Adding black-out bikinis to nudie pics like that one guy on that drawing board I was on as a teenager lol. Anyways here’s some nymphs that are Not scheming anything. Left to right we got Meilo (she), Lane (he), Zoziel (any) and Emyl (they). Promise they’re normally clothed.

Original Post from Security Affairs Author: Pierluigi Paganini

The Human Factor has a fundamental importance for the success of a cyber attack, for this reason it is important to create a culture of cyber security within organizations.

Every day we see a large number of tools being implemented within enterprises and institutions due to the need to keep their environments more secure, along with this implementation of tools comes a series of responsibilities to make resources be used efficiently and effectively, generating the results expected by the Analysts, Managers, and Management. When we speak of a corporate environment there are a number of tools that we can find, such as Web Application Firewall (WAF), Intrusion Prevention Service (IPS), Antispam, Antivirus, Firewall, Web Filter / Application Control, DLP (Data Loss Prevent) Switches, Routers and etc. Each of these tools has its characteristic and function within the corporate environment, being well configured generate results and metrics that help managers make decisions for environment/business growth, security improvement, and others.

In recent years there has been a significant increase in cyber attacks and attempts to exploit vulnerabilities, attackers have increasingly studied CVEs (Common Vulnerabilities and Exposures) based on this knowledge to try to exploit, invade and exfilt data from companies or individuals. When implementing a security tool within a company, it is necessary to pay attention to some points that go beyond the implementation project, some of these points are maintenance and updating of the tool following the good practices of the manufacturer. A very common error that occurs today and makes many companies vulnerable to attacks is that they only care about the tool in the implementation process, after that the points mentioned above that require constant attention during the tool life cycle inside the company are forgotten and make the environment susceptible to attacks and exploitations.

Some points that make environments vulnerable:

Old tools.

Outdated tools.

Poor resource management.

Human factor.

From these points mentioned above, I would like to draw attention to the ‘Human Factor’, due to the technological growth, it became fundamental the importance of creating a culture of security policy in the day to day of the collaborators. Companies are investing more and more in lectures, training and workshops to try to reduce an attack or invasion is caused by the human factor, when we speak of human factor can be exemplified as follows: the attacker sends an email with a supposed advertisement or promotion and in it comes a link that will direct the user to this “promotion”, but when in fact it is a malicious link (this attack is called Phishing), the user may be infected with some Malware and from that machine the attacker has internal access and begins to make lateral movements in an attempt to exploit or compromise the company environment. Every day we see research being done by tool makers showing that most of the attacks that occur still have the human factor, that is, a user who is not prepared to identify some simple types of attacks, such as phishing and that can compromise the entire security of the company.

There are currently three most commonly used types of Phishing attacks:

Mass-Scale Phishing: Attack where fraudsters launch an extensive network of attacks that are not highly targeted

Spear Phishing: Tailor-made for a specific victim or group of victims using personal details.

Whaling: A specialized type of spear phishing that targets a “large” victim of a company, for example CEO, CFO or other executive.

Below we have the anatomy of a phishing attack:

About the author: Zoziel Freire

Cyber Security Analyst Content Writer of the portal: www.infosectrain.com Analyst document’s malicious CompTIA Security Analytics Professional LPIC-3 Enterprise Linux Professionals CompTIA Cybersecurity Analyst Linkedin: https://www.linkedin.com/in/zozielfreire/

window._mNHandle = window._mNHandle || {}; window._mNHandle.queue = window._mNHandle.queue || []; medianet_versionId = "3121199";

try { window._mNHandle.queue.push(function () { window._mNDetails.loadTag("762221962", "300x250", "762221962"); }); } catch (error) {}

Pierluigi Paganini

(SecurityAffairs – Human Factor, cybersecurity)

Twitter: https://twitter.com/zoziel

The post Using the Human Factor in Cyber Attacks appeared first on Security Affairs.

#gallery-0-6 { margin: auto; } #gallery-0-6 .gallery-item { float: left; margin-top: 10px; text-align: center; width: 33%; } #gallery-0-6 img { border: 2px solid #cfcfcf; } #gallery-0-6 .gallery-caption { margin-left: 0; } /* see gallery_shortcode() in wp-includes/media.php */

Go to Source Author: Pierluigi Paganini Using the Human Factor in Cyber Attacks Original Post from Security Affairs Author: Pierluigi Paganini The Human Factor has a fundamental importance for the success of a cyber attack, for this reason it is important to create a culture of cyber security within organizations.

Original Post from Security Affairs Author: Pierluigi Paganini

In the last few days I have done some analysis on malicious documents, especially PDF. Then I thought, “Why not turn a PDF analysis into an article?”

Let’s go to our case study:

I received a scan request for a PDF file that was reported to support an antivirus vendor, and it replied that the file was not malicious. Because the manufacturer’s analysis was not satisfactory, the team responsible for handling the incident requested a second opinion, since in other anti-virus tools the document was reported to be malicious. The team needed evidence to prove the risk involved in the file.

While conducting an initial analysis on the file, I identified that I had something suspicious:

After an analysis in the structure of objects of the PDF it is possible to identify a malicious URL that is executed during the process of opening the document, that is to say, when the user opens the file in his station it executes of conceal form the call of the URL as shown below :

When performing a domain verification it is possible to reach the IP bound to it:

When performing a URL reputation analysis, a malicious history is identified:

When performing an IP reputation analysis, a malicious history is identified:

The interesting thing is to think that years ago we would never say that infection would be possible through malicious code, URL, shellcode, through obfuscation inside documents like PDF, DOC, DOCx, XLS, XLSx and PPT. Most security tools must always be adapted to this new reality of attack and infection.

It is essential that security professionals are increasingly able to work with this type of analysis that the antivirus tool is not usually able to do, I leave here the hint about the importance of studying malicious document analysis.

About the author: Zoziel Freire

Cyber Security Analyst Content Writer of the portal: www.infosectrain.com Analyst document’s malicious CompTIA Security Analytics Professional LPIC-3 Enterprise Linux Professionals CompTIA Cybersecurity Analyst Linkedin: https://www.linkedin.com/in/zozielfreire/

Twitter: https://twitter.com/zoziel

window._mNHandle = window._mNHandle || {}; window._mNHandle.queue = window._mNHandle.queue || []; medianet_versionId = "3121199";

try { window._mNHandle.queue.push(function () { window._mNDetails.loadTag("762221962", "300x250", "762221962"); }); } catch (error) {}

Pierluigi Paganini

(SecurityAffairs – PDF analysis, hacking)

The post Malicious PDF Analysis appeared first on Security Affairs.

Go to Source Author: Pierluigi Paganini Malicious PDF Analysis Original Post from Security Affairs Author: Pierluigi Paganini In the last few days I have done some analysis on malicious documents, especially PDF.