Nextcloud 16 introduces a number of intelligent features designed to make the users’ lives easier and keep data safe. Suspicious Login Detection uses a locally trained neural network to detect attempts to login by malicious actors. Share recommendations suggests people and groups the user frequently shares with and our new Recommendations app adds a list of files and folders the user might be interested in, based on recent activity on these files and other factors. As this release brings so many improvements, we’ve written 4 other blogs with more details about the main features: Suspicious Login Detection From cutting-edge browser protections like CSP and SSC to password-checks using the online breached-password database by Troy Hunt and unique malware recovery technologies, Nextcloud has been at the forefront of developing solutions to constantly changing security threats. Protecting logins with brute-force protection and 2-factor authentication makes it harder to hack user accounts, but the growing sophistication of attacks makes new, more intelligent protections essential. Nextcloud 16 introduces a brand new solution protecting Nextcloud systems using machine learning to detect suspicious login behavior and warn the user. The Suspicious Login Detection app tracks successful logins on the instance for a set period of time (default is 60 days) and then uses the generated data to train a neural network. As soon as the first model is trained, the app starts classifying logins. Should it detect a password login classified as suspicious by the trained model, it will add an entry to the suspicious_login table, including the timestamp, request id and URL. The user will get a notification and the system administrator will be...
How do deal with cyber security threats? All of us faced some flaws in the operation of our devices: high CPU consumption, lower performance, privacy issues, malware, etc. Some of us even or utilize some identity theft protection services to guarantee one’s online security. Still, there are the things we can’t influence, and everything we can do is to look at the tech giants and cyber security experts who try to eliminate considerable privacy problems. So, let’s dive into the latest Apple cyber security threats. Experts reported the iPhone and iPad vulnerability due to a problem in the mail app Cybersecurity experts have discovered vulnerabilities in Apple’s email app. According to them, these flaws have been present in the app since 2012 and allow hackers to steal data of iPhone and iPad users. Apple’s email app has vulnerabilities that allowed hackers to steal information from different company devices. This conclusion was reached by , who warned the manufacturer about the detected bug. According to experts, this flaw existed since September 2012. Experts have identified several cyber attacks that have been carried out using these vulnerabilities. The first of them took place in January 2018, but the ZecOps assumes that similar attacks could have occurred before. Due to the shortcomings, hackers could send letters with a special attachment, which caused a short failure in the operating system of smartphones or tablets. It allowed hackers to steal user data, including photos and contact details. The ZecOps also claims that the mail app hacking technique was used against users from North America, Japan, Germany, Saudi Arabia, and Israel. The representative of Apple...
Learn about cyber security, why it’s important, and how to get started building a cyber security program in this installment of our Data Protection 101 series. A Definition of Cyber Security Cyber security refers to the body of technologies, processes, and practices designed to protect networks, devices, programs, and data from attack, damage, or unauthorized access. Cyber security may also be referred to as information technology security. The Importance of Cyber Security Cyber security is important because government, military, corporate, financial, and medical organizations collect, process, and store unprecedented amounts of data on computers and other devices. A significant portion of that data can be sensitive information, whether that be intellectual property, financial data, personal information, or other types of data for which unauthorized access or exposure could have negative consequences. Organizations transmit sensitive data across networks and to other devices in the course of doing businesses, and cyber security describes the discipline dedicated to protecting that information and the systems used to process or store it. As the volume and sophistication of cyber attacks grow, companies and organizations, especially those that are tasked with safeguarding information relating to national security, health, or financial records, need to take steps to protect their sensitive business and personnel information. As early as March 2013, the nation’s top intelligence officials cautioned that cyber attacks and digital spying are the top threat to national security, eclipsing even terrorism. Challenges of Cyber Security For an effective cyber security, an organization needs to coordinate its efforts throughout its entire information system. Elements of cyber encompass all of the following: The most difficult challenge in cyber security is...
An engineering graduate from the National University of Sciences & Technology (NUST), Aqsa Kausar has become Pakistan’s first female Google Developer Expert in Machine Learning. Machine Learning is the application of Artificial Intelligence that helps the computer system to predict the outcome and take action accordingly without being explicitly programmed. Aqsa Kausar has done a lot of contribution in her field, she organized workshops in different events including Google DevFest 2018 and Google Cloud Next Extended 2019 held in Islamabad. She was also part of Google’s Machine Learning Train-the-Trainer session recently held in Singapore. Aqsa is currently working with a Software firm Red Buffer. While talking to TechJuice, she said, “Being a part of Red Buffer has helped me immensely in my journey to becoming a GDE. Red Buffer has some of the best talents in Machine Learning & AI including some amazing tech-savvy women. Our CEO Tayyab Tariq has always been highly supportive and encouraging in my GDE journey, often saying “it’s not about you, it’s about how you use what you have to help others.” In her free time, Aqsa also writes blogs on Medium (An online publishing platform) on topics related to Machine Learning. She wants people to learn about this field especially women as she sees a lot of potential in the country. Aqsa told us, “I believe more women should step forward and make use of this amazing opportunity offered by Google, not just for their personal growth and networking, but also to widen the culture of knowledge sharing in Pakistan and to build communities of value.” Google Developer Expert program is globally recognized...
Microsoft introduced Component Object Model (COM) in Windows 3.11 as a method to implement objects that could be used by different frameworks (ActiveX, COM+, DCOM etc.) and in different Windows environments allowing interoperability, inter-process communication and code reuse. Abuse of COM objects enables red teams to execute arbitrary code on behalf of a trusted process. Administrator privileges are not required to perform COM Hijacking since classes in the HKCU registry hive are executed prior to the classes in HKLM. The only exception affects high integrity processes (elevated) which objects are loaded only from HKLM location to prevent elevation of privileges. There are multiple methods that execution of code can be achieved but there are several cases which COM has been used in red teaming scenarios for persistence, lateral movement and defense evasion. Depending on how the malicious code will executed various registry sub-keys are used during COM Hijacking. These are: The above sub-keys are under the following registry hives: Discover COM Keys – Hijack Identification of COM keys that could be used to conduct COM hijacking is trivial and requires the use of Process Monitor in order to discover COM servers which are missing CLSID’s and doesn’t require elevated privileges (HKCU). Process Monitor can be configured with the following filters: COM Hijacking – Process Monitor Filters Opening files and executing tasks like a standard user will produce a list with COM keys that could be hijacked in order to load an arbitrary library to a trusted process. COM Hijacking – Process Monitor Results The results could be used directly or exported in various formats like CSV and XML. Process...
Web Application Pentesting is a method of identifying, analyzing and Report the vulnerabilities which are existing in the Web application including buffer overflow, input validation, code Execution, Bypass Authentication, SQL Injection, CSRF, Cross-site scripting in the target web Application which is given for Penetration Testing. Repeatable Testing and Conduct a serious method One of the Best Method conduct Web Application Penetration Testing for all kind of web application vulnerabilities. Web Application Penetration Testing Checklist Information Gathering 1. Retrieve and Analyze the robot.txt files by using a tool called GNU Wget. 2. Examine the version of the software. database Details, the error technical component, bugs by the error codes by requesting invalid pages. 3. Implement techniques such as DNS inverse queries, DNS zone Transfers, web-based DNS Searches. 4. Perform Directory style Searching and vulnerability scanning, Probe for URLs, using tools such as NMAP and Nessus. 5. Identify the Entry point of the application using Burp Proxy, OWSAP ZAP, TemperIE, WebscarabTemper Data. 6. By using traditional Fingerprint Tool such as Nmap, Amap, perform TCP/ICMP and service Fingerprinting. 7.By Requesting Common File Extension such as.ASP,EXE, .HTML, .PHP ,Test for recognized file types/Extensions/Directories. 8. Examine the Sources code From the Accessing Pages of the Application front end. Authentication Testing 1. Check if it is possible to “reuse” the session after Logout.also check if the application automatically logs out a user has idle for a certain amount of time. 2. Check whether any sensitive information Remain Stored stored in browser cache. 3. Check and try to Reset the password, by social engineering crack secretive questions and guessing. 4.check if the “Remember my password” Mechanism...
ruby on rails developer singapore,mobile apps development singapore,singapore web development,singapore app developer,mobile application development singapore,design firms in singapore,singapore website design,android developer singapore,design agency singapore,web development company singapore,web designer singapore,web development singapore,singapore web design,developers in singapore,graphic designer in singapore,web design singapore,web design company singapore,mobile app development singapore,singapore web design services,mobile game developer singapore,ios app development singapore,ios developer singapore,mobile developer singapore,web application singapore,website design singapore,singapore mobile application developer,app development singapore,web design services singapore,website designer singapore,mobile app developer singapore,developer in singapore,website development singapore,singapore mobile app developer,mobile application developer singapore,mobile apps singapore,website developer singapore,app developer singapore
