Skip to main content

Posts

Showing posts from February, 2019

How to Stop Facebook App From Tracking Your Location In the Background

Every app installed on your smartphone with permission to access location service "can" continually collect your real-time location secretly, even in the background when you do not use them. Do you know? — Installing the Facebook app on your Android and iOS smartphones automatically gives the social media company your rightful consent to collect the history of your precise location. If you are not aware, there is a setting called "Location History" in your Facebook app that comes enabled by default, allowing the company to track your every movement even when you are not using the social media app. So, every time you turn ON location service/GPS setting on your smartphone, let's say for using Uber app or Google Maps, Facebook starts tracking your location. Users can manually turn Facebook's Location History option OFF from the app settings to completely prevent Facebook from collecting your location data, even when the app is in use. However, unfortunatel

How to Keep Your Mobile Safe from Cyber Threats

Before smartphones were popular, people didn’t take mobile security much seriously. After all, we used to have a few contacts, some classic games,  and  some blurred wallpapers, what was actually stored on our old mobile phones? However, now that everything has changed, a lot of people are using Smartphone’s to perform a lot of tasks from logging into their bank account to company dashboard for their job purpose, mobile security has become more and more important than ever. However, the statistics show that  only 22% of mobile users  take regular security measures, while most just do when it’s convenient. But, as Smartphone users we need to make Smartphone security as our primary priority to keep our mobile safe as possible to avoid any nasty situation later. Once your mobile gets hacked, you are in major financial trouble and as well as your private information. We store everything on our phones which is very handy at the same time it is a concern. Nowadays, hacker

WARNING – New Phishing Attack That Even Most Vigilant Users Could Fall For

How do you check if a website asking for your credentials is fake or legit to log in? By checking if the URL is correct? By checking if the website address is not a homograph? By checking if the site is using HTTPS? Or using software or browser extensions that detect phishing domains? Well, if you, like most Internet users, are also relying on above basic security practices to spot if that " Facebook.com " or " Google.com " you have been served with is fake or not, you may still fall victim to a newly discovered creative phishing attack and end up in giving away your passwords to hackers. Antoine Vincent Jebara , co-founder and CEO of password managing software  Myki , told The Hacker News that his team recently  spotted  a new phishing attack campaign "that even the most vigilant users could fall for." Vincent found that cybercriminals are distributing links to blogs and services that prompt visitors to first " login using Facebook account "

OWASP A10-Unvalidated Redirects and Forwards

Web applications often redirect and forward users to other pages and websites, and use untrusted data to determine the destination pages. Without proper validation, attackers can redirect victims to phishing or malware sites, or use forwards to use unauthorized pages. Sometime, your application may need to redirect to another area by sending a redirect header to the customer in an HTTP response .This method found in applications that divert after an successful  verification. The redirection will be in the login form or the URL. both of which can be messed with by the client.Such redirects may attempt to install malware or trick victims into revealing passwords or other delicate data. Risky forwards may permit get to control bypass. Developers can prevent the weakness by approving client input and furthermore confirming the URL being referred to is really an endorsed target URL. You can use a guide map technique where URLs are mapped to names, for example, landi

Most Important Android Application Penetration Testing Checklist

Android is the biggest organized base of any mobile platform and developing fast—every day. Besides, Android is rising as the most extended operating system in this viewpoint because of different reasons. However, as far as security, no data related to the new vulnerabilities that could prompt to a weak programming on this stage is being revealed, realizing that this stage has an outstanding attack surface. Information gathering Information Gathering is the most basic stride of an application security test. The security test should attempt to test however much of the code base as could reasonably be possible. Therefore mapping every conceivable way through the code to encourage exhaustive testing is principal. General Information. Rundown of general application information. Testing for Common Libraries and Fingerprinting. Rundown of application components and Component authorizations. Reverse Engineering the Application Code. Application Local Storage Flaws

How to build and run a Security Operations Center

Today’s Cyber security operations center (CSOC) should have everything it needs to mount a competent defense of the ever-changing information technology (IT) enterprise. This includes a vast array of sophisticated detection and prevention technologies, a virtual sea of cyber intelligence reporting, and access to a rapidly expanding workforce of talented IT professionals. Yet, most CSOCs continue to fall short in keeping the adversary—even the unsophisticated one—out of the enterprise. Ensuring the confidentiality, integrity, and availability of the modern information technology (IT) enterprise is a big job. It incorporates many tasks, from robust systems engineering and configuration management (CM) to effective cybersecurity or information assurance (IA) policy and comprehensive workforce training. It must also include cybersecurity operations, where a group of people is charged with monitoring and defending the enterprise against all measures of cyber attack.