Stantinko Botnet Now Targeting Linux Servers to Hide Behind Proxies
An adware and coin-miner botnet targeting Russia, Ukraine, Belarus, and Kazakhstan at least since 2012 has now set its sights on Linux servers to fly under the radar.
Critical Unpatched VMware Flaw Affects Multiple Corporates Products
VMware has released temporary workarounds to address a critical vulnerability in its products that could be exploited by an attacker to take control of an affected system.
Microsoft Releases Windows Security Updates For Critical Flaws
Microsoft formally released fixes for 112 newly discovered security vulnerabilities as part of its November 2020 Patch Tuesday, including an actively exploited zero-day.
Researcher Discloses Critical RCE Flaws In Cisco Security Manager
Cisco has published multiple security advisories concerning critical flaws in Cisco Security Manager (CSM) a week after the networking equipment maker quietly released patches with version 4.22 of the platform.
Cisco warns of actively exploited IOS XR zero-days
Cisco warned on Saturday about two zero-day vulnerability impacting the Internetwork Operating System (IOS) that ships with its networking equipment.
New Chrome 0-day Under Active Attacks – Update Your Browser Now
Attention readers, if you are using Google Chrome browser on your Windows, Mac, or Linux computers, you need to update your web browsing software immediately to the latest version Google released earlier today.
Google Warns of Zero-Click Bluetooth Flaws in Linux-based Devices
Google security researchers are warning of a new set of zero-click vulnerabilities in the Linux Bluetooth software stack that can allow a nearby unauthenticated, remote attacker to execute arbitrary code with kernel privileges on vulnerable devices.
India Witnessed Spike in Cyber Attacks Amidst Covid-19 - Here's Why?
The COVID-19 outreach is turning out to be not only health, social, and economic hazard but also a cybersecurity crisis. The pandemic has presented new challenges for businesses in the areas of remote collaboration and business continuity.
FIN11 Hackers Spotted Using New Techniques In Ransomware Attacks
A financially-motivated threat actor known for its malware distribution campaigns has evolved its tactics to focus on ransomware and extortion. "Recent FIN11 intrusions have most commonly led to data theft, extortion and the disruption of victim networks via the distribution of CLOP ransomware".
Microsoft Releases Patches For Critical Windows TCP/IP and Other Bugs
Microsoft on Tuesday issued fixes for 87 newly discovered security vulnerabilities as part of its October 2020 Patch Tuesday, including two critical remote code execution (RCE) flaws in Windows TCP/IP stack and Microsoft Outlook.
Responsible Computer Usage
Responsible Computer Usage
Computers and networks may never be completely safe from security risks but we can follow some simple rules and procedures to try and prevent attacks on our computer systems. Remember that the way you operate your computer has a definite impact on everyone else on the network. A compromised organization's computer can be used to sniff passwords from its neighbors' network traffic or cause poor network performance for other users so it is important to consider the following tips for responsible computer usage to help you mitigate the risks.
Always run up-to-date virus protection
You should make sure that your computer has an anti-virus program and that it is always updated. If it is not evidently running on your PC, you should contact your IT officer. Also, make sure that all the files you send to other people are virus free. Viruses are frequently spread through infected email attachments. So before forwarding an attachment to your colleagues or friends, scan it for viruses.
Check before you install software
While browsing the internet, users may encounter websites that tempt them to install something on their computers. Some software may also be installed without the user's knowledge. These programs may contain spyware or adware. Do not install software that you were not specifically looking for. Some websites trick people into installing programs that claim to improve the performance of their computers. More often than not, the opposite is true. It is also a good practice to research on any software before installing. If you are using a computer at work, do not install unauthorized or personal software. If you need a program installed, ask permission to your IT officer to do so.
Stop sending spam
Are you the type who forwards every joke or cute picture that gets emailed to you? If you are, then you may be considered a spammer. Professional spammers send out millions of email, flooding the network with junk email. This slows down the performance of the entire network. If everyone stops forwarding jokes and chain email, the speed and performance of our networks would greatly improve.
Avoid the use of non-business resource intensive software
Peer to peer programs like Napster, Morpheus and Kazaa are just a few examples of software that slow down computer resources. These programs are non-business tools that are usually a heavy load on the network. They run constantly, and allow people to download files from your computer so you should avoid installing these programs on your computer.
Passwords should be routinely change
The confidentiality of passwords is critical to the protection of any sensitive information and systems. In many cases, passwords offer the first line of defense in stopping unauthorized and malicious users from accessing a user's personal account, or from accessing an organization's systems. It is paramount that the passwords used are adequately protected and remain secret.
It is recommended to change your password routinely as a good practice and it is recommended to use a password that has a minimum of 8 characters. Where possible, passwords should not be identifiable with the user (such as first name, last name, spouse name, friends, relations, colleagues, or other easily guessed names, although you can use names or phrases that you can easily remember that contain a combination of numbers, upper and lower case letters, and non-alphanumeric characters (such as: !@#$%^&*()_~"?><,./\) so the password can be strong. E.g.: theMoon!3*
Never write down your password on a sheet of paper that can be found near your computer. Memorize the password instead. Non-disclosure of passwords: Do not share your password with co-workers since you may be held liable for any misuse or unauthorized activity using your password.
Avoid personal and unauthorized websites
There are some websites that install spyware and adware on your computer without your knowledge. Websites that are known to do this are adult/ sexually explicit sites, hacking sites and sites that distribute pirated software.
Pay attention to the usage and copyright of downloaded files
Check the legality of downloading the information, particularly with respect to copyright permission. If in doubt of the legality, staff members should contact the Center focal point on IP matters for advice.
Do not redistribute downloaded material unless the owner has given permission for them to do so either directly or in the copyright/license terms.
Do not download unlicensed software or violate limitations on the use of particular software as imposed by any license agreements.
Most downloaded software, including shareware and freeware, is copyrighted and subject to license, which sets limitations on its use. Downloading MP3, movie files and games slows down the network. You may also be violating company policy by downloading these files.
Avoid viewing of non-business related streaming media
Streaming media like internet radio or music videos eat up a lot of bandwidth. They run continuously and slow down the network. Avoid using these services if they are non-business related.
Make sure your operating system is patched
The IT departments in the organization are in charge of maintaining your operating system patched, but it is important that you verify that these updates are being implemented successfully because if not updated, your computer may be vulnerable to worms and viruses.
Backup your files
Make sure to regularly backup your most important data and files. Computers are never 100% safe. Even if you get attacked by a hacker or even hardware failure, backing up your data makes recovery much easier. The IT departments usually have some backup procedures in place, so please contact your IT officer for more information about the options in your center.
Be sure to use high-quality media to store your backups. CD-RWs, DVD+RWs, external hard drives are good storage devices you can use.
Keep backup copies in a fireproof and heatproof safe or vault, or offsite (a location separate from the computer site).
Check USB (universal serial bus) memories from virus
USB memories are portable devices that are convenient to transfer files from one place to another. However, it is very easy to get virus transmissions, corruption or loss of data with these devices, so it is recommended to check them before connecting them to your computer in office.
Be careful when transmitting Sensitive or Personal Information
You should not use the Internet to send sensitive information belonging to the center (such as non-public research data or passwords used to gain access to systems and devices within a center) in unencrypted form. This includes the sending of sensitive information using any of the following means: E- mail, Posting to newsgroups or Posting to forums, blogs or websites.
Lock your computer with password when away from your desk
When you leave your workstation unlocked, anyone can assume your identity and gain access to any applications or files that you may have access to. To prevent this, automatic password protection should be invoked after a minimum time period of inactivity (15 minutes recommended) and you should lock your workstation whenever you leave it.