Spear phishing attacks target individuals within an organization using personalized emails to trick them into revealing sensitive information or clicking malicious links. One such attack began when a worker clicked a spear phishing link, allowing attackers to access the network. The attackers then used information from the Active Directory to identify databases and steal large amounts of personal information, including social security numbers and birth dates. Organizations need integrated security solutions across email and other vectors to detect and block these advanced targeted attacks involving spear phishing and credentials theft. FireEye Email Security aims to provide more effective protection against these types of email-based cyberattacks.
This document provides an overview of a presentation by Marco Morana from OWASP on developing an OWASP Application Security Guide for Chief Information Security Officers (CISOs). The presentation covers the need for such a guide given the evolving roles and responsibilities of CISOs. It outlines the guide's structure and contents to provide CISOs with strategic guidance on application security processes, metrics, and technology selection. A four step project plan is also presented for creating the guide based on input from the security community and CISO surveys.
The document discusses several cybersecurity threats facing the public sector, including data loss, insider threats, cyber espionage, phishing, and ransomware. It provides statistics on data breaches and security incidents affecting the public sector in areas like personal data compromised, compliance issues, and responsibility for incidents. The top 5 threats are identified as ransomware, insider threats, distributed denial of service attacks, cyber espionage, and phishing. Solutions from Seqrite that can help mitigate these threats include endpoint security, unified threat management, mobile device management, and data loss prevention.
Top 5 Cybersecurity Threats in Retail IndustrySeqrite
The document discusses cybersecurity threats facing the retail industry. It notes that the retail industry suffered 215 data breaches in 2016, with an average cost of $172 per compromised record. Common cyber attacks on retail companies include malware, data theft, distributed denial of service (DDoS) attacks, phishing, and vulnerabilities from internet of things devices. Seqrite provides cybersecurity solutions like endpoint security, unified threat management, mobile device management, and data loss prevention to help mitigate these threats.
The document provides an overview of the history of cybersecurity threats dating back to the 1970s. It discusses several notable early cyber attacks and issues, including the first computer worm in 1971, the Morris worm of 1988 which was the first large-scale Internet worm and one of the first computer viruses, the ILOVEYOU worm of 2000 which infected over 10 million Windows users worldwide within few days, and the increasing issues of phishing, malware, and SQL injection attacks over the decades. It also outlines some common types of cybersecurity practices like network security, data loss prevention, and intrusion detection/prevention. Finally, it discusses the growing opportunities in cybersecurity field given the increasing threats and investments by organizations.
This document discusses cyber security threats and best practices for businesses. It notes that cyber attacks are often motivated by monetary gain through theft of credit card numbers, identities, or demands for ransom. Common attack methods include malvertising, account hijacking, SQL injections, and DDoS attacks. The document recommends that businesses implement security protocols, educate employees, prepare for potential attacks, protect sensitive data, and establish best practices like password protecting networks. It also notes that cyber security is a growing field with many job opportunities.
When money is the at the top of the mind of
cybercriminals, where do they turn their heads to? The
Banking Sector. This SlideShare takes you through the top 5 cybersecurity risks that banks and other financial firms face today.
Cybersecurity Challenges in Retail 2020: How to Prevent Retail TheftIntellias
While retailers keep opening new stores, hackers continue mastering their skills.
What cybersecurity challenges should the retail industry expect in 2020? It is time to reveal trends and prepare to fight upcoming attacks.
Learn the details: https://www.intellias.com/retail-security-challenges-in-2020-in-depth-security-coverage-to-prevent-retail-theft/
This document provides an overview of a presentation by Marco Morana from OWASP on developing an OWASP Application Security Guide for Chief Information Security Officers (CISOs). The presentation covers the need for such a guide given the evolving roles and responsibilities of CISOs. It outlines the guide's structure and contents to provide CISOs with strategic guidance on application security processes, metrics, and technology selection. A four step project plan is also presented for creating the guide based on input from the security community and CISO surveys.
The document discusses several cybersecurity threats facing the public sector, including data loss, insider threats, cyber espionage, phishing, and ransomware. It provides statistics on data breaches and security incidents affecting the public sector in areas like personal data compromised, compliance issues, and responsibility for incidents. The top 5 threats are identified as ransomware, insider threats, distributed denial of service attacks, cyber espionage, and phishing. Solutions from Seqrite that can help mitigate these threats include endpoint security, unified threat management, mobile device management, and data loss prevention.
Top 5 Cybersecurity Threats in Retail IndustrySeqrite
The document discusses cybersecurity threats facing the retail industry. It notes that the retail industry suffered 215 data breaches in 2016, with an average cost of $172 per compromised record. Common cyber attacks on retail companies include malware, data theft, distributed denial of service (DDoS) attacks, phishing, and vulnerabilities from internet of things devices. Seqrite provides cybersecurity solutions like endpoint security, unified threat management, mobile device management, and data loss prevention to help mitigate these threats.
The document provides an overview of the history of cybersecurity threats dating back to the 1970s. It discusses several notable early cyber attacks and issues, including the first computer worm in 1971, the Morris worm of 1988 which was the first large-scale Internet worm and one of the first computer viruses, the ILOVEYOU worm of 2000 which infected over 10 million Windows users worldwide within few days, and the increasing issues of phishing, malware, and SQL injection attacks over the decades. It also outlines some common types of cybersecurity practices like network security, data loss prevention, and intrusion detection/prevention. Finally, it discusses the growing opportunities in cybersecurity field given the increasing threats and investments by organizations.
This document discusses cyber security threats and best practices for businesses. It notes that cyber attacks are often motivated by monetary gain through theft of credit card numbers, identities, or demands for ransom. Common attack methods include malvertising, account hijacking, SQL injections, and DDoS attacks. The document recommends that businesses implement security protocols, educate employees, prepare for potential attacks, protect sensitive data, and establish best practices like password protecting networks. It also notes that cyber security is a growing field with many job opportunities.
When money is the at the top of the mind of
cybercriminals, where do they turn their heads to? The
Banking Sector. This SlideShare takes you through the top 5 cybersecurity risks that banks and other financial firms face today.
Cybersecurity Challenges in Retail 2020: How to Prevent Retail TheftIntellias
While retailers keep opening new stores, hackers continue mastering their skills.
What cybersecurity challenges should the retail industry expect in 2020? It is time to reveal trends and prepare to fight upcoming attacks.
Learn the details: https://www.intellias.com/retail-security-challenges-in-2020-in-depth-security-coverage-to-prevent-retail-theft/
Emerging application and data protection for cloudUlf Mattsson
Webcast title :
Emerging Application and Data Protection for Cloud
Description :
With sensitive data residing everywhere, organizations becoming more mobile, and the breach epidemic growing, the need for advanced identity and data protection solutions has become even more critical.
Learn about Data Protection solutions for enterprise.
Learn about the new trends in Data Masking, Tokenization and Encryption.
Learn about new Standards for masking from ISO and NIST.
Learn about the new API Economy and how to control access to sensitive data — both on-premises, and in public and private clouds.
How To Protect Your Website From Bot Attacks is a one-hour continuing education course. After successfully completing the course and final exam, you will be awarded a certificate of completion that you can use towards fulfilling your continuing education requirements.
According to the Verizon DBIR 2017, 61% of data breach victims in 2016 were small businesses with under 1000 employees. Data Loss Prevention (DLP) technology helps enterprises minimize data leakage threats and prevent sensitive information like employee information, client data, intellectual property, and financial data from leaving a corporate network, which could occur due to human error, USB drives, cloud storage, email, or network sharing. DLP provides enhanced protection across Windows and Mac platforms, centralized management and visibility of policies, monitoring of data transfer through multiple channels, and real-time notifications and reports on data flows.
"How To Defeat Advanced Malware: New Tools for Protection and Forensics" is a FREE continuing education class that has been designed specifically for CIO's, CTO's, CISO's and senior executives who work within the financial industry and are responsible for their company's endpoint protection.
[Infographic] 7 Cyber attacks that shook the worldSeqrite
The document summarizes 7 major cyber attacks that shook the world:
1. In 2006, a data breach at the Veteran Administration exposed personal information of 26.5 million US military personnel.
2. The 2017 WannaCry ransomware attack spread to over 150 countries through unpatched Microsoft Windows systems, encrypting user data and causing $4 billion in damages.
3. Ransomware attacks are becoming more advanced and sophisticated over time.
4. A 2011 data breach at marketing firm Epsilon resulted in theft of email accounts and personal details from thousands of customers, causing $225 million in damages.
Inside The 10 Biggest and Boldest Insider Threats of 2019-2020Proofpoint
Insider threats come in all shapes and sizes and affect organizations across all industries and geographies. Understanding the motives behind them is key to defense.
One of the best ways to do this is to study some of the bold, headline-generating insider threats that have taken place recently, like the big Twitter debacle of July 2020. This is just one example of what has become a very common problem.
Survey of different Web Application Attacks & Its Preventive MeasuresIOSR Journals
This document summarizes different types of web application attacks and proposed preventative measures. It discusses denial of service (DOS) attacks, cross-site scripting (XSS) attacks, SQL injection attacks, and request encoding attacks that have occurred from 2012-2014. Statistics on the financial impact of these attacks on various industries are provided. The document then proposes solutions to prevent DOS attacks, XSS attacks, SQL injection attacks, and request encoding attacks. These include implementing input validation, output encoding, access control, and encryption. Overall, the document aims to survey common web application attacks and identify best practices for building secure applications.
This course focuses on SCADA/ ICS systems. The title of this course is: Advanced Threat Detection in ICS – SCADA Environments.
In this course we take a look at the effectiveness of honeypots within a SCADA/ ICS context. A honeypot typically consists of data, or a network site that appears to be part of the organization’s network, but is actually isolated and monitored, and which seems to contain information or a resource of value to attackers.
The document summarizes the top 5 security risks in banking:
1. Insider threats from employees or third parties with access pose the main risk, responsible for 82% of breaches. A notable example is the 2015 Morgan Stanley data theft.
2. Poor cybersecurity investments, with most banks focusing on products rather than comprehensive defense strategies, leave them vulnerable to unknown threats.
3. Legacy technology systems, which 92% of banks say will hamper combating financial crime. Attackers have benefited from banks' outdated systems.
4. Malware, frauds, and data breaches have increased significantly. 40% of financial transactions now occur on mobile devices, increasing fraud risks.
5. Un
Cyber Threat Intelligence (CTI) primarily focuses on analysing raw data gathered from recent and past events to monitor, detect and prevent threats to an organisation, shifting the focus from reactive to preventive intelligent security measures.
The document discusses hacking web applications and is divided into several sections. It begins with concepts of web applications, then covers web application threats. Next it describes the methodology for hacking web applications and the tools used. It then discusses countermeasures, security tools, and concludes with web application penetration testing. The overall objective is to highlight vulnerabilities in web applications and the attacks that exploit them, as well as methods for defense.
August 2017 - Anatomy of a Cyber Attackerseadeloitte
This document discusses different types of cyber attackers:
- White hat hackers work legally with permission to find security vulnerabilities and help organizations. Examples include Steve Wozniak and Linus Torvalds.
- Black hat hackers exploit vulnerabilities illegally for personal gain or malicious reasons, like Vladimir Levin and Lizard Squad.
- Grey hat hackers toe the line of ethics and sometimes commit crimes covertly without notifying administrators. Examples are Robert Morris and Kevin Mitnick.
- Hacktivism involves hacking to convey social/political messages, such as Anonymous website defacements to oppose censorship.
This document discusses threats in social media according to a 2019 study. It finds that most adults use social media daily and have privacy/security concerns. Facebook is the most popular platform but 2 in 5 users are very concerned about privacy/security on it, and 1 in 5 have stopped using it due to such concerns. The document outlines key social media threats like data breaches, phishing/malware, catfishing/deception, and cyberbullying. It provides examples of each and advises users to take precautions like using strong passwords and privacy settings.
The document summarizes a data breach that occurred at Target Corporation between November and December 2013. Hackers installed malware on Target's point-of-sale systems that stole payment card information for over 110 million customers. This led to fraudulent purchases and significant costs for Target, including a $1 billion estimated total cost, 25% drop in stock price, resignation of the CEO, and closure of some stores. The document outlines the nature of the attack, malware used, response by Target, and implications for digital security leadership.
Cyber Security: User Access Pitfalls, A Case Study Approach Aviva Spectrum™
Worried your passwords are not strong enough for today’s sophisticated hackers? Cyber security breaches happen every day, as evidenced in recent headlines. Presentation covers key User Access threats both internal and external and ways to protect yourself and your company from malicious hackers. Learn from key case studies.
The document summarizes an internship done by Abhilash Yadav from July 7th to August 29th. It was divided into the following phases:
- Introduction to cybersecurity, OS & networking from July 7th-15th
- Setting up a lab environment and learning about OS security, social engineering and cryptography from July 15th- August 4th
- Learning about web application security, OWASP top 10 and insecure networking from August 4th-12th
- Discussing major and minor projects from August 12th-18th
- Doubt removal and discussing future career paths from August 18th-29th
M-Trends® 2013: Attack the Security GapFireEye, Inc.
Mandiant’s annual threat report reveals evolving trends, case studies and best practices gained from Mandiant observations to targeted attacks in the last year. The report, compiled from hundreds of Mandiant advanced threat investigations, also includes approaches that organizations can take to improve the way they detect, respond to, and contain complex breaches. For the latest M-Trends report, https://www.fireeye.com/mtrends.
Cyber 101: An introduction to privileged access managementseadeloitte
Privileged access management (PAM) is the combination of tools and technology used to secure, control, and monitor access to an organization's critical information and resources. PAM solutions typically include an access manager to control employee access, a session manager to monitor privileged user actions, and a password manager to protect and enforce password policies. PAM is important because the majority of data breaches start with privileged credential abuse, and it can help organizations comply with regulations, recover from attacks faster, and save both time and money.
The document discusses ethical hacking. It begins by defining hacking and different types of hackers, including white hat, black hat, and grey hat hackers. It then defines ethical hacking as hacking done with consent and for beneficial purposes, such as identifying security vulnerabilities. The document outlines the techniques used in ethical hacking, including information gathering, vulnerability scanning, exploitation, and analysis. It discusses the importance of ethical hacking for organizations and the code of conduct ethical hackers follow. Overall, the document provides an overview of ethical hacking, its purpose, and the methods used.
IRJET- Phishing Attack based on Visual CryptographyIRJET Journal
This document proposes a novel anti-phishing framework based on visual cryptography to address the problem of phishing. It involves using an image-based authentication with visual cryptography. When a user registers, an image captcha is selected and decomposed into two shares - one stored with the user and one with the server. This prevents either party from seeing the full captcha alone. When logging in, the shares are combined to reveal the original captcha image for the user to enter as a password. This allows the user to verify the authenticity of the website before entering credentials, protecting against phishing attacks. The proposed system aims to improve online security for tasks like corporate elections that currently require in-person voting.
Credential Harvesting Using Man in the Middle Attack via Social EngineeringIRJET Journal
The document discusses credential harvesting using man-in-the-middle attacks via social engineering. It proposes a system to help train internet users about cyber threats like phishing attacks. The system includes cloned social networking sites with two-factor authentication templates to simulate phishing attacks. This allows users to experience how attackers can bypass security mechanisms to steal credentials even when two-factor authentication is used, if the user is not aware of security best practices. Survey results show many users are unfamiliar with cybersecurity terms and concepts like phishing. The proposed system aims to educate users through interactive simulations of phishing techniques.
Emerging application and data protection for cloudUlf Mattsson
Webcast title :
Emerging Application and Data Protection for Cloud
Description :
With sensitive data residing everywhere, organizations becoming more mobile, and the breach epidemic growing, the need for advanced identity and data protection solutions has become even more critical.
Learn about Data Protection solutions for enterprise.
Learn about the new trends in Data Masking, Tokenization and Encryption.
Learn about new Standards for masking from ISO and NIST.
Learn about the new API Economy and how to control access to sensitive data — both on-premises, and in public and private clouds.
How To Protect Your Website From Bot Attacks is a one-hour continuing education course. After successfully completing the course and final exam, you will be awarded a certificate of completion that you can use towards fulfilling your continuing education requirements.
According to the Verizon DBIR 2017, 61% of data breach victims in 2016 were small businesses with under 1000 employees. Data Loss Prevention (DLP) technology helps enterprises minimize data leakage threats and prevent sensitive information like employee information, client data, intellectual property, and financial data from leaving a corporate network, which could occur due to human error, USB drives, cloud storage, email, or network sharing. DLP provides enhanced protection across Windows and Mac platforms, centralized management and visibility of policies, monitoring of data transfer through multiple channels, and real-time notifications and reports on data flows.
"How To Defeat Advanced Malware: New Tools for Protection and Forensics" is a FREE continuing education class that has been designed specifically for CIO's, CTO's, CISO's and senior executives who work within the financial industry and are responsible for their company's endpoint protection.
[Infographic] 7 Cyber attacks that shook the worldSeqrite
The document summarizes 7 major cyber attacks that shook the world:
1. In 2006, a data breach at the Veteran Administration exposed personal information of 26.5 million US military personnel.
2. The 2017 WannaCry ransomware attack spread to over 150 countries through unpatched Microsoft Windows systems, encrypting user data and causing $4 billion in damages.
3. Ransomware attacks are becoming more advanced and sophisticated over time.
4. A 2011 data breach at marketing firm Epsilon resulted in theft of email accounts and personal details from thousands of customers, causing $225 million in damages.
Inside The 10 Biggest and Boldest Insider Threats of 2019-2020Proofpoint
Insider threats come in all shapes and sizes and affect organizations across all industries and geographies. Understanding the motives behind them is key to defense.
One of the best ways to do this is to study some of the bold, headline-generating insider threats that have taken place recently, like the big Twitter debacle of July 2020. This is just one example of what has become a very common problem.
Survey of different Web Application Attacks & Its Preventive MeasuresIOSR Journals
This document summarizes different types of web application attacks and proposed preventative measures. It discusses denial of service (DOS) attacks, cross-site scripting (XSS) attacks, SQL injection attacks, and request encoding attacks that have occurred from 2012-2014. Statistics on the financial impact of these attacks on various industries are provided. The document then proposes solutions to prevent DOS attacks, XSS attacks, SQL injection attacks, and request encoding attacks. These include implementing input validation, output encoding, access control, and encryption. Overall, the document aims to survey common web application attacks and identify best practices for building secure applications.
This course focuses on SCADA/ ICS systems. The title of this course is: Advanced Threat Detection in ICS – SCADA Environments.
In this course we take a look at the effectiveness of honeypots within a SCADA/ ICS context. A honeypot typically consists of data, or a network site that appears to be part of the organization’s network, but is actually isolated and monitored, and which seems to contain information or a resource of value to attackers.
The document summarizes the top 5 security risks in banking:
1. Insider threats from employees or third parties with access pose the main risk, responsible for 82% of breaches. A notable example is the 2015 Morgan Stanley data theft.
2. Poor cybersecurity investments, with most banks focusing on products rather than comprehensive defense strategies, leave them vulnerable to unknown threats.
3. Legacy technology systems, which 92% of banks say will hamper combating financial crime. Attackers have benefited from banks' outdated systems.
4. Malware, frauds, and data breaches have increased significantly. 40% of financial transactions now occur on mobile devices, increasing fraud risks.
5. Un
Cyber Threat Intelligence (CTI) primarily focuses on analysing raw data gathered from recent and past events to monitor, detect and prevent threats to an organisation, shifting the focus from reactive to preventive intelligent security measures.
The document discusses hacking web applications and is divided into several sections. It begins with concepts of web applications, then covers web application threats. Next it describes the methodology for hacking web applications and the tools used. It then discusses countermeasures, security tools, and concludes with web application penetration testing. The overall objective is to highlight vulnerabilities in web applications and the attacks that exploit them, as well as methods for defense.
August 2017 - Anatomy of a Cyber Attackerseadeloitte
This document discusses different types of cyber attackers:
- White hat hackers work legally with permission to find security vulnerabilities and help organizations. Examples include Steve Wozniak and Linus Torvalds.
- Black hat hackers exploit vulnerabilities illegally for personal gain or malicious reasons, like Vladimir Levin and Lizard Squad.
- Grey hat hackers toe the line of ethics and sometimes commit crimes covertly without notifying administrators. Examples are Robert Morris and Kevin Mitnick.
- Hacktivism involves hacking to convey social/political messages, such as Anonymous website defacements to oppose censorship.
This document discusses threats in social media according to a 2019 study. It finds that most adults use social media daily and have privacy/security concerns. Facebook is the most popular platform but 2 in 5 users are very concerned about privacy/security on it, and 1 in 5 have stopped using it due to such concerns. The document outlines key social media threats like data breaches, phishing/malware, catfishing/deception, and cyberbullying. It provides examples of each and advises users to take precautions like using strong passwords and privacy settings.
The document summarizes a data breach that occurred at Target Corporation between November and December 2013. Hackers installed malware on Target's point-of-sale systems that stole payment card information for over 110 million customers. This led to fraudulent purchases and significant costs for Target, including a $1 billion estimated total cost, 25% drop in stock price, resignation of the CEO, and closure of some stores. The document outlines the nature of the attack, malware used, response by Target, and implications for digital security leadership.
Cyber Security: User Access Pitfalls, A Case Study Approach Aviva Spectrum™
Worried your passwords are not strong enough for today’s sophisticated hackers? Cyber security breaches happen every day, as evidenced in recent headlines. Presentation covers key User Access threats both internal and external and ways to protect yourself and your company from malicious hackers. Learn from key case studies.
The document summarizes an internship done by Abhilash Yadav from July 7th to August 29th. It was divided into the following phases:
- Introduction to cybersecurity, OS & networking from July 7th-15th
- Setting up a lab environment and learning about OS security, social engineering and cryptography from July 15th- August 4th
- Learning about web application security, OWASP top 10 and insecure networking from August 4th-12th
- Discussing major and minor projects from August 12th-18th
- Doubt removal and discussing future career paths from August 18th-29th
M-Trends® 2013: Attack the Security GapFireEye, Inc.
Mandiant’s annual threat report reveals evolving trends, case studies and best practices gained from Mandiant observations to targeted attacks in the last year. The report, compiled from hundreds of Mandiant advanced threat investigations, also includes approaches that organizations can take to improve the way they detect, respond to, and contain complex breaches. For the latest M-Trends report, https://www.fireeye.com/mtrends.
Cyber 101: An introduction to privileged access managementseadeloitte
Privileged access management (PAM) is the combination of tools and technology used to secure, control, and monitor access to an organization's critical information and resources. PAM solutions typically include an access manager to control employee access, a session manager to monitor privileged user actions, and a password manager to protect and enforce password policies. PAM is important because the majority of data breaches start with privileged credential abuse, and it can help organizations comply with regulations, recover from attacks faster, and save both time and money.
The document discusses ethical hacking. It begins by defining hacking and different types of hackers, including white hat, black hat, and grey hat hackers. It then defines ethical hacking as hacking done with consent and for beneficial purposes, such as identifying security vulnerabilities. The document outlines the techniques used in ethical hacking, including information gathering, vulnerability scanning, exploitation, and analysis. It discusses the importance of ethical hacking for organizations and the code of conduct ethical hackers follow. Overall, the document provides an overview of ethical hacking, its purpose, and the methods used.
IRJET- Phishing Attack based on Visual CryptographyIRJET Journal
This document proposes a novel anti-phishing framework based on visual cryptography to address the problem of phishing. It involves using an image-based authentication with visual cryptography. When a user registers, an image captcha is selected and decomposed into two shares - one stored with the user and one with the server. This prevents either party from seeing the full captcha alone. When logging in, the shares are combined to reveal the original captcha image for the user to enter as a password. This allows the user to verify the authenticity of the website before entering credentials, protecting against phishing attacks. The proposed system aims to improve online security for tasks like corporate elections that currently require in-person voting.
Credential Harvesting Using Man in the Middle Attack via Social EngineeringIRJET Journal
The document discusses credential harvesting using man-in-the-middle attacks via social engineering. It proposes a system to help train internet users about cyber threats like phishing attacks. The system includes cloned social networking sites with two-factor authentication templates to simulate phishing attacks. This allows users to experience how attackers can bypass security mechanisms to steal credentials even when two-factor authentication is used, if the user is not aware of security best practices. Survey results show many users are unfamiliar with cybersecurity terms and concepts like phishing. The proposed system aims to educate users through interactive simulations of phishing techniques.
Credential Harvesting Using Man in the Middle Attack via Social EngineeringIRJET Journal
This document proposes a system to help train internet users about cybersecurity threats like phishing attacks. It describes how phishing works, involving sending fake messages to trick users into revealing passwords or other sensitive data. Existing phishing toolkits require technical setup and expertise, so the proposed system creates a simple, menu-driven toolkit using cloned social media sites to simulate phishing attacks. This allows even novice users to experience phishing attacks to increase their cybersecurity awareness, as people are often the weakest link and can be exploited through social engineering. The goal is to educate more internet users about common threats and risks, since many are unaware of basic security practices.
IRJET- Enhancement in Netbanking SecurityIRJET Journal
This document discusses enhancing security for online banking. It describes some existing security issues with online banking such as passwords being vulnerable to attacks like phishing. The proposed system aims to provide two-factor authentication for online banking login by adding a secret question step before transactions. This would help filter out unauthorized users at the login phase before they can access transactions. The system would use time-based one-time passwords and secret questions that only the real user can answer to authenticate users in a secure manner. The integration of these components is expected to significantly improve online banking security.
This document proposes a Cyber Investigation Portal to help investigators monitor criminal activities online and investigate cybercrimes. The portal would collect logs of criminals' online activities through malware installed on their devices without detection. It would send logs and device screenshots to investigators to aid investigations. The portal aims to address issues that make cybercrimes difficult to investigate, such as crossing legal jurisdictions. It would collect threat intelligence, investigate cases, and conduct awareness campaigns. The document outlines the system architecture, including a backend that uses machine learning to detect incidents and fraud patterns from a security database.
IRJET- Cloud-Based Optimisation Approach to Joint Cyber Security and Insu...IRJET Journal
This document summarizes a research paper that proposes a joint approach to cyber security and cyber insurance management in cloud computing. The system detects cyber attacks, calculates the amount of data breached, and notifies both the cloud user and insurance management system. The insurance system then compensates the user based on their insurance package. If a large attack occurs, the user is asked to upgrade their insurance. The paper outlines the existing approach of separate security and insurance systems, and proposes a new system that links security-as-a-service providers with an insurance management process to optimize protection against attacks and provide compensation in the event of data loss or breach.
Phishing Detection using Decision Tree ModelIRJET Journal
This document summarizes a research paper that proposes detecting phishing websites using a decision tree machine learning model. It begins by defining phishing attacks and their goal of stealing user data. It then describes extracting features from URLs to train a decision tree classifier, which achieved 95% accuracy in distinguishing real from phishing websites. The model was tested on a dataset of over 25,000 URLs. When users input a URL, the model classifies it as real or phishing to help protect users from fraudulent sites.
IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...IRJET Journal
This document discusses security challenges in cloud computing and proposes solutions to address them. It begins by outlining seven major security threats in cloud computing, including data loss, account hijacking, and unknown risk profiles. It then describes existing solutions that have been proposed, such as access control systems and obfuscating data before sending it to the cloud. Finally, the document proposes implementing a new cloud enablement model with client-side encryption to better secure data without losing its actual content, especially for external cloud services.
IRJET- Detecting the Phishing Websites using Enhance Secure AlgorithmIRJET Journal
This document discusses detecting phishing websites using an enhanced secure algorithm. It begins by defining phishing attacks and how they are used to steal personal information from users. It then discusses how current techniques are not fully effective at stopping sophisticated phishing attacks. The proposed methodology checks for features of phishing websites, especially in URLs and domain names, to identify fake websites. Some features checked include IP addresses, long URLs, prefixes/suffixes, and symbols. Future work could involve updating datasets, detecting other attacks, and improving accuracy and efficiency. In conclusion, education is important to help users identify phishing attacks, as technical solutions are still limited.
With cybercrime (like denial of service, malware, phishing, and SQL injection) looming large in our digitized world, penetration testing - and code and application level security testing (SAST and DAST) - are essential for organizations to identify security loopholes in applications and beyond. We provide a guide to the salient standards and techniques for full-spectrum testing to safeguard your data - and reputation.
A Comprehensive Review of Cyber Security, Threats and Cyber AttacksIRJET Journal
This document provides a comprehensive review of cyber security, threats, and cyber attacks. It discusses key topics such as cyber crimes, cyber security, cyber space threats, and types of cyber threats. The main points are:
1) Cyber security is critical in today's world where most activity occurs in cyberspace. Cyber crimes and attacks are major concerns for individuals, companies, and governments.
2) Common cyber threats include malware, phishing, denial of service attacks, man-in-the-middle attacks, SQL injection, and zero-day exploits.
3) The goals of cyber security are confidentiality, integrity, and availability of information based on the CIA triad model.
4)
Credential Stuffing Attack: Countermeasures using Patterns and Machine LearningIRJET Journal
The document discusses credential stuffing attacks and proposes a machine learning approach to detect and prevent these attacks. Some key points:
- Credential stuffing attacks exploit leaked credentials from one site to access user accounts on other sites. Traditional defenses like CAPTCHAs and rate limiting fail against these attacks.
- The proposed solution uses machine learning anomaly detection on login data patterns to identify outlier IP addresses, ISPs, foreign ISPs, and geo anomalies that may indicate an attack.
- If thresholds for these patterns are exceeded, the suspected attacker IP, ISP, etc. would be blocked. This prevents ongoing attacks. For compromised accounts, users would be notified to secure their accounts.
Study on Phishing Attacks and Antiphishing ToolsIRJET Journal
This document discusses phishing attacks and anti-phishing tools. It begins by defining phishing as fraudulent attempts to steal users' sensitive information by impersonating trustworthy entities. The document then outlines the common steps in phishing attacks, including planning, setup, attack, collection, fraud, and post-attack actions. It describes different types of phishing attacks and analyzes security issues. The document concludes by describing some popular anti-phishing tools, including Mail-Secure and the Netcraft security toolbar.
Why is cyber security a disruption in the digital economyMark Albala
As we enter the digital economy, companies will quickly realize that the differentiator in the digital economy is information and information being a valuable resource is subject to theft, hacking, phishing and a host of other issues which compromise a company’s ability to participate in the digital economy. Cybersecurity misfires compromise the trust of buyers and partners necessary to participate in the digital economy. It is up to every company to ensure that the information shared with them is protected to the best of their ability and proactively notify persons and organizations who entrust their information necessary to transact business (any personal identity information including but not limited to addresses, credit card information, social security numbers, account information, credit information, medical records, etc.) with any potential compromises which can yield harm to them by that information either being used maliciously or shared with others.
The digital economy is different than other versions of commerce because in the digital economy, information is the lifeblood of digital commerce that passes through the hands of many platforms involved in a digital event. Each of these platforms are an opportunity to wreak havoc on your well-intended but incomplete intents to protect the information contained within the network you control. In the digital economy, it is not only the network you control, but the platforms that touch the personal data entrusted to you as a means of enabling digital commerce, and several techniques have begun to emerge to protect personal information contained within your information domain and the domain of platforms participating in digital commerce.
Because the life blood of the digital economy is information, information hacked in the digital economy is akin to shrinkage in the legacy economy. Both are means to directly attack your bottom line, whether it is redirecting customers elsewhere because they don’t trust your privacy program, ransomware which makes your site or one of your partner platform sites dangerous to use or some other reason which challenges your ability to participate in the digital economy. Shrinking the potential market share because of information safety and security challenges is a disruption, making cyber-security a disruptive activity, particularly if it is not dealt with swiftly.
If your cyber-security program is focused entirely on protecting the information housed in your four walls, you have exposed yourself to problems you will have difficulty in identifying both the source and the entry point of these issues.
Social Media Privacy Protection for Blockchain with Cyber Security Prediction...IRJET Journal
This document discusses privacy and security issues related to social media. It begins by introducing how social media has become integral to modern life but also presents privacy risks if users share personal information publicly. Some key privacy threats on social media mentioned include data breaches, passive attacks like unauthorized data collection, and active attacks trying to access other user accounts. The document then reviews literature around social media security and privacy concerns. It outlines common security risks like unmonitored accounts, human error, and vulnerabilities in third-party apps linked to social media profiles. Potential threats to social networks are categorized as data breaches, passive attacks, and active attacks. The document concludes that social networks pose significant security and privacy risks and all users should take steps to protect
ISE 510 Final Project Scenario Background Limetree Inc. is a resea.docxchristiandean12115
ISE 510 Final Project Scenario Background Limetree Inc. is a research and development firm that engages in multiple research projects with the federal government and private corporations in the areas of healthcare, biotechnology, and other cutting-edge industries. It has been experiencing major growth in recent years, but there is also a concern that information security lapses are becoming rampant as the company grows. Limetree Inc. is working to establish a strong reputation in the industry, and it views a robust information security program as part of the means to achieving its goal. The company looks to monitor and remain compliant to any regulation impacting its operations.
Limetree Inc. recently experienced a security breach; it believes confidential company data has been stolen, including personal health information (PHI) used in a research study. Limetree Inc. believes the breach may have occurred because of some security vulnerabilities within its system and processes.
Limetree Inc.’s virtual environment is presented in the Agent Surefire: InfoSec educational video game. The rest of the environment is presented via an interview with the security manager, Jack Sterling.
Highlight of Interview with Jack Sterling
Interview with Jack Sterling revealed the following about Limetree Inc.’s system and processes:
Hardware/Software:
Desktop Apps: Internet Explorer, Firefox, Google Chrome, MS Office, Adobe Flash, Adobe Acrobat
Applications/Databases:
Browser – Browser in use is Internet Explorer and browser security setting was set to low. Browsers allow remote installation of applets, and there is no standard browser for the environment.
Virus Software – MacAfee is deployed locally on each user's machine and users are mandated to update their virus policy every month.
SQL Database – Ordinary users can escalate privilege via SQL Agent. Disk space for SQL database log is small and is overwritten with new information when it is full. Limetree Inc. is not using any encryption for sensitive data at rest within the SQL server environment.
Network:
The network comprises the following: three web/applications servers, three email servers, five file and printer servers, two proxy servers, seven remotely manageable Cisco switches, 250 desktops, three firewall devices, one gateway (router) device to the internet, and three wireless access points.
Configuration Highlights:
Wireless – Wireless network is available with clearly advertised SSID, and it is part of the local area network (LAN). There is no segmentation or authentication between the wireless and wired LAN. Visitors are provided access code to the wireless network at the front desk to use the internet while they wait to be attended to.
Managed switches – There is no logging of network activities on any of the switches.
Web server – Public-facing web server is part of the LAN. This is where internet users get needed information on the company. The web servers are running the f.
Cyber security involves protecting networks, computers, programs, and data from damage, unauthorized access, and impairment. It includes securing physical access to hardware and protecting against network attacks, data and code injection, and misuse by operators. As cyber attacks increase daily, nations face higher risks, so cyber security is a growing priority. Hacking, child pornography, copyright infringement, and other cybercrimes harm people's and nations' security and financial well-being. Effective cyber security incorporates measures across applications, information, networks, and disaster recovery to detect and prevent illegal computer use and ensure confidentiality, integrity, and availability of data. National cyber security policies aim to safeguard information systems and critical infrastructure through public-private cooperation and awareness
IRJET - Chrome Extension for Detecting Phishing WebsitesIRJET Journal
This document describes a Chrome browser extension that was developed to detect phishing websites using machine learning. The extension extracts features from URLs and classifies them as legitimate or phishing using a Random Forest classifier trained on a dataset of URLs. A user interface was designed for the extension using HTML, CSS and JavaScript. When a user visits a website, the extension automatically extracts 16 features from the URL and page content and inputs them into the Random Forest model to determine if the site is phishing or legitimate. The model was trained on a dataset of over 11,000 URLs labeled as phishing or legitimate. Evaluation of the model showed it achieved high accuracy in detecting phishing URLs. The goal of the extension is to help protect users from revealing
As we enter the digital economy, companies will quickly realize that the differentiator in the digital economy is information and information being a valuable resource is subject to theft, hacking, phishing and a host of other issues which compromise a company’s ability to participate in the digital economy. Cybersecurity misfires compromise the trust of buyers and partners necessary to participate in the digital economy. It is up to every company to ensure that the information shared with them is protected to the best of their ability and proactively notify persons and organizations who entrust their information necessary to transact business (any personal identity information including but not limited to addresses, credit card information, social security numbers, account information, credit information, medical records, etc.) with any potential compromises which can yield harm to them by that information either being used maliciously or shared with others.
This purpose of this writing is to cover some of the core requirements for implementing cybersecurity, the accountabilities for cybersecurity risks and the information used to manage a viable cybersecurity program.
The document discusses security attacks on the Bring Your Own Device (BYOD) model. It begins by introducing BYOD and its benefits for businesses and employees. However, it also notes BYOD poses security risks if personal devices are not properly secured when accessing company data. The document then examines common BYOD security threats like lost/stolen devices, malware, and advanced persistent threats. It develops a taxonomy to categorize BYOD attacks according to components (user, network, software, physical, web) and attack types (active, passive, privacy). The paper aims to identify solutions to mitigate BYOD security risks.
Similar to IRJET- Minimize Phishing Attacks: Securing Spear Attacks (20)
TUNNELING IN HIMALAYAS WITH NATM METHOD: A SPECIAL REFERENCES TO SUNGAL TUNNE...IRJET Journal
1) The document discusses the Sungal Tunnel project in Jammu and Kashmir, India, which is being constructed using the New Austrian Tunneling Method (NATM).
2) NATM involves continuous monitoring during construction to adapt to changing ground conditions, and makes extensive use of shotcrete for temporary tunnel support.
3) The methodology section outlines the systematic geotechnical design process for tunnels according to Austrian guidelines, and describes the various steps of NATM tunnel construction including initial and secondary tunnel support.
STUDY THE EFFECT OF RESPONSE REDUCTION FACTOR ON RC FRAMED STRUCTUREIRJET Journal
This study examines the effect of response reduction factors (R factors) on reinforced concrete (RC) framed structures through nonlinear dynamic analysis. Three RC frame models with varying heights (4, 8, and 12 stories) were analyzed in ETABS software under different R factors ranging from 1 to 5. The results showed that displacement increased as the R factor decreased, indicating less linear behavior for lower R factors. Drift also decreased proportionally with increasing R factors from 1 to 5. Shear forces in the frames decreased with higher R factors. In general, R factors of 3 to 5 produced more satisfactory performance with less displacement and drift. The displacement variations between different building heights were consistent at different R factors. This study evaluated how R factors influence
A COMPARATIVE ANALYSIS OF RCC ELEMENT OF SLAB WITH STARK STEEL (HYSD STEEL) A...IRJET Journal
This study compares the use of Stark Steel and TMT Steel as reinforcement materials in a two-way reinforced concrete slab. Mechanical testing is conducted to determine the tensile strength, yield strength, and other properties of each material. A two-way slab design adhering to codes and standards is executed with both materials. The performance is analyzed in terms of deflection, stability under loads, and displacement. Cost analyses accounting for material, durability, maintenance, and life cycle costs are also conducted. The findings provide insights into the economic and structural implications of each material for reinforcement selection and recommendations on the most suitable material based on the analysis.
Effect of Camber and Angles of Attack on Airfoil CharacteristicsIRJET Journal
This document discusses a study analyzing the effect of camber, position of camber, and angle of attack on the aerodynamic characteristics of airfoils. Sixteen modified asymmetric NACA airfoils were analyzed using computational fluid dynamics (CFD) by varying the camber, camber position, and angle of attack. The results showed the relationship between these parameters and the lift coefficient, drag coefficient, and lift to drag ratio. This provides insight into how changes in airfoil geometry impact aerodynamic performance.
A Review on the Progress and Challenges of Aluminum-Based Metal Matrix Compos...IRJET Journal
This document reviews the progress and challenges of aluminum-based metal matrix composites (MMCs), focusing on their fabrication processes and applications. It discusses how various aluminum MMCs have been developed using reinforcements like borides, carbides, oxides, and nitrides to improve mechanical and wear properties. These composites have gained prominence for their lightweight, high-strength and corrosion resistance properties. The document also examines recent advancements in fabrication techniques for aluminum MMCs and their growing applications in industries such as aerospace and automotive. However, it notes that challenges remain around issues like improper mixing of reinforcements and reducing reinforcement agglomeration.
Dynamic Urban Transit Optimization: A Graph Neural Network Approach for Real-...IRJET Journal
This document discusses research on using graph neural networks (GNNs) for dynamic optimization of public transportation networks in real-time. GNNs represent transit networks as graphs with nodes as stops and edges as connections. The GNN model aims to optimize networks using real-time data on vehicle locations, arrival times, and passenger loads. This helps increase mobility, decrease traffic, and improve efficiency. The system continuously trains and infers to adapt to changing transit conditions, providing decision support tools. While research has focused on performance, more work is needed on security, socio-economic impacts, contextual generalization of models, continuous learning approaches, and effective real-time visualization.
Structural Analysis and Design of Multi-Storey Symmetric and Asymmetric Shape...IRJET Journal
This document summarizes a research project that aims to compare the structural performance of conventional slab and grid slab systems in multi-story buildings using ETABS software. The study will analyze both symmetric and asymmetric building models under various loading conditions. Parameters like deflections, moments, shears, and stresses will be examined to evaluate the structural effectiveness of each slab type. The results will provide insights into the comparative behavior of conventional and grid slabs to help engineers and architects select appropriate slab systems based on building layouts and design requirements.
A Review of “Seismic Response of RC Structures Having Plan and Vertical Irreg...IRJET Journal
This document summarizes and reviews a research paper on the seismic response of reinforced concrete (RC) structures with plan and vertical irregularities, with and without infill walls. It discusses how infill walls can improve or reduce the seismic performance of RC buildings, depending on factors like wall layout, height distribution, connection to the frame, and relative stiffness of walls and frames. The reviewed research paper analyzes the behavior of infill walls, effects of vertical irregularities, and seismic performance of high-rise structures under linear static and dynamic analysis. It studies response characteristics like story drift, deflection and shear. The document also provides literature on similar research investigating the effects of infill walls, soft stories, plan irregularities, and different
This document provides a review of machine learning techniques used in Advanced Driver Assistance Systems (ADAS). It begins with an abstract that summarizes key applications of machine learning in ADAS, including object detection, recognition, and decision-making. The introduction discusses the integration of machine learning in ADAS and how it is transforming vehicle safety. The literature review then examines several research papers on topics like lightweight deep learning models for object detection and lane detection models using image processing. It concludes by discussing challenges and opportunities in the field, such as improving algorithm robustness and adaptability.
Long Term Trend Analysis of Precipitation and Temperature for Asosa district,...IRJET Journal
The document analyzes temperature and precipitation trends in Asosa District, Benishangul Gumuz Region, Ethiopia from 1993 to 2022 based on data from the local meteorological station. The results show:
1) The average maximum and minimum annual temperatures have generally decreased over time, with maximum temperatures decreasing by a factor of -0.0341 and minimum by -0.0152.
2) Mann-Kendall tests found the decreasing temperature trends to be statistically significant for annual maximum temperatures but not for annual minimum temperatures.
3) Annual precipitation in Asosa District showed a statistically significant increasing trend.
The conclusions recommend development planners account for rising summer precipitation and declining temperatures in
P.E.B. Framed Structure Design and Analysis Using STAAD ProIRJET Journal
This document discusses the design and analysis of pre-engineered building (PEB) framed structures using STAAD Pro software. It provides an overview of PEBs, including that they are designed off-site with building trusses and beams produced in a factory. STAAD Pro is identified as a key tool for modeling, analyzing, and designing PEBs to ensure their performance and safety under various load scenarios. The document outlines modeling structural parts in STAAD Pro, evaluating structural reactions, assigning loads, and following international design codes and standards. In summary, STAAD Pro is used to design and analyze PEB framed structures to ensure safety and code compliance.
A Review on Innovative Fiber Integration for Enhanced Reinforcement of Concre...IRJET Journal
This document provides a review of research on innovative fiber integration methods for reinforcing concrete structures. It discusses studies that have explored using carbon fiber reinforced polymer (CFRP) composites with recycled plastic aggregates to develop more sustainable strengthening techniques. It also examines using ultra-high performance fiber reinforced concrete to improve shear strength in beams. Additional topics covered include the dynamic responses of FRP-strengthened beams under static and impact loads, and the performance of preloaded CFRP-strengthened fiber reinforced concrete beams. The review highlights the potential of fiber composites to enable more sustainable and resilient construction practices.
Survey Paper on Cloud-Based Secured Healthcare SystemIRJET Journal
This document summarizes a survey on securing patient healthcare data in cloud-based systems. It discusses using technologies like facial recognition, smart cards, and cloud computing combined with strong encryption to securely store patient data. The survey found that healthcare professionals believe digitizing patient records and storing them in a centralized cloud system would improve access during emergencies and enable more efficient care compared to paper-based systems. However, ensuring privacy and security of patient data is paramount as healthcare incorporates these digital technologies.
Review on studies and research on widening of existing concrete bridgesIRJET Journal
This document summarizes several studies that have been conducted on widening existing concrete bridges. It describes a study from China that examined load distribution factors for a bridge widened with composite steel-concrete girders. It also outlines challenges and solutions for widening a bridge in the UAE, including replacing bearings and stitching the new and existing structures. Additionally, it discusses two bridge widening projects in New Zealand that involved adding precast beams and stitching to connect structures. Finally, safety measures and challenges for strengthening a historic bridge in Switzerland under live traffic are presented.
React based fullstack edtech web applicationIRJET Journal
The document describes the architecture of an educational technology web application built using the MERN stack. It discusses the frontend developed with ReactJS, backend with NodeJS and ExpressJS, and MongoDB database. The frontend provides dynamic user interfaces, while the backend offers APIs for authentication, course management, and other functions. MongoDB enables flexible data storage. The architecture aims to provide a scalable, responsive platform for online learning.
A Comprehensive Review of Integrating IoT and Blockchain Technologies in the ...IRJET Journal
This paper proposes integrating Internet of Things (IoT) and blockchain technologies to help implement objectives of India's National Education Policy (NEP) in the education sector. The paper discusses how blockchain could be used for secure student data management, credential verification, and decentralized learning platforms. IoT devices could create smart classrooms, automate attendance tracking, and enable real-time monitoring. Blockchain would ensure integrity of exam processes and resource allocation, while smart contracts automate agreements. The paper argues this integration has potential to revolutionize education by making it more secure, transparent and efficient, in alignment with NEP goals. However, challenges like infrastructure needs, data privacy, and collaborative efforts are also discussed.
A REVIEW ON THE PERFORMANCE OF COCONUT FIBRE REINFORCED CONCRETE.IRJET Journal
This document provides a review of research on the performance of coconut fibre reinforced concrete. It summarizes several studies that tested different volume fractions and lengths of coconut fibres in concrete mixtures with varying compressive strengths. The studies found that coconut fibre improved properties like tensile strength, toughness, crack resistance, and spalling resistance compared to plain concrete. Volume fractions of 2-5% and fibre lengths of 20-50mm produced the best results. The document concludes that using a 4-5% volume fraction of coconut fibres 30-40mm in length with M30-M60 grade concrete would provide benefits based on previous research.
Optimizing Business Management Process Workflows: The Dynamic Influence of Mi...IRJET Journal
The document discusses optimizing business management processes through automation using Microsoft Power Automate and artificial intelligence. It provides an overview of Power Automate's key components and features for automating workflows across various apps and services. The document then presents several scenarios applying automation solutions to common business processes like data entry, monitoring, HR, finance, customer support, and more. It estimates the potential time and cost savings from implementing automation for each scenario. Finally, the conclusion emphasizes the transformative impact of AI and automation tools on business processes and the need for ongoing optimization.
Multistoried and Multi Bay Steel Building Frame by using Seismic DesignIRJET Journal
The document describes the seismic design of a G+5 steel building frame located in Roorkee, India according to Indian codes IS 1893-2002 and IS 800. The frame was analyzed using the equivalent static load method and response spectrum method, and its response in terms of displacements and shear forces were compared. Based on the analysis, the frame was designed as a seismic-resistant steel structure according to IS 800:2007. The software STAAD Pro was used for the analysis and design.
Cost Optimization of Construction Using Plastic Waste as a Sustainable Constr...IRJET Journal
This research paper explores using plastic waste as a sustainable and cost-effective construction material. The study focuses on manufacturing pavers and bricks using recycled plastic and partially replacing concrete with plastic alternatives. Initial results found that pavers and bricks made from recycled plastic demonstrate comparable strength and durability to traditional materials while providing environmental and cost benefits. Additionally, preliminary research indicates incorporating plastic waste as a partial concrete replacement significantly reduces construction costs without compromising structural integrity. The outcomes suggest adopting plastic waste in construction can address plastic pollution while optimizing costs, promoting more sustainable building practices.
Software Engineering and Project Management - Introduction, Modeling Concepts...Prakhyath Rai
Introduction, Modeling Concepts and Class Modeling: What is Object orientation? What is OO development? OO Themes; Evidence for usefulness of OO development; OO modeling history. Modeling
as Design technique: Modeling, abstraction, The Three models. Class Modeling: Object and Class Concept, Link and associations concepts, Generalization and Inheritance, A sample class model, Navigation of class models, and UML diagrams
Building the Analysis Models: Requirement Analysis, Analysis Model Approaches, Data modeling Concepts, Object Oriented Analysis, Scenario-Based Modeling, Flow-Oriented Modeling, class Based Modeling, Creating a Behavioral Model.
Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...IJECEIAES
Medical image analysis has witnessed significant advancements with deep learning techniques. In the domain of brain tumor segmentation, the ability to
precisely delineate tumor boundaries from magnetic resonance imaging (MRI)
scans holds profound implications for diagnosis. This study presents an ensemble convolutional neural network (CNN) with transfer learning, integrating
the state-of-the-art Deeplabv3+ architecture with the ResNet18 backbone. The
model is rigorously trained and evaluated, exhibiting remarkable performance
metrics, including an impressive global accuracy of 99.286%, a high-class accuracy of 82.191%, a mean intersection over union (IoU) of 79.900%, a weighted
IoU of 98.620%, and a Boundary F1 (BF) score of 83.303%. Notably, a detailed comparative analysis with existing methods showcases the superiority of
our proposed model. These findings underscore the model’s competence in precise brain tumor localization, underscoring its potential to revolutionize medical
image analysis and enhance healthcare outcomes. This research paves the way
for future exploration and optimization of advanced CNN models in medical
imaging, emphasizing addressing false positives and resource efficiency.
Null Bangalore | Pentesters Approach to AWS IAMDivyanshu
#Abstract:
- Learn more about the real-world methods for auditing AWS IAM (Identity and Access Management) as a pentester. So let us proceed with a brief discussion of IAM as well as some typical misconfigurations and their potential exploits in order to reinforce the understanding of IAM security best practices.
- Gain actionable insights into AWS IAM policies and roles, using hands on approach.
#Prerequisites:
- Basic understanding of AWS services and architecture
- Familiarity with cloud security concepts
- Experience using the AWS Management Console or AWS CLI.
- For hands on lab create account on [killercoda.com](https://killercoda.com/cloudsecurity-scenario/)
# Scenario Covered:
- Basics of IAM in AWS
- Implementing IAM Policies with Least Privilege to Manage S3 Bucket
- Objective: Create an S3 bucket with least privilege IAM policy and validate access.
- Steps:
- Create S3 bucket.
- Attach least privilege policy to IAM user.
- Validate access.
- Exploiting IAM PassRole Misconfiguration
-Allows a user to pass a specific IAM role to an AWS service (ec2), typically used for service access delegation. Then exploit PassRole Misconfiguration granting unauthorized access to sensitive resources.
- Objective: Demonstrate how a PassRole misconfiguration can grant unauthorized access.
- Steps:
- Allow user to pass IAM role to EC2.
- Exploit misconfiguration for unauthorized access.
- Access sensitive resources.
- Exploiting IAM AssumeRole Misconfiguration with Overly Permissive Role
- An overly permissive IAM role configuration can lead to privilege escalation by creating a role with administrative privileges and allow a user to assume this role.
- Objective: Show how overly permissive IAM roles can lead to privilege escalation.
- Steps:
- Create role with administrative privileges.
- Allow user to assume the role.
- Perform administrative actions.
- Differentiation between PassRole vs AssumeRole
Try at [killercoda.com](https://killercoda.com/cloudsecurity-scenario/)
Embedded machine learning-based road conditions and driving behavior monitoringIJECEIAES
Car accident rates have increased in recent years, resulting in losses in human lives, properties, and other financial costs. An embedded machine learning-based system is developed to address this critical issue. The system can monitor road conditions, detect driving patterns, and identify aggressive driving behaviors. The system is based on neural networks trained on a comprehensive dataset of driving events, driving styles, and road conditions. The system effectively detects potential risks and helps mitigate the frequency and impact of accidents. The primary goal is to ensure the safety of drivers and vehicles. Collecting data involved gathering information on three key road events: normal street and normal drive, speed bumps, circular yellow speed bumps, and three aggressive driving actions: sudden start, sudden stop, and sudden entry. The gathered data is processed and analyzed using a machine learning system designed for limited power and memory devices. The developed system resulted in 91.9% accuracy, 93.6% precision, and 92% recall. The achieved inference time on an Arduino Nano 33 BLE Sense with a 32-bit CPU running at 64 MHz is 34 ms and requires 2.6 kB peak RAM and 139.9 kB program flash memory, making it suitable for resource-constrained embedded systems.