Archive for September, 2016

Common Website Security Issues

September 29, 2016

Website security is one of the major issues faced by businesses of all sizes. Even a minor mistake in website coding may increase the risk of unauthorized access by the hackers. Without proper security measures in place, there are higher chances that the database may be manipulated or the hacker may infiltrate the restricted parts of the website.

Listed below are some common website security issues that business owners need to watch out:

SQL Injection

Structured Query Language (SQL) injection is one of the most prevalent attack vectors used by the cybercriminals. In this, a malicious code is injected to delete important data, steal payment card details, insert spam links into your website or alter sensitive information stored in the back-end database.

Cross-Site Scripting (XSS)

It can be defined as a technique in which the hackers inject a malicious client-side script, usually JavaScript, directly into the website. Once the user visits the infected URL, the code gets executed and allows the hacker with access to the browser’s session tokens as well as cookies or redirect the user to other malicious websites.

Cookie Tampering

Cookies are a vital part of website development that allow users to log in to a website, view personalized ads and promotional offers as well as manage items in a shopping cart. Cookies can also be tampered or hijacked by the cybercriminals to create fake user accounts and capture information of the logged in users. This can ultimately evoke serious consequences for your website, particularly if you do not have any set criterion to validate cookies.

Cross-Site Request Forgery (CSRF)

In a cross-site request forgery, the user is tricked to perform a malicious action when he is logged in to the website. The attack mainly involves two stages – attracting the logged-in users to another malicious website and using their online identity to post spam comments or collect confidential data. Social media websites, online banking portals and web-based email clients are the most common targets for a cross-site request forgery.

Email Form Header Injection

This form of vulnerability is not much common and often overlooked by web developers. It occurs when the hacker injects a malicious code into the website’s contact form to send out bulk emails. This can eventually cause your website, email address and web server to be blacklisted for sending spam emails.

Contact Centex Technologies for complete website security solutions for your business firm in Central Texas.  We can be reached at (855) 375 – 9654.

,

No Comments

Security Risks Of Online Banking

24 September, 2016

Due to the advancement in technology, financial institutions are rapidly shifting their mode of transactions to the internet. Though online banking offers much more convenience and saves you the hassles of visiting the bank, the indiscernible risks associated with it cannot be overlooked. Before accessing your account online or transferring funds over the internet, it is essential that you understand the risks involved to keep yourself protected.

Discussed below are some of the potential security risks of online banking:

Identity Theft

Most banks implement strong security measures to prevent hacking attacks, but your personal computer may not be fully protected. Once you access your account, all your personal information, including account number, social security number, PIN etc., is at risk. The hackers may infect your computer with a malware or use social engineering techniques to acquire your banking details and conduct fraudulent transactions.

Phishing

Phishing is another common attack in which the hacker sends fake emails to compel the users to give out their personal information. These emails often create a sense of urgency and require the user to click on a specific link. When the user clicks on the link, he is redirected to a fake website that looks similar to the bank’s login page. As soon as the user enters his online banking credentials, the information is transmitted to the hacker to be used for malicious purposes.

Keystroke Logging

Your computer system may have a malicious script installed that stealthily records and stores all the keystrokes of the user. This information is then sent to the hacker to get unauthorized access to your online banking account or other websites that require login credentials.

Man-In-The-Browser (MITB) Attack

This type of attack is similar to the man-in-the-middle attack. However, an MITB attack involves the use of Trojan horses to infect the user’s internet browser. The Trojan may be installed by tricking the user to download a software claiming to be a legitimate update. When the user initiates a financial transaction, the Trojan alters the form fields and information submitted to the bank’s website. This change is not visible to user and takes place before SSL encoding. As a result, the hacker gets control of the user’s banking interface, while bypassing all the stringent authentication mechanisms.

Centex Technologies is a leading IT security company in Central Texas. For more information on online banking threats and security measures, feel free to call us at (855) 375 – 9654.

,

No Comments

Importance Of Information Security Training In Organizations

16 September, 2016

Information security is the essence of every organization. With the recent hacking attacks targeted at big business firms, it has become even more important to protect the confidential data. However, despite spending a lot of resources on IT security, entrepreneurs often overlook the risk posed by uninformed personnel within the organization. Proper security training is essential to make them familiar with the latest forms of data breach and the precautions they need to take in order to prevent such attacks.

Given below are some reasons why information security training is important in organizations:

Avoid Potential Risk

When employees attend the IT training classes, they get to know the basics of online browsing risks and safety. This can minimize the potential risks that may arise due to any phishing or social engineering techniques used by the hackers. During the training, the employees can also be made to face a simulated hacking attack, in which they understand the consequences that the entire organization may have the bear.

Train Employees To Stay Safe On The Internet

With proper training, employees can learn about the best practices to improve their online browsing experience, both on the personal and professional front. They will be more careful while downloading any files or program, opening email attachments, using social media accounts, sharing important information over the internet etc. All these will benefit the organization in the long run.

Build A Secure Internal Environment

When you provide complete information security training to all the employees, it maintains an overall secure environment within the organization. They will understand the company’s security policies in a better way and coordinate with the IT staff in case an issue arises. With this, in the event of data breach, the management will be able to take immediate action and diminish the associated financial costs as well as loss of company’s intellectual property.

Responsibility For Company Data

Information security training will also inform employees about their duties and accountabilities towards maintaining confidentiality of the company’s data. They will know what type of data can be shared and with whom. Strong password practices, data encryption, file management and other related polices will be more dedicatedly followed when the employees are aware of their legal and regulatory obligations towards the integrity of the organization’s resources.

We, at Centex Technologies, provide complete information security training to the business firms in Central Texas. For more information, you can call us at (855) 375 – 9654.

,

No Comments

What Are Watering Hole Attacks?

9 September, 2016

Watering hole attack is a relatively new technique used by the hackers and is mainly targeted towards compromising a business’ network security. This type of attack involves exploiting a security vulnerability in a selected website. When the target user visits the website, the attack is initiated and his computer system is infected with the malware. A watering hole attack is quite similar to a drive-by download, except that it is highly targeted and extremely difficult to detect.

How Does A Watering Hole Attack Work?

A watering hole attack typically involves the following steps:

  1. Determine target group
    First, the attacker identifies the target group, who are mainly employees of large business firms and government organizations, to determine the type of websites they are most likely to visit.
  2. Identify Vulnerabilities
    The attacker carefully tests the selected websites for any vulnerabilities that can be exploited. He examines the web servers, ad servers, web apps etc. to pinpoint the security flaws.
  3. Inject Malicious Code
    After the attacker has selected a website to be compromised, he injects a malicious JavaScript or HTML code into it. The code, then, redirects the users to another website that hosts the malware.
  4. Infect The Target Group
    Once the target users visit the website, the malware gets downloaded into their computer systems. It may be in the form of a Remote Access Trojan (RAT) that includes a back door to provide the hacker with complete administrative control of the infected computer.

Tip To Prevent Watering Hole Attacks?

Regular Updating Of Software
Hackers tend to initiate a watering hole attack by exploiting zero-day vulnerabilities in the computer software. Thus, it is recommended to keep your system updated with the latest patches released by genuine software vendors.

Vulnerability Shielding
Watering hole attacks involve following a definite network path to exploit the security flaws in a website. Vulnerability shielding or virtual patching, allows the administrators to monitor traffic and identify any aberrations from the usual protocols. This, in turn, helps to prevent vulnerability exploits.

Using Virtual Private Network
The highly targeted nature of watering hole attacks makes the malware to be active only when a specific set of users visit the website. When you access the internet through a virtual private network (VPN), it hides your IP address and other tracking data so that the malware does not perceive you as a targeted victim.

For more information on watering hole attacks, feel free to contact Centex Technologies at (855) 375 – 9654.

, ,

No Comments