Saturday, 12 November 2016

What every organization MUST-DO for Cybersecurity !!

Not a single day passes without reporting about cybersecurity breach in one way or other. Whether large or small companies, there is no escape from cyber attacks.

The scope, according to Norman Van, towards cyber security of an organization, is meant for confidentiality, availability and integrity of data. Information Systems are the sum total of data collections and associated persons, procedures, processes and software as well as the provision for the information system for storing, processing and communication.

Some of the basic threats –

We are listing below some of the important basic threats to be attended to in respect of cyber security. Every organization must pay attention to these basics to stay away from cyber security threats.

Ø  Secure Websites and web apps against attacks and malware infection.

Ø  End points are like open door, and hence, security measures must be implemented to safeguard user devices against virus, intrusion, browser etc.

Ø  Social networking has become apparently smart and complex, and hence, phishing attacks are very powerful and organized, and are to be prevented.

Ø  There are always loopholes or vulnerabilities in the software which are always aimed by attackers.  Hence, necessary patch works must be done to keep abreast of times.  A great majority of exploitation was on old software.

Ø  Data breaches involving employees is one of the common occurrences, hence it should be checked.

Ø  Implementation of effective password is absolutely necessary.  Refer our earlier blog where its flaws and remedies are suggested.

Ø  Vis-a-vis growth of smart devices, and cloud services, security threats of IOTs also increased significantly, hence, information security is very essential.

Ø  Encryption and DLP should be used to safeguard sensitive data, and restriction should be imposed on the use of unauthorized devices like USB, extra portable hard drives etc.

Ø  Once a website is attacked, critical information would be lost, hence back up system would be adopted.

Cybersecurity is not a onetime job.  It is a continuous process.  Due to advancement of technology, new techniques are tried every time by attackers to breach web information.

Wednesday, 2 November 2016

Icarus can hijack any popular Drones mid-flight !!


Now a person can hijack nearly any drone mid-air just by using a tiny gadget.

Mr. Jonathan Andersson, who is the manager and security researcher at Trend Micro’s TippingPoint DVLab division, demonstrated a small devise, which he has made, at the PacSec security conference in Tokyo, Japan on Wednesday last.

According to him, his device called Icarus can hijack any popular Drones mid-flight, allowing hackers to lock the owner out, and take complete control of the drones.

This tiny Icarus can also attack many radio-controlled devices like helicopters, cars, boats and other remote control gears that run over the most popular wireless transmission control protocol called DSMx. DSMx is a protocol used to facilitate communication between radio controllers and devices, including drones, helicopters, and cars etc.


Icarus works by taking effect of DSMx protocol which permits the hackers to take full control over targeted Drones that allows attackers to steer, accelerate, brake and even crash them.

What is the lacuna that permits the hackers? Andersson explained that the DSMx protocol does not encrypt the ‘secret’ key that pairs a controller and hobbyist device, which facilitate an attacker to extract this secret by launching several brute-force attacks.  So, once the drone hijacker (Icarus) grabs the secret key, an attacker can send malicious commands to restrict the original owner of the drone from sending legitimate control commands, and instead, the drone will accept commands from the attacker.

Despite providing some patches and updated hardware, manufacturers have not been fully equipped with to provide a robust solution against such threats.

Chinese hackers won prize money of $215,000 !!


In the contest run by Trend Micro's Zero Day Initiative, Tokyo, Japan, for hacking Mobile Pwn2Own, Tencent Keen Security Lab Team from China has won a total prize money of $215,000. 

High security measures were put into effect to devices for both Google's Nexus 6P phones and Apple's iPhone 6S, but still they fell victim to the Chinese hackers.

Google's Nexus 6P: For hacking the Nexus 6P, the Keen Lab Team used a combination of two vulnerabilities and other weaknesses in Android and managed to install a rogue application on the Google Nexus 6P phone without user interaction.

Apple's iPhone 6S: The hackers took advantage of two iOS vulnerabilities -  a use-after-free bug in the renderer and a memory corruption flaw in the sandbox – and stole pictures from the device.  Even though Apple has implemented iOS update, hackers could break the securities successfully.  They have recently credited to have found a threat of remote code execution error.  They have also informed that an update of iOS 10.1 can also be hacked effortlessly.