learners – https://arxiv.org/pdf/2005.14165.pdf]

[Guiding Generative Language Models for
Data Augmentation in Few-Shot Text Classification –

https://arxiv.org/pdf/2111.09064.pdf]

Suggest an edit to this article

Check out our new Discord Cyber Awareness Server. Stay informed with CVE Alerts, Cybersecurity News & More!

Cybersecurity Knowledge Base

Homepage

Remember, CyberSecurity Starts With You!

  • Globally, 30,000 websites are hacked daily.
  • 64% of companies worldwide have experienced at least one form of a cyber attack.
  • There were 20M breached records in March 2021.
  • In 2020, ransomware cases grew by 150%.
  • Email is responsible for around 94% of all malware.
  • Every 39 seconds, there is a new attack somewhere on the web.
  • An average of around 24,000 malicious mobile apps are blocked daily on the internet.
Bookmark
Please login to bookmarkClose

Critical Security Vulnerability Uncovered in Essential Addons for Elementor WordPress Plugin CVE-2023-32243

0
Wordpress Logo

A recently disclosed security vulnerability in the widely used WordPress plugin, Essential Addons for Elementor, has raised concerns about potential unauthorized access and privileges on affected websites. This critical flaw, known as CVE-2023-32243, has been promptly addressed by the plugin maintainers in their latest version 5.7.2 release. With over a million active installations, the plugin’s users are urged to update to the patched version to ensure their website’s security.

Unauthenticated Privilege Escalation:

According to Rafie Muhammad, a researcher at Patchstack, the plugin suffers from an unauthenticated privilege escalation vulnerability. This vulnerability enables any unauthorized user to elevate their privileges to that of any user on the WordPress site, posing a significant security risk. Exploiting this flaw successfully would allow a threat actor to reset the password of any user, provided they have knowledge of the targeted user’s username. The vulnerability is believed to have existed since version 5.4.0 of the plugin.

The Potential Consequences:

This security flaw has serious implications as it could potentially allow attackers to reset the password associated with an administrator account, effectively gaining full control over the compromised website. Rafie Muhammad highlights that the vulnerability arises due to a lack of password reset key validation, allowing direct password changes without proper authentication checks. Promptly updating to version 5.7.2 is crucial to mitigate these risks and protect WordPress sites using Essential Addons for Elementor.

Ongoing Threat Landscape:

The disclosure of this vulnerability coincides with a recent wave of attacks targeting WordPress sites since late March 2023. These attacks aim to inject the SocGholish (aka FakeUpdates) malware, a persistent JavaScript malware framework. Operating as an initial access provider, SocGholish facilitates the delivery of additional malware to compromised hosts. Attackers have been using deceptive methods, such as disguising malware as a web browser update via drive-by downloads, to distribute SocGholish.

Evolution of Malware Tactics:

In their pursuit of evading detection and prolonging the effectiveness of their campaigns, malicious actors continuously adapt their techniques. Sucuri researcher Denis Sinegubko highlights the sophistication of the SocGholish malware, emphasizing its ability to utilize compression techniques through the zlib software library. This technique enables malware to conceal itself, minimize its footprint, and evade detection.

Expanding Malvertising Campaigns:

The malware landscape is not limited to SocGholish. A recent technical report from Malwarebytes uncovers a malvertising campaign targeting visitors to adult websites. The campaign serves popunder ads that mimic a fake Windows update, designed to drop the “in2al5d p3in4er” (aka Invalid Printer) loader. This loader, documented by Morphisec, is specifically designed to detect virtual machine or sandbox environments and deploy the Aurora information stealer malware.

Urgency to Update Essential Addons for Elementor:

Wordfence has issued an advisory stating that the critical vulnerability in the Essential Addons for Elementor plugin is actively being exploited in the wild. Within the past 24 hours alone, they have detected and blocked 200 attacks targeting this flaw. To safeguard websites from potential attacks and unauthorized access, it is imperative that users swiftly update their Essential Addons for Elementor plugin to the latest version.

Conclusion:

The security vulnerability discovered in Essential Addons for Elementor plugin underscores the critical importance of promptly updating software to address known vulnerabilities. By staying vigilant and keeping plugins and themes up to date, website owners can fortify their defenses against potential exploits and ensure the security of their online presence.

Suggest an edit to this article

Check out our new Discord Cyber Awareness Server. Stay informed with CVE Alerts, Cybersecurity News & More!

Cybersecurity Knowledge Base

Homepage

Remember, CyberSecurity Starts With You!

  • Globally, 30,000 websites are hacked daily.
  • 64% of companies worldwide have experienced at least one form of a cyber attack.
  • There were 20M breached records in March 2021.
  • In 2020, ransomware cases grew by 150%.
  • Email is responsible for around 94% of all malware.
  • Every 39 seconds, there is a new attack somewhere on the web.
  • An average of around 24,000 malicious mobile apps are blocked daily on the internet.
Bookmark
Please login to bookmarkClose

Busting the Myths: NCSC and ICO Expose the Truth About Incident Reporting

0
ncsc national cyber security

In an unprecedented collaboration, the National Cyber Security Centre (NCSC) and Information Commissioner’s Office (ICO) have united to issue a compelling call to action. Through a captivating joint blog post, they aim to debunk prevalent misconceptions surrounding incident reporting and break the vicious cycle of cybercrime.

Their message is clear: Keeping cyber-attacks under wraps not only increases the likelihood of future breaches but also diminishes the security of us all. By failing to report incidents, we miss valuable opportunities to learn and fortify our defenses. This is particularly true in the case of ransomware attacks, as succumbing to the demands of extorters only emboldens their malicious activities.

Let’s imagine this scenario: You return home after a long day of work, only to discover that your house has been burglarized. Instead of promptly notifying the authorities and seeking assistance, you hastily restore everything to its original order, hoping no one will find out. You choose to bypass any further investigation, pretending as though nothing had occurred.

Now, consider what happens next: Your next-door neighbor falls victim to a burglary the following week, an event of which you remain unaware because they too decide not to mention it. Subsequently, the burglars revisit your home, taking advantage of your oversight in failing to secure the previously unlocked window. Their return is effortless, paving the way for further intrusion.

This analogy serves as a stark reminder that by concealing cyber-incidents, we inadvertently invite a never-ending cycle of threats. Just as the unlocked window beckons burglars, our failure to address and report cyber-attacks creates an environment ripe for exploitation. The NCSC and ICO implore us all to step forward, report incidents, and collectively strengthen our collective security. Together, we can break this perilous cycle and safeguard our digital lives.

In a recent statement, the National Cyber Security Centre (NCSC) emphasized its commitment to maintaining confidentiality when it comes to incident information. The organization clarified that it never discloses such details proactively or shares them with regulators unless the victim organization gives consent. Similarly, the Information Commissioner’s Office (ICO) clarified its stance on incident disclosure, stating that it only confirms the occurrence of an incident without divulging further specifics.

The NCSC also highlighted a crucial point for organizations to consider in the face of double extortion ransomware attacks. They cautioned that relying solely on offline backups does not eliminate the risk of data theft. Even in cases where there is no concrete evidence of data compromise, the NCSC urged victims to adopt the assumption that their data has indeed been accessed.

Meanwhile, the ICO emphasized a fair and measured approach to regulation. Contrary to the claims made by online extortionists, not all breaches automatically result in fines. The ICO stated that its primary goal is to assist organizations in enhancing their data protection practices, recognizing that this approach ultimately safeguards individuals’ data. Only in cases involving severe, recurring, or negligent behavior that puts personal information at risk would enforcement action be considered, as the ICO rejects a one-size-fits-all approach to penalties.

Suggest an edit to this article

Check out our new Discord Cyber Awareness Server. Stay informed with CVE Alerts, Cybersecurity News & More!

Cybersecurity Knowledge Base

Homepage

Remember, CyberSecurity Starts With You!

  • Globally, 30,000 websites are hacked daily.
  • 64% of companies worldwide have experienced at least one form of a cyber attack.
  • There were 20M breached records in March 2021.
  • In 2020, ransomware cases grew by 150%.
  • Email is responsible for around 94% of all malware.
  • Every 39 seconds, there is a new attack somewhere on the web.
  • An average of around 24,000 malicious mobile apps are blocked daily on the internet.
Bookmark
Please login to bookmarkClose

UK’s Leading Cybersecurity Agency Urges Business Leaders to Take Cyber Risks Seriously

0
ncsc national cyber security

The National Cyber Security Centre (NCSC) of the UK has released an updated Cyber Security Board Toolkit and is urging business leaders to take cyber risks seriously. The NCSC believes that senior executives must become more familiar with cyber risk to be confident when discussing security with key stakeholders. Since breaches can have a significant impact on business operations and growth, the NCSC advises boards to treat cyber risks with the same level of urgency as other business risks, such as financial and legal risks. Additionally, the NCSC has launched two new tools to support small businesses.

Read more on NCSC.gov

Suggest an edit to this article

Check out our new Discord Cyber Awareness Server. Stay informed with CVE Alerts, Cybersecurity News & More!

Cybersecurity Knowledge Base

Homepage

Remember, CyberSecurity Starts With You!

  • Globally, 30,000 websites are hacked daily.
  • 64% of companies worldwide have experienced at least one form of a cyber attack.
  • There were 20M breached records in March 2021.
  • In 2020, ransomware cases grew by 150%.
  • Email is responsible for around 94% of all malware.
  • Every 39 seconds, there is a new attack somewhere on the web.
  • An average of around 24,000 malicious mobile apps are blocked daily on the internet.
Bookmark
Please login to bookmarkClose

Learning Django: Key Concepts Every Beginner Should Master

0
Learn

When building sophisticated online applications, developers frequently use the well-liked Python web framework Django. Yet, learning everything about Django at once can be difficult for beginners. In order to become proficient in Django, beginners should study and grasp some of the fundamental principles that are highlighted in this article.

Apps

At the heart of every Django website are apps. Apps are small pieces of a project that make up an entire website. We create apps to represent different parts of a website, and how you structure your apps is entirely up to you. Apps typically contain some kind of database models, URLs, views, and other information about a particular part of our website. Imagine we were building Facebook.com with Django; we could have one app that represents all the information and logic about users, another app that contains all our database tables, logic for posts, and things related, like likes and comments for those posts, all inside of one app. When it comes to Facebook groups, it would be best to put that into its app, so all that logic is separate from other parts of our website. All these apps would sit inside of a main project folder, and you would simply let Django know about these apps by registering them inside of your application settings file.

Views

Views are simply functions that are in charge of processing a user’s request when they visit a certain URL or endpoint on our website. When a user goes to our website, some view associated with that URL is responsible for some logic in the back-end and returning some form of response with data, which is typically some kind of HTML template or JSON data. Views can also be represented as classes, and these are called class-based views. The major difference between function-based views and class-based views is how they extend logic. For anybody just starting to learn Django, we would highly recommend that you first start by learning function-based views because they are easier to understand, and most of the documentation is written using function-based views. However, it’s necessary to have a good understanding of class-based views and how to effectively use them.

URL Routing

To handle URL routing in a Django application, we create URL patterns in a list and simply attach different paths to those views. This is how Django knows which view to fire off when a user visits a URL on our website. In this example, we would simply use the path function, set a URL route, and assign an associated view.

Models

Models are simply class-based representations of our database tables and are at the core of how we design our database. With models, we create a class that represents a table, and the attributes in this class represent each column inside of that database table. Knowing how to create relationships between these tables, such as one-to-many and many-to-many, is also a must. Along with knowing how to design your database, you also need to know how to work with this database. Simple methods like get all and filter are how we retrieve items from the database using Django’s built-in ORM.

Admin Panel and CRUD Operations

While personally, I like to build out my own interface in any application I make, Django also gives us this admin panel to view, create, and update any data in our database. The admin panel is a great tool to start with and is also highly customizable. While building most any application, you probably will have to perform CRUD (create, read, update, and delete) operations at some point. We can perform tasks like this by writing all of our code from scratch using methods like the save and delete method, or we could use Django model forms and/or class-based views that handle a lot of this functionality for us.

Static Files and User Authentication

Static files, such as images, CSS, and JavaScript, are essential to every website, and Django makes it easy to serve these files. By default, Django looks for static files in a directory called “static” located in each app’s directory. However, it’s also possible to specify a different directory to serve static files from.

To configure static file handling in Django, you would typicallyy perform the following steps:

Define the static files directory: You can define the directory where your static files are stored in your settings file. This is done by setting the STATIC_ROOT variable to the absolute path to your static files directory. For example:

STATIC_ROOT = '/var/www/static/'
  1. Configure the static URL: You need to tell Django where to find static files at runtime. This is done by setting the STATIC_URL variable in your settings file. For example:
STATIC_URL = '/static/'
  1. Serve static files in development: During development, Django can serve static files for you. You need to add the following line to your urls.py file:
from django.conf import settings
from django.conf.urls.static import static

urlpatterns = [
    # ... some url patthers here ...
]

if settings.DEBUG:
    urlpatterns += static(settings.STATIC_URL, document_root=settings.STATIC_ROOT)

This simply tells Django to serve static files from the STATIC_ROOT directory when the DEBUG setting is set to True.

User Authentication

User authentication is a critical component of many web applications. Django provides a built-in authentication framework that makes it easy to add authentication to your application. The authentication framework provides the following features:

  • User authentication: Users can create accounts, log in, and log out.
  • Password management: Users can change their password or reset it if they forget it.
  • Permissions: You can define permissions and assign them to users or groups of users.

To use the authentication framework, you need to perform the following steps:

  1. Install the authentication app: The authentication app is included with Django. To use it, you need to add ‘django.contrib.auth’ to the INSTALLED_APPS setting in your settings file.
INSTALLED_APPS = [
    # ... other apps here ...
    'django.contrib.auth',
    # ... other apps here ...
]

Configuring authentication backends: Django supports multiple authentication backends, which allow you to authenticate users using different methods, such as email or social media accounts. You need to specify which authentication backends to use in the AUTHENTICATION_BACKENDS setting in your settings file. For example:

AUTHENTICATION_BACKENDS = [    'django.contrib.auth.backends.ModelBackend',    'allauth.account.auth_backends.AuthenticationBackend',]

This example uses the default ModelBackend, which authenticates users based on their username and password, and the allauth backend, which provides social media authentication.

  1. Define login and logout views: Django provides built-in views for logging in and logging out. You need to include these views in your urls.py file:
from django.contrib.auth.views import LoginView, LogoutView

urlpatterns = [
    # ... your URL patterns here ...
    path('login/', LoginView.as_view(template_name='login.html'), name='login'),
    path('logout/', LogoutView.as_view(template_name='logout.html'), name='logout'),
]
  1. Protect views with login_required: You can protect views/pages so that only authenticated users can access them by using the login_required decorator:
from django.contrib.auth.decorators import login_required

@login_required
def my_view(request):
    # ... view code here ...

Django is a powerful and popular web framework that makes it easy to develop complex web applications. With features such as URL routing, template rendering, database ORM, user authentication, and static file serving, Django provides developers with the tools they need to build robust and scalable web applications.

One of the major benefits of Django is its ability to handle large amounts of data through its powerful ORM. This allows developers to work with databases in a way that’s intuitive and efficient, making it easier to develop applications that require complex data models.

Overall, Django is a powerful and versatile web framework that’s suitable for a wide range of web development projects. Whether you’re building a small blog or a large-scale web application, Django’s features and flexibility make it an excellent choice for your next project.

Suggest an edit to this article

Check out our new Discord Cyber Awareness Server. Stay informed with CVE Alerts, Cybersecurity News & More!

Cybersecurity Knowledge Base

Homepage

Remember, CyberSecurity Starts With You!

  • Globally, 30,000 websites are hacked daily.
  • 64% of companies worldwide have experienced at least one form of a cyber attack.
  • There were 20M breached records in March 2021.
  • In 2020, ransomware cases grew by 150%.
  • Email is responsible for around 94% of all malware.
  • Every 39 seconds, there is a new attack somewhere on the web.
  • An average of around 24,000 malicious mobile apps are blocked daily on the internet.
Bookmark
Please login to bookmarkClose

PHP vs Ruby vs Python vs Go: Comparing Popular Programming Languages for Web Development

0
programming

There are numerous programming languages to select from when creating web applications. Some of the well-known choices include PHP, Ruby, Go, and Python. What language is used ultimately comes down to the project’s needs, the developer’s experience and ability, and each language’s strengths and shortcomings. In this article, shall “compare” PHP, Ruby, Go, and Python.

Go

Go, also known as Golang, is a relatively new programming language that has gained popularity for its speed and concurrency capabilities. It was developed by Google in 2009 and has since become a popular choice for web development. Go is a statically typed language that is designed to be simple, efficient, and reliable.

One of the main advantages of Go is its speed. Go is optimized for web development, and it can handle a large number of requests quickly and efficiently. Go is also known for its concurrency capabilities, which means that it can execute multiple tasks simultaneously, making it a good choice for developing high-performance web applications.

Go has several popular web frameworks, such as Gin, Echo, and Revel. These frameworks provide a set of conventions and tools that simplify and speed up the development process. However, Go is a relatively new language, and it may be more difficult to find experienced developers compared to other more established languages.

PHP

PHP is a server-side scripting language that has been around since 1994. It is an open-source language that is widely used for developing dynamic websites and web applications. PHP is easy to learn and has a large community of developers and users.

One of the main advantages of PHP is its speed. PHP is optimized for web development, and it can handle a large number of requests quickly and efficiently. PHP also supports many popular databases, such as MySQL and PostgreSQL, making it a good choice for developing database-driven web applications.

PHP has several popular web frameworks, such as Laravel, Symfony, and CodeIgniter. These frameworks provide a set of conventions and tools that simplify and speed up the development process. However, PHP can be prone to security vulnerabilities if not properly coded, making it crucial to have experienced developers on the team.

Ruby

Ruby is a dynamic, open-source language that is often used for building web applications. Ruby on Rails, a popular web framework, provides a set of conventions and tools that simplify and speed up the development process. Ruby on Rails is known for its “convention over configuration” approach, which means that the framework provides default settings that developers can override if needed.

One of the main advantages of Ruby is its readability. Ruby’s syntax is similar to natural language, making it easy for developers to write and understand code. Ruby also supports many popular databases, such as MySQL and PostgreSQL, making it a good choice for developing database-driven web applications.

Ruby on Rails has several advantages, such as its built-in security features and its emphasis on testing and debugging. However, Ruby on Rails can be slower than other web frameworks due to its use of dynamic typing.

Python

Python is a high-level programming language that is widely used for web development due to its ease of use, readability, and versatility. Python has several popular web frameworks such as Django, Flask, and Pyramid. These frameworks provide a set of conventions and tools that simplify and speed up the development process.

One of the main advantages of Python is its versatility. Python can be used for many different types of applications, including web development, data analysis, and artificial intelligence. Python also supports many popular databases, such as MySQL and PostgreSQL, making it a good choice for developing database-driven web applications.

Python’s web frameworks are known for their emphasis on code readability, maintainability, and scalability. However, Python can be slower than other programming languages due to its use of dynamic typing.

Conclusion

In conclusion, PHP, Ruby, Python, and Go are all excellent choices for web development, each with their strengths and weaknesses. PHP is known for its speed and ease of use, Ruby for its readability and conventions, Python for its versatility and scalability, and Go for its speed and concurrency capabilities. The choice of programming language ultimately depends on the specific requirements of the project and the development team’s experience and expertise.

When choosing a programming language for web development, it is important to consider factors such as the project requirements, the development team’s skills and preferences, and the intended audience of the web application. Ultimately, the best language for developing a web application will depend on the specific needs of the project. To ensure that your web application is secure, effective, and scalable, it is essential to have experienced developers on the team.

Suggest an edit to this article

Check out our new Discord Cyber Awareness Server. Stay informed with CVE Alerts, Cybersecurity News & More!

Cybersecurity Knowledge Base

Homepage

Remember, CyberSecurity Starts With You!

  • Globally, 30,000 websites are hacked daily.
  • 64% of companies worldwide have experienced at least one form of a cyber attack.
  • There were 20M breached records in March 2021.
  • In 2020, ransomware cases grew by 150%.
  • Email is responsible for around 94% of all malware.
  • Every 39 seconds, there is a new attack somewhere on the web.
  • An average of around 24,000 malicious mobile apps are blocked daily on the internet.
Bookmark
Please login to bookmarkClose

Twitter discontinues text message two-factor authentication for non-Blue subscribers

0

In a controversioal move, twitter has recently announced that it is discontinuing the use of text message two-factor authentication for all users, except for those who subscribe to Twitter Blue. This means that users who have relied on SMS-based two-factor authentication to protect their accounts will now need to switch to an authentication app in order to continue accessing their Twitter accounts.

The decision to remove text message two-factor authentication has been made with the aim of improving the overall security of the platform, as SMS-based authentication is considered to be less secure than other methods such as authentication apps or security keys.

Twitter has urged users who currently have text message two-factor authentication enabled to remove it by March 19, 2023, or risk losing access to their accounts. However, the company has assured users that the process of switching to an authentication app is a simple and quick one.

It is important to note that users will still be able to use other two-factor authentication methods, such as authentication apps or security keys, to protect their Twitter accounts. The removal of text message two-factor authentication does not affect these methods.

What is more Secure Text message 2fa or Application 2FA

When it comes to security, authentication apps are generally considered to be more secure than text message two-factor authentication. This is because text messages can be intercepted or redirected, leaving accounts vulnerable to unauthorized access. In contrast, authentication apps use a time-based code that is generated locally on the user’s device, making it more difficult for malicious actors to intercept or gain access to the code. As a result, Twitter’s decision to discontinue text message two-factor authentication in favor of authentication apps is a positive step towards improving the overall security of the platform.

While some Twitter users have expressed concern about the added expense of subscribing to Twitter Blue in order to retain access to text message two-factor authentication, it is important to note that authentication apps are typically free and widely available on both iOS and Android devices.

According to a blog post by twitter:
“While historically a popular form of 2FA, unfortunately we have seen phone-number based 2FA be used – and abused – by bad actors. So starting today, we will no longer allow accounts to enroll in the text message/SMS method of 2FA unless they are Twitter Blue subscribers. The availability of text message 2FA for Twitter Blue may vary by country and carrier.”

https://blog.twitter.com/en_us/topics/product/2023/an-update-on-two-factor-authentication-using-sms-on-twitter

Conclusion

Twitter’s decision to remove text message two-factor authentication is a positive step towards improving the security of the platform. Users who have relied on this method of authentication are strongly advised to switch to an authentication app in order to avoid losing access to their accounts. By doing so, they can rest assured that their accounts are protected by a more secure and reliable method of authentication.

Suggest an edit to this article

Check out our new Discord Cyber Awareness Server. Stay informed with CVE Alerts, Cybersecurity News & More!

Cybersecurity Knowledge Base

Homepage

Remember, CyberSecurity Starts With You!

  • Globally, 30,000 websites are hacked daily.
  • 64% of companies worldwide have experienced at least one form of a cyber attack.
  • There were 20M breached records in March 2021.
  • In 2020, ransomware cases grew by 150%.
  • Email is responsible for around 94% of all malware.
  • Every 39 seconds, there is a new attack somewhere on the web.
  • An average of around 24,000 malicious mobile apps are blocked daily on the internet.
Bookmark
Please login to bookmarkClose