The Commtouch Quarterly Internet Threats Trend Report provides insight on the latest spam, malware, phishing schemes and other web security threats.
The January 2012 edition provides analysis of Internet security threats that occurred during the fourth quarter of 2011. This edition also provides an overview of Facebook attacks that occurred throughout 2011.
The Commtouch Quarterly Trends Threat Report provides insight on the latest spam, malware, phishing schemes and other web security threats. The July 2011 edition provides analysis of Internet security threats that occurred during the second quarter of 2011.
This document discusses how software insecurity can be distributed through social networking. It begins with background on software insecurity, which has historically spread through means like floppy disks and early internet sharing. The core topic examines how viruses can propagate through social networking sites as users communicate and share files through features like email, instant messaging, and photo sharing. It also explores how applications and tools used for social networking could host infected content or macros. The document concludes that social networking has become a major means of communication but also enables various ways for software insecurity to spread between users.
Norton by Symantec identifies the top 5 scams and spams to avoid on Facebook that are prevalent in the Middle East. These include "Like-" or "Share-baiting" scams, "Like" clickjacking scams, malicious applications, copy-paste script attacks, and hoaxes. Norton advises users to protect themselves by removing offensive posts and applications, changing passwords, and using Norton Safe Web for Facebook to scan for unsafe links.
Spiritual social media & mobile devicesErnest Staats
Ernest Staats is the technology director with extensive technical certifications and experience. He provides a link to resources on network security.
The document discusses several concerning trends regarding students' internet and technology use including feelings of addiction and dependence, negative physical and mental health impacts, and engaging in risky online behaviors like online gambling and oversharing personal information. It suggests that many students may need intervention for internet addiction.
Social Media Basics: Security Loopholes with Twitter & Other Social MediaTyler Shields
The document appears to be a syllabus for a course on social media security basics. It includes sections on definition of terms, risks, common attacks, and what can be done to protect yourself. Some common social media attacks mentioned are malware distribution, command and control of malware, compromise of sensitive data, social media worms like KoobFace that spread through messages/posts, targeted attacks, password/account hacking, and spam. The syllabus suggests users should avoid random links, use strong unique passwords, and not trust unsolicited messages. Vendors and enterprises are encouraged to implement better security practices while more research should be done on social media threats.
This document discusses social and mobile security issues. It covers topics like the psychological impact of social media, internet addiction among college students, privacy concerns with sharing information and photos online, and tips for safe social media and mobile device use. Specific recommendations include educating yourself and loved ones on online risks, setting guidelines for internet and phone use, installing parental control software, using strong passwords, and being aware of location data and metadata attached to photos.
The Commtouch Quarterly Trends Threat Report provides insight on the latest spam, malware, phishing schemes and other web security threats. The July 2011 edition provides analysis of Internet security threats that occurred during the second quarter of 2011.
This document discusses how software insecurity can be distributed through social networking. It begins with background on software insecurity, which has historically spread through means like floppy disks and early internet sharing. The core topic examines how viruses can propagate through social networking sites as users communicate and share files through features like email, instant messaging, and photo sharing. It also explores how applications and tools used for social networking could host infected content or macros. The document concludes that social networking has become a major means of communication but also enables various ways for software insecurity to spread between users.
Norton by Symantec identifies the top 5 scams and spams to avoid on Facebook that are prevalent in the Middle East. These include "Like-" or "Share-baiting" scams, "Like" clickjacking scams, malicious applications, copy-paste script attacks, and hoaxes. Norton advises users to protect themselves by removing offensive posts and applications, changing passwords, and using Norton Safe Web for Facebook to scan for unsafe links.
Spiritual social media & mobile devicesErnest Staats
Ernest Staats is the technology director with extensive technical certifications and experience. He provides a link to resources on network security.
The document discusses several concerning trends regarding students' internet and technology use including feelings of addiction and dependence, negative physical and mental health impacts, and engaging in risky online behaviors like online gambling and oversharing personal information. It suggests that many students may need intervention for internet addiction.
Social Media Basics: Security Loopholes with Twitter & Other Social MediaTyler Shields
The document appears to be a syllabus for a course on social media security basics. It includes sections on definition of terms, risks, common attacks, and what can be done to protect yourself. Some common social media attacks mentioned are malware distribution, command and control of malware, compromise of sensitive data, social media worms like KoobFace that spread through messages/posts, targeted attacks, password/account hacking, and spam. The syllabus suggests users should avoid random links, use strong unique passwords, and not trust unsolicited messages. Vendors and enterprises are encouraged to implement better security practices while more research should be done on social media threats.
This document discusses social and mobile security issues. It covers topics like the psychological impact of social media, internet addiction among college students, privacy concerns with sharing information and photos online, and tips for safe social media and mobile device use. Specific recommendations include educating yourself and loved ones on online risks, setting guidelines for internet and phone use, installing parental control software, using strong passwords, and being aware of location data and metadata attached to photos.
When web 2.0 sneezes, everyone gets sickStefan Tanase
Web 2.0 applications have become increasingly popular among Internet users in the past few years. This trend is very unlikely to come to an end soon. More and more 'classic' websites are shifting towards web 2.0 concepts, start-ups are all about web 2.0 and new users are adopting the web 2.0 lifestyle every day.
This paper aims to address the following questions:
What exactly is web 2.0?
What are the concepts and technologies that make web 2.0 what it is?
Why does web 2.0 attract malware authors?
How did malware spread over the Internet before web 2.0?
What are the new attack vectors created by web 2.0 technologies?
What social engineering tactics emerge over the web 2.0 concepts?
How dangerous is the combination of human & technological vulnerabilities?
Are web 2.0 attacks more efficient?
How difficult is it to protect ourselves?
How are web 2.0 threats going to evolve?
Web 2.0 applications are not only being used at home, but also in the corporate environment. The new attack vectors are raising the stakes, both for malware authors and security professionals. The user is somewhere in between the two sides, unwittingly helping the attackers while also suffering from the attacks.
The U.S. Department of State's Bureau of Educational and Cultural Affairs provides safety tips for using social networks, email, and the internet. The tips include never sharing private contact information publicly, carefully managing privacy settings, considering how content may be perceived before posting, being wary of third party applications accessing profile information, reporting any site abuses, and exercising caution with unsolicited emails or requests for private information. Basic computer security practices like scanning removable media and attachments are also recommended.
ELECTRONIC QUIZ IN EMPOWERMENT TECHNOLOGYkillersmile1
This document appears to be an electronic quiz about trends in information and communication technology (ICT) and different types of social media and online platforms. It consists of 10 multiple choice questions testing knowledge on topics like social media, bookmarking sites, microblogging, media sharing, and malware. The questions cover key concepts in digital technology and how people interact online through sites that allow sharing of content, links, updates and connecting with others.
Where there is money, there is crime – and financial institutions are among the prime targets for cyber criminals. This session will cover the threat that cybercrime poses to financial institutions, our first-hand run-ins with advanced attackers, real-world case studies, and the rise of cheap and damaging "hacking-as-a-service" tools that we’re seeing with increasing frequency and the damaging effects they have on financial institutions.
Ondrej Krehel, CEO & Founder, LIFARS, LLC
Dusan Petricko, Incident Response Manager, LIFARS, LLC
This document discusses empowerment through technology. It provides an overview of information and communication technologies (ICT) and how they have evolved from Web 1.0 to Web 2.0 to Web 3.0. It also discusses technology convergence and how different applications have merged. While technology provides many benefits, it also poses some dangers like email spam, phishing, and computer viruses. The document provides tips on how to protect yourself online and conduct safe research.
Basic tips for staying safe and protecting personal privacy on popular social media sites, including Facebook, Twitter, and Instagram. Designed for casual users of social media.
This document discusses empowerment through information and communication technologies (ICT) and provides information on current states of the internet. It describes the evolution from static Web 1.0 to more interactive Web 2.0 and the emerging semantic Web 3.0. The document also discusses technology convergence through examples like smartphones, discusses popular social media platforms, and outlines some dangers of computers like email spam, phishing, and computer viruses. It provides guidance on research skills and contextualizing online searches as well as how to use mail merge functions in Microsoft Word.
The document discusses security issues with social networking sites. It notes that while social networks provide advantages, they can also pose security threats if not used carefully. Personal and business information, as well as computers, can be at risk if malicious links or files are spread through social contacts. Attackers can also mine sites for valuable personal data like email addresses, physical addresses, birthdates, and profiles to use for spam, fraud, and other crimes. The privacy and security of social networks can also be compromised by programming flaws that hackers exploit. Users must be aware of potential risks and take steps like limiting shared information, vetting contacts, and avoiding suspicious content.
Empowerment technology Grecille Mae Gesulga and CatalinoPadsromel
The document discusses various topics related to information and communication technology (ICT). It provides information on the evolution of the internet from Web 1.0 to Web 2.0 to Web 3.0. It also discusses popular social media platforms like Facebook, Twitter, and Instagram. Additionally, it outlines some potential dangers of internet use like email spam, phishing, and computer viruses. It provides tips for protecting networks and computers from online threats. The document also discusses contextual search strategies and how to identify satirical news sources.
There is no argument about the popularity of the social platforms such as Facebook, YouTube, twitter, etc. These platforms can be used to stay in touch with your friends, increase sales revenues for organizations and as a collaboration tool to stay connected with the public. However, each of these benefits comes at a cost, putting your private information at a risk/ exposed. We aim to discuss the common security risks associated with usage of these platforms including risk mitigation strategies.
Intro Video : https://www.youtube.com/watch?v=zxpa4dNVd3c
Presentation for Computer Society of Sri Lanka on 24 Feb 2015
The document discusses various topics related to information and communication technology (ICT). It provides an overview of the evolution of the World Wide Web from static Web 1.0 to more interactive Web 2.0 and emerging semantic Web 3.0. It also discusses technology convergence and popular social media platforms. Additionally, it outlines some common online dangers like email spam, phishing and computer viruses as well as protections like firewalls and antivirus software.
Empowerment technology Josua De Guzman and CharizaPadsromel
The document discusses various topics related to information and communication technology (ICT), including the evolution of the World Wide Web from static Web 1.0 to interactive Web 2.0 to semantic Web 3.0. It also covers popular social media platforms, online dangers like viruses and spam, and basic computer security measures. Additionally, the document explains how to perform mail merges in Microsoft Word and generate labels, as well as identify reliable sources of photos and graphics both online and offline.
This document discusses security and privacy issues on social networking sites. It identifies different types of social networks and factors that influence users' selection of social networks like ease of use, friends using the network, and privacy and security. The document outlines threats to social networks like identity theft through profile cloning, spam attacks, malware spreading, and privacy and security issues related to shared user profile data, activity data, and third party application access. It provides statistics on common security threats to social networks and references publications on related research.
This document discusses empowerment through information and communication technologies. It defines ICT as any communication device or application, and explains how ICT can be used in different fields like education, commerce, sports, health services, engineering, and travel. It then discusses the evolution of the World Wide Web from Web 1.0 to 2.0 to 3.0. Other topics covered include technology convergence, social media platforms, assistive media, dangers online like spam and phishing, and research skills for contextualized searching. Steps for contextualized searching and identifying good sources from satirical sources are provided. The document concludes with an explanation of mail merge and label generation in documents.
Empowerment Technology By: Zyrhell Rafer and Bretny RocesPadsromel
This document discusses the use of information and communication technology (ICT) and how it has evolved over time. It provides details on:
- ICT being the umbrella term for any communication device or application, including radio, television, computers, etc.
- The evolution of the World Wide Web from static Web 1.0 to more interactive Web 2.0 to the semantic Web 3.0.
- Popular social media platforms like Facebook, Twitter, Instagram, and Snapchat.
- Potential dangers of using technology like email spam, spoofing, phishing, malware, and how to better protect computers and networks.
The document discusses various security threats that exist on social networks, including phishing attacks, vulnerabilities in third-party applications, weak password security, cross-site scripting attacks, clickjacking, insecure frameworks, SQL injections, and DDOS attacks. It provides examples of each type of attack, such as phishing links that install malware, apps that access too much user data if hacked, passwords being easily guessed, malicious JavaScript that can be installed through photo tags, and privacy settings being exploited to view other profiles. The document emphasizes that with over a billion users exchanging personal information, social networks face many potential threats but that Facebook focuses heavily on security to prevent hacks of its own system.
The document discusses various topics related to information and communication technology (ICT) including its current state, technology convergence, social media platforms, and online dangers. It provides information on how to conduct research including identifying a topic, resources, compiling results, and developing critical thinking skills. Steps are outlined for performing a contextual search, creating a mail merge, generating labels, and developing a presentation in PowerPoint. Sources of photos and graphics as well as common digital file formats are also mentioned.
Information security is the process of protecting digital information and systems from unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction. The document discusses challenges to information security like identity theft, malware, patch management failures and distributed denial of service attacks. It provides best practices for protecting digital assets such as using antivirus software, updating systems, and implementing personal firewalls and wireless security measures. There is a growing need for information security professionals to address issues around security, education and workforce development.
This is a presentation Bill gave at the May 2009 NAISG meeting on the security dangers of such social networking entities as Facebook, LinkedIn and Twitter.
Analysis of Cyberbullying Tweets in Trending World Eventskcortis
This paper was presented at the 15th International Conference on Knowledge Technologies and Data-Driven Business (http://i-know.tugraz.at/) in Graz, Austria on 21 October 2015.
The full paper can be found at: http://doi.acm.org/10.1145/2809563.2809605
The document discusses various threats faced by users of online social networks and solutions to address those threats. It categorizes threats into classic threats like malware, phishing and spam; modern threats unique to social networks like clickjacking, de-anonymization attacks and fake profiles; combination threats; and threats targeting children. It then provides taxonomies of solutions developed by social network operators, commercial companies and academics to mitigate these threats through methods like authentication mechanisms, privacy settings, internal protection systems and user reporting features.
The document discusses opportunities and threats related to social networks. It notes that 70% of web users visit social networks, with major platforms like Facebook, MySpace, Twitter, and LinkedIn having hundreds of millions of users each. However, it also outlines privacy and security risks like identity theft, malware propagation, and corporate data leakage that social networks can enable if not used carefully. The document provides an overview of these risks and threats as well as recommendations for safe social network usage.
When web 2.0 sneezes, everyone gets sickStefan Tanase
Web 2.0 applications have become increasingly popular among Internet users in the past few years. This trend is very unlikely to come to an end soon. More and more 'classic' websites are shifting towards web 2.0 concepts, start-ups are all about web 2.0 and new users are adopting the web 2.0 lifestyle every day.
This paper aims to address the following questions:
What exactly is web 2.0?
What are the concepts and technologies that make web 2.0 what it is?
Why does web 2.0 attract malware authors?
How did malware spread over the Internet before web 2.0?
What are the new attack vectors created by web 2.0 technologies?
What social engineering tactics emerge over the web 2.0 concepts?
How dangerous is the combination of human & technological vulnerabilities?
Are web 2.0 attacks more efficient?
How difficult is it to protect ourselves?
How are web 2.0 threats going to evolve?
Web 2.0 applications are not only being used at home, but also in the corporate environment. The new attack vectors are raising the stakes, both for malware authors and security professionals. The user is somewhere in between the two sides, unwittingly helping the attackers while also suffering from the attacks.
The U.S. Department of State's Bureau of Educational and Cultural Affairs provides safety tips for using social networks, email, and the internet. The tips include never sharing private contact information publicly, carefully managing privacy settings, considering how content may be perceived before posting, being wary of third party applications accessing profile information, reporting any site abuses, and exercising caution with unsolicited emails or requests for private information. Basic computer security practices like scanning removable media and attachments are also recommended.
ELECTRONIC QUIZ IN EMPOWERMENT TECHNOLOGYkillersmile1
This document appears to be an electronic quiz about trends in information and communication technology (ICT) and different types of social media and online platforms. It consists of 10 multiple choice questions testing knowledge on topics like social media, bookmarking sites, microblogging, media sharing, and malware. The questions cover key concepts in digital technology and how people interact online through sites that allow sharing of content, links, updates and connecting with others.
Where there is money, there is crime – and financial institutions are among the prime targets for cyber criminals. This session will cover the threat that cybercrime poses to financial institutions, our first-hand run-ins with advanced attackers, real-world case studies, and the rise of cheap and damaging "hacking-as-a-service" tools that we’re seeing with increasing frequency and the damaging effects they have on financial institutions.
Ondrej Krehel, CEO & Founder, LIFARS, LLC
Dusan Petricko, Incident Response Manager, LIFARS, LLC
This document discusses empowerment through technology. It provides an overview of information and communication technologies (ICT) and how they have evolved from Web 1.0 to Web 2.0 to Web 3.0. It also discusses technology convergence and how different applications have merged. While technology provides many benefits, it also poses some dangers like email spam, phishing, and computer viruses. The document provides tips on how to protect yourself online and conduct safe research.
Basic tips for staying safe and protecting personal privacy on popular social media sites, including Facebook, Twitter, and Instagram. Designed for casual users of social media.
This document discusses empowerment through information and communication technologies (ICT) and provides information on current states of the internet. It describes the evolution from static Web 1.0 to more interactive Web 2.0 and the emerging semantic Web 3.0. The document also discusses technology convergence through examples like smartphones, discusses popular social media platforms, and outlines some dangers of computers like email spam, phishing, and computer viruses. It provides guidance on research skills and contextualizing online searches as well as how to use mail merge functions in Microsoft Word.
The document discusses security issues with social networking sites. It notes that while social networks provide advantages, they can also pose security threats if not used carefully. Personal and business information, as well as computers, can be at risk if malicious links or files are spread through social contacts. Attackers can also mine sites for valuable personal data like email addresses, physical addresses, birthdates, and profiles to use for spam, fraud, and other crimes. The privacy and security of social networks can also be compromised by programming flaws that hackers exploit. Users must be aware of potential risks and take steps like limiting shared information, vetting contacts, and avoiding suspicious content.
Empowerment technology Grecille Mae Gesulga and CatalinoPadsromel
The document discusses various topics related to information and communication technology (ICT). It provides information on the evolution of the internet from Web 1.0 to Web 2.0 to Web 3.0. It also discusses popular social media platforms like Facebook, Twitter, and Instagram. Additionally, it outlines some potential dangers of internet use like email spam, phishing, and computer viruses. It provides tips for protecting networks and computers from online threats. The document also discusses contextual search strategies and how to identify satirical news sources.
There is no argument about the popularity of the social platforms such as Facebook, YouTube, twitter, etc. These platforms can be used to stay in touch with your friends, increase sales revenues for organizations and as a collaboration tool to stay connected with the public. However, each of these benefits comes at a cost, putting your private information at a risk/ exposed. We aim to discuss the common security risks associated with usage of these platforms including risk mitigation strategies.
Intro Video : https://www.youtube.com/watch?v=zxpa4dNVd3c
Presentation for Computer Society of Sri Lanka on 24 Feb 2015
The document discusses various topics related to information and communication technology (ICT). It provides an overview of the evolution of the World Wide Web from static Web 1.0 to more interactive Web 2.0 and emerging semantic Web 3.0. It also discusses technology convergence and popular social media platforms. Additionally, it outlines some common online dangers like email spam, phishing and computer viruses as well as protections like firewalls and antivirus software.
Empowerment technology Josua De Guzman and CharizaPadsromel
The document discusses various topics related to information and communication technology (ICT), including the evolution of the World Wide Web from static Web 1.0 to interactive Web 2.0 to semantic Web 3.0. It also covers popular social media platforms, online dangers like viruses and spam, and basic computer security measures. Additionally, the document explains how to perform mail merges in Microsoft Word and generate labels, as well as identify reliable sources of photos and graphics both online and offline.
This document discusses security and privacy issues on social networking sites. It identifies different types of social networks and factors that influence users' selection of social networks like ease of use, friends using the network, and privacy and security. The document outlines threats to social networks like identity theft through profile cloning, spam attacks, malware spreading, and privacy and security issues related to shared user profile data, activity data, and third party application access. It provides statistics on common security threats to social networks and references publications on related research.
This document discusses empowerment through information and communication technologies. It defines ICT as any communication device or application, and explains how ICT can be used in different fields like education, commerce, sports, health services, engineering, and travel. It then discusses the evolution of the World Wide Web from Web 1.0 to 2.0 to 3.0. Other topics covered include technology convergence, social media platforms, assistive media, dangers online like spam and phishing, and research skills for contextualized searching. Steps for contextualized searching and identifying good sources from satirical sources are provided. The document concludes with an explanation of mail merge and label generation in documents.
Empowerment Technology By: Zyrhell Rafer and Bretny RocesPadsromel
This document discusses the use of information and communication technology (ICT) and how it has evolved over time. It provides details on:
- ICT being the umbrella term for any communication device or application, including radio, television, computers, etc.
- The evolution of the World Wide Web from static Web 1.0 to more interactive Web 2.0 to the semantic Web 3.0.
- Popular social media platforms like Facebook, Twitter, Instagram, and Snapchat.
- Potential dangers of using technology like email spam, spoofing, phishing, malware, and how to better protect computers and networks.
The document discusses various security threats that exist on social networks, including phishing attacks, vulnerabilities in third-party applications, weak password security, cross-site scripting attacks, clickjacking, insecure frameworks, SQL injections, and DDOS attacks. It provides examples of each type of attack, such as phishing links that install malware, apps that access too much user data if hacked, passwords being easily guessed, malicious JavaScript that can be installed through photo tags, and privacy settings being exploited to view other profiles. The document emphasizes that with over a billion users exchanging personal information, social networks face many potential threats but that Facebook focuses heavily on security to prevent hacks of its own system.
The document discusses various topics related to information and communication technology (ICT) including its current state, technology convergence, social media platforms, and online dangers. It provides information on how to conduct research including identifying a topic, resources, compiling results, and developing critical thinking skills. Steps are outlined for performing a contextual search, creating a mail merge, generating labels, and developing a presentation in PowerPoint. Sources of photos and graphics as well as common digital file formats are also mentioned.
Information security is the process of protecting digital information and systems from unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction. The document discusses challenges to information security like identity theft, malware, patch management failures and distributed denial of service attacks. It provides best practices for protecting digital assets such as using antivirus software, updating systems, and implementing personal firewalls and wireless security measures. There is a growing need for information security professionals to address issues around security, education and workforce development.
This is a presentation Bill gave at the May 2009 NAISG meeting on the security dangers of such social networking entities as Facebook, LinkedIn and Twitter.
Analysis of Cyberbullying Tweets in Trending World Eventskcortis
This paper was presented at the 15th International Conference on Knowledge Technologies and Data-Driven Business (http://i-know.tugraz.at/) in Graz, Austria on 21 October 2015.
The full paper can be found at: http://doi.acm.org/10.1145/2809563.2809605
The document discusses various threats faced by users of online social networks and solutions to address those threats. It categorizes threats into classic threats like malware, phishing and spam; modern threats unique to social networks like clickjacking, de-anonymization attacks and fake profiles; combination threats; and threats targeting children. It then provides taxonomies of solutions developed by social network operators, commercial companies and academics to mitigate these threats through methods like authentication mechanisms, privacy settings, internal protection systems and user reporting features.
The document discusses opportunities and threats related to social networks. It notes that 70% of web users visit social networks, with major platforms like Facebook, MySpace, Twitter, and LinkedIn having hundreds of millions of users each. However, it also outlines privacy and security risks like identity theft, malware propagation, and corporate data leakage that social networks can enable if not used carefully. The document provides an overview of these risks and threats as well as recommendations for safe social network usage.
Peter Wood is the CEO of First-Base Technologies LLP, an ethical hacking firm. He has over 40 years of experience in computers and security. Some of the main corporate web security issues he discusses are drive-by malware infections from compromised websites, phishing and spear phishing attacks, and social networking attacks. Statistics show the continued prevalence of these threats. He provides examples of past attacks and recommends patching systems regularly, controlling web browsing habits, and thinking before clicking links or downloading content.
This document summarizes security issues on the social media platform Facebook. It finds that Facebook's large user base makes it an ideal target for social engineering attacks. Various techniques are described like spam through popular games/groups, phishing for credentials, spreading malware through shared links, and scam charity pages. An experiment shows over 50% of users will accept unknown friend requests or click shared links, even without details on who shared it. The document concludes that Facebook's popularity also makes it highly exposed to social engineering attacks that can easily infiltrate users' trusted circles.
Epowerment Technology by: Geraldine Salve Pepe and Lailanie Pepesalvepepe
ICT refers to information and communication technologies and includes any devices or applications used for communication, such as radio, television and computers. The main uses of ICT are for obtaining and sharing information, education, accessing services, and raising social awareness. The document discusses the evolution of the internet from Web 1.0 to Web 2.0 to Web 3.0, with Web 1.0 being read-only, Web 2.0 allowing user interaction and user-generated content, and Web 3.0 being data-driven. It also covers topics such as social media, technology convergence in smartphones, and cybersecurity issues like email spam, phishing, and computer viruses.
Cyber crimes, especially against women, are increasing and include cyber stalking, cyber defamation, cyber bullying, cyber hacking, and sharing of pornographic images without consent. Children are also targeted online through grooming, exploitation, and exposure to harmful content. Zero-day exploits take advantage of unknown software vulnerabilities to launch attacks, like the Stuxnet virus targeting Iranian nuclear facilities and WannaCry ransomware affecting computers worldwide. Zero-click attacks install malware without any action from the user by exploiting operating system flaws.
This document provides information about information and communication technology (ICT), the evolution of the World Wide Web, and trends in ICT. It discusses how ICT deals with communication technologies to locate, save, send, and edit information. It describes the development of the World Wide Web from static Web 1.0 pages to dynamic and interactive Web 2.0 pages that enable increased user participation. Current trends in ICT highlighted include convergence of technologies, social media, mobile technologies, and assistive media. The document also covers online safety, security, internet threats like malware, and tips to stay safe online.
The document provides information on advanced techniques using Microsoft Word, including mail merge. Mail merge allows a user to create documents and combine them with another document or data file, commonly used when sending out materials to multiple recipients. Other techniques discussed include formatting text using bold, italics and other options; correcting spelling and grammar; and saving documents electronically on a computer's hard drive. Advanced functions in Word help users efficiently compose, edit, format and print complex documents.
This document provides information about information and communication technology (ICT), the evolution of the World Wide Web, and trends in ICT. It discusses how ICT deals with communication technologies to locate, save, send, and edit information. It describes the development of the World Wide Web from static Web 1.0 pages to dynamic and interactive Web 2.0 pages that enable increased user participation. Current trends in ICT highlighted include convergence of technologies, social media, mobile technologies, and assistive media. The document also covers online safety, security, internet threats like malware, and tips to stay safe online.
This document provides information about information and communication technology (ICT), the evolution of the World Wide Web, and trends in ICT. It discusses how ICT deals with communication technologies to locate, save, send, and edit information. It describes the development of the World Wide Web from static Web 1.0 pages to dynamic and interactive Web 2.0 pages that enable increased user participation. Current trends in ICT highlighted include convergence of technologies, social media, mobile technologies, and assistive media. The document also covers online safety, security, internet threats like malware, and tips to stay safe online.
The document provides information on advanced techniques using Microsoft Word, including mail merge. Mail merge allows a user to create documents and combine them with another document or data file, commonly used when sending out materials to multiple recipients. Other techniques discussed include formatting text using bold, italics and other options; correcting spelling and grammar; and saving documents electronically on a computer's hard drive. Advanced functions in Word help users efficiently compose, edit, format and print complex documents.
This document provides information about information and communication technology (ICT), the evolution of the World Wide Web, and trends in ICT. It discusses how ICT deals with communication technologies to locate, save, send, and edit information. It describes the development of the World Wide Web from static Web 1.0 pages to dynamic and interactive Web 2.0 pages that enable increased user participation. Current trends in ICT highlighted include convergence of technologies, social media, mobile technologies, and assistive media. The document also covers online safety, security, internet threats like malware, and tips to stay safe online.
The document provides information on advanced techniques using Microsoft Word, including mail merge. Mail merge allows a user to create documents and combine them with another document or data file, commonly used when sending out materials to multiple recipients. Other techniques discussed include formatting text using bold, italics and other options; correcting spelling and grammar; and saving documents electronically on a computer's hard drive. Advanced functions in Word help users efficiently compose, edit, format and print complex documents.
This document provides information about information and communication technology (ICT), the evolution of the World Wide Web, and trends in ICT. It discusses how ICT deals with communication technologies to locate, save, send, and edit information. It describes the development of the World Wide Web from static Web 1.0 pages to dynamic and interactive Web 2.0 pages that enable increased user participation. Current trends in ICT highlighted include convergence of technologies, social media, mobile technologies, and assistive media. The document also covers online safety, security, internet threats like malware, and tips to stay safe online.
Empowerment Technology by: Maria Elisa Pal and Rodel Reyesandregoron
ICT refers to information and communication technologies and includes any devices or applications used for communication, such as radio, television and computers. There have been three stages of internet development:
Web 1.0 featured static, read-only web pages with little user interaction. Web 2.0 became more interactive with user-generated content and social media. Web 3.0 aims to be a semantic web driven by data and artificial intelligence. Technology convergence combines different media types into single devices like smartphones. Popular social media platforms allow users to connect and share content globally. Various security threats also emerged with increased internet usage.
L1b Trends in ICT - Online Safety and Security.pdfJeth Cuenco
This document provides an introduction to information and communication technologies. It discusses trends in ICT such as convergence of technologies, social media, and mobile technologies. It also covers online safety and security issues like malware, spam, and phishing. The document emphasizes the importance of protecting one's online reputation and intellectual property, and stresses practicing good netiquette when communicating online.
The document analyzes a spam campaign from April to June 2012 that distributed malware via the Blackhole Exploit Kit. It found 245 separate spam runs spoofing 17-40 organizations each month. The spam used social engineering to trick users into clicking links that led to compromised websites and exploit pages hosting the Blackhole Exploit Kit. These pages attempted to exploit vulnerabilities in browsers and software to download malware like ZeuS and Cridex. The campaign was highly effective due to its scale and use of redirection, compromised sites and thousands of URLs daily, making it difficult for traditional security methods to keep up.
The document analyzes application usage and cyber threats across over 5,500 organizations. It finds that while common sharing applications like email, social media and file sharing represent a high percentage of total applications and bandwidth used, they account for a relatively low percentage of observed threat activity. Specifically, these applications delivered 32% of threats but exhibited only 5% of threat activity. The majority of threats instead were concentrated in a small number of "workhorse" applications. Code execution exploits that allow malware installation were the most common threat type delivered via common sharing applications.
10 IJAERS-JUN-2015-42-Social Engineering on Social Networking sitesPuneeth Puni
This document discusses social engineering attacks on social networking sites. It begins by defining social engineering as influencing people to perform actions that benefit an attacker by exploiting human vulnerabilities. It then discusses how the large number of users and information on social networking sites provides more opportunities for attackers.
The document presents two models for social engineering attacks on social networking sites: a phase-based model outlining 8 phases an attacker would use, and a source-based model identifying three main sources of threats - insecure privacy settings, connections with strangers, and insecure content. Specific attack methods are also discussed like modifying privacy settings of a victim's friends after an initial phishing attack. The conclusion stresses the importance of understanding social engineering to help address this human-based
This Imperva Hacker Intel report details the never-before-seen details on an attack by hacktivist group 'Anonymous' against a high-profile unnamed target during a 25 day period in 2011. The report offers a comprehensive analysis of the attack, including a detailed timeline of activities from start to finish, an examination of the hacking methods utilized, as well as insights on the use of social media to recruit participants and coordinate the attack.
Webinar: Botnets - The clone army of cybercrimeCyren, Inc
This document discusses botnets, which are networks of compromised computers that are controlled remotely without the owners' knowledge. Botnets are used by cybercriminals to carry out malicious activities like distributed denial-of-service attacks, spamming, and installing malware. The document outlines how botnets work, how they have evolved over time to avoid detection, and provides statistics on global botnet command and control infrastructure and infected machines. It also gives examples of how botnets like Zeus and Necurs operate on a daily basis to receive commands, distribute spam and malware, and evade security solutions.
Webinar: How hackers are making your security obsoleteCyren, Inc
The document discusses the evolution of threats from early malware to modern hyper-evasive threats. It describes how threats like Cerber ransomware and Locky employ numerous techniques to evade detection by traditional antivirus and sandboxing methods. Sandboxing appliances have limitations due to a fixed resource capacity and reliance on virtual environments that threats can detect. A cloud-based approach using diverse environments could help address these challenges posed by modern threats that are highly optimized to evade detection.
Webinar: 10 steps you can take to protect your business from phishing attacksCyren, Inc
- 43% of businesses have experienced a phishing attack in the past year, with average losses of $25,000-$75,000 per attack. Phishing is the top cybersecurity threat.
- Phishing tricks users into disclosing personal information via spoofed emails and websites. 12% of recipients click phishing links within 2 minutes.
- Businesses can protect themselves by using email/web security gateways, training users to identify threats, and practicing good security hygiene. A multi-layered defense is needed to stop phishing attacks at different stages.
Webinar: Insights from CYREN's 2015-Q3 Cyber Threat ReportCyren, Inc
This document summarizes a CYREN CyberThreat Report for Q3 2015. It discusses challenges in web security like the growing number of devices and lack of visibility. It finds most organizations face challenges from advanced threats and insufficient prevention solutions. While some hesitate to use cloud-based security due to trust or cost issues, the document shows cloud can provide better protection speed. It also summarizes recent malware trends like Android "Ghostpush" and web-based threats. Phishing targeting businesses is discussed along with the Ashley Madison breach. The document ends by reviewing Q3 data on threats, phishing, and spam activity.
Webinar: Dispelling the Myths about Cloud SecurityCyren, Inc
The document discusses dispelling myths about cloud security. It begins by asking whether the cloud can be trusted and discusses analyst perspectives supporting how the cloud can be secure. It then addresses five common misconceptions about cloud security: that organizations don't use the cloud; having no control over data; cloud being less secure than on-premise; cloud security being difficult to manage; and appliances providing more flexibility than cloud. The document promotes the CYREN cloud security solution as addressing these myths through a comprehensive security platform offering features such as malware detection, zero-hour phishing protection, and security for mobile users and devices.
Webinar: Insights from CYREN's 2015 Q2 Cyber Threats ReportCyren, Inc
CYREN's quarterly Cyber Threats Report is a MUST READ for Internet security stakeholders around the globe. This report includes updates on zero-day flash malware in the wake of the Hacking Team breach, a look at Java malware following Google’s ousting of Java from Chrome, and an analysis of phishing that threatens business users.
Webinar: CYREN WebSecurity for HealthcareCyren, Inc
This document discusses cybersecurity challenges facing the healthcare industry and introduces CYREN, a cybersecurity company. It notes that new healthcare technologies have expanded attack surfaces and that mobile devices and the cloud have introduced new risks. CYREN provides web, email, and endpoint security solutions powered by analyzing 17 billion daily transactions to identify emerging threats. It argues healthcare needs a modern cloud-based solution like CYREN to effectively protect patients and medical data across diverse environments.
Webinar: CYREN WebSecurity for EnterpriseCyren, Inc
The document discusses the changing security landscape and challenges posed by modern threats. It describes CYREN as a provider of cybersecurity solutions that use global threat intelligence from billions of daily transactions to protect users. CYREN's cloud-based security-as-a-service approach aims to offer faster and more effective protection than legacy hardware-based systems, and lower total cost of ownership through a pay-as-you-go model.
This document summarizes a CYREN CyberThreat Report from April 2015. It discusses several cybersecurity topics from the first quarter of 2015, including a watering hole attack on Forbes.com, advanced blackhat search engine optimization techniques called SEOHide, the continuing rise of macro malware, lessons learned from security breaches at Slack and HipChat, and how secure hashed passwords are. It also provides statistics on Android threats, phishing, and spam for Q1 2015. The document is intended to discuss current cybersecurity issues and threats based on CYREN's threat intelligence gathered from over 500,000 global data points.
By 2020, more than 25 billion devices will have extensive Internet capabilities. These range from your refrigerator and other consumer electronics and our connected cars. Along the way there are several challenges to overcome in providing a secure platform for our Internet of things, among them the limited performance and memory of the device, the ever increasing volume of data and rising demand of users within given standards. The detection of cyberthreats in real time and prevention of dynamic attacks as they occur will be essential for the success of the Internet of Things.
Webinar: Insights from CYREN's 2015 Cyber Threats YearbookCyren, Inc
Take a look back at the cyberthreats of 2014, get an examination of today’s threat landscape, and look forward to the security challenges of 2015 and how to best meet them.
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc
How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024?
In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores.
See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe.
This webinar will review:
- The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey
- The top challenges for privacy leaders, practitioners, and organizations in 2024
- Key themes to consider in developing and maintaining your privacy program
In the realm of cybersecurity, offensive security practices act as a critical shield. By simulating real-world attacks in a controlled environment, these techniques expose vulnerabilities before malicious actors can exploit them. This proactive approach allows manufacturers to identify and fix weaknesses, significantly enhancing system security.
This presentation delves into the development of a system designed to mimic Galileo's Open Service signal using software-defined radio (SDR) technology. We'll begin with a foundational overview of both Global Navigation Satellite Systems (GNSS) and the intricacies of digital signal processing.
The presentation culminates in a live demonstration. We'll showcase the manipulation of Galileo's Open Service pilot signal, simulating an attack on various software and hardware systems. This practical demonstration serves to highlight the potential consequences of unaddressed vulnerabilities, emphasizing the importance of offensive security practices in safeguarding critical infrastructure.
What is an RPA CoE? Session 1 – CoE VisionDianaGray10
In the first session, we will review the organization's vision and how this has an impact on the COE Structure.
Topics covered:
• The role of a steering committee
• How do the organization’s priorities determine CoE Structure?
Speaker:
Chris Bolin, Senior Intelligent Automation Architect Anika Systems
Driving Business Innovation: Latest Generative AI Advancements & Success StorySafe Software
Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency.
During the hour, we’ll take you through:
Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board.
Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes.
Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI.
We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI.
This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!
Skybuffer SAM4U tool for SAP license adoptionTatiana Kojar
Manage and optimize your license adoption and consumption with SAM4U, an SAP free customer software asset management tool.
SAM4U, an SAP complimentary software asset management tool for customers, delivers a detailed and well-structured overview of license inventory and usage with a user-friendly interface. We offer a hosted, cost-effective, and performance-optimized SAM4U setup in the Skybuffer Cloud environment. You retain ownership of the system and data, while we manage the ABAP 7.58 infrastructure, ensuring fixed Total Cost of Ownership (TCO) and exceptional services through the SAP Fiori interface.
Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
Generating privacy-protected synthetic data using Secludy and MilvusZilliz
During this demo, the founders of Secludy will demonstrate how their system utilizes Milvus to store and manipulate embeddings for generating privacy-protected synthetic data. Their approach not only maintains the confidentiality of the original data but also enhances the utility and scalability of LLMs under privacy constraints. Attendees, including machine learning engineers, data scientists, and data managers, will witness first-hand how Secludy's integration with Milvus empowers organizations to harness the power of LLMs securely and efficiently.
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/temporal-event-neural-networks-a-more-efficient-alternative-to-the-transformer-a-presentation-from-brainchip/
Chris Jones, Director of Product Management at BrainChip , presents the “Temporal Event Neural Networks: A More Efficient Alternative to the Transformer” tutorial at the May 2024 Embedded Vision Summit.
The expansion of AI services necessitates enhanced computational capabilities on edge devices. Temporal Event Neural Networks (TENNs), developed by BrainChip, represent a novel and highly efficient state-space network. TENNs demonstrate exceptional proficiency in handling multi-dimensional streaming data, facilitating advancements in object detection, action recognition, speech enhancement and language model/sequence generation. Through the utilization of polynomial-based continuous convolutions, TENNs streamline models, expedite training processes and significantly diminish memory requirements, achieving notable reductions of up to 50x in parameters and 5,000x in energy consumption compared to prevailing methodologies like transformers.
Integration with BrainChip’s Akida neuromorphic hardware IP further enhances TENNs’ capabilities, enabling the realization of highly capable, portable and passively cooled edge devices. This presentation delves into the technical innovations underlying TENNs, presents real-world benchmarks, and elucidates how this cutting-edge approach is positioned to revolutionize edge AI across diverse applications.
Have you ever been confused by the myriad of choices offered by AWS for hosting a website or an API?
Lambda, Elastic Beanstalk, Lightsail, Amplify, S3 (and more!) can each host websites + APIs. But which one should we choose?
Which one is cheapest? Which one is fastest? Which one will scale to meet our needs?
Join me in this session as we dive into each AWS hosting service to determine which one is best for your scenario and explain why!
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...Jason Yip
The typical problem in product engineering is not bad strategy, so much as “no strategy”. This leads to confusion, lack of motivation, and incoherent action. The next time you look for a strategy and find an empty space, instead of waiting for it to be filled, I will show you how to fill it in yourself. If you’re wrong, it forces a correction. If you’re right, it helps create focus. I’ll share how I’ve approached this in the past, both what works and lessons for what didn’t work so well.
Monitoring and Managing Anomaly Detection on OpenShift.pdfTosin Akinosho
Monitoring and Managing Anomaly Detection on OpenShift
Overview
Dive into the world of anomaly detection on edge devices with our comprehensive hands-on tutorial. This SlideShare presentation will guide you through the entire process, from data collection and model training to edge deployment and real-time monitoring. Perfect for those looking to implement robust anomaly detection systems on resource-constrained IoT/edge devices.
Key Topics Covered
1. Introduction to Anomaly Detection
- Understand the fundamentals of anomaly detection and its importance in identifying unusual behavior or failures in systems.
2. Understanding Edge (IoT)
- Learn about edge computing and IoT, and how they enable real-time data processing and decision-making at the source.
3. What is ArgoCD?
- Discover ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes, and its role in deploying applications on edge devices.
4. Deployment Using ArgoCD for Edge Devices
- Step-by-step guide on deploying anomaly detection models on edge devices using ArgoCD.
5. Introduction to Apache Kafka and S3
- Explore Apache Kafka for real-time data streaming and Amazon S3 for scalable storage solutions.
6. Viewing Kafka Messages in the Data Lake
- Learn how to view and analyze Kafka messages stored in a data lake for better insights.
7. What is Prometheus?
- Get to know Prometheus, an open-source monitoring and alerting toolkit, and its application in monitoring edge devices.
8. Monitoring Application Metrics with Prometheus
- Detailed instructions on setting up Prometheus to monitor the performance and health of your anomaly detection system.
9. What is Camel K?
- Introduction to Camel K, a lightweight integration framework built on Apache Camel, designed for Kubernetes.
10. Configuring Camel K Integrations for Data Pipelines
- Learn how to configure Camel K for seamless data pipeline integrations in your anomaly detection workflow.
11. What is a Jupyter Notebook?
- Overview of Jupyter Notebooks, an open-source web application for creating and sharing documents with live code, equations, visualizations, and narrative text.
12. Jupyter Notebooks with Code Examples
- Hands-on examples and code snippets in Jupyter Notebooks to help you implement and test anomaly detection models.
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsDianaGray10
Join us to learn how UiPath Apps can directly and easily interact with prebuilt connectors via Integration Service--including Salesforce, ServiceNow, Open GenAI, and more.
The best part is you can achieve this without building a custom workflow! Say goodbye to the hassle of using separate automations to call APIs. By seamlessly integrating within App Studio, you can now easily streamline your workflow, while gaining direct access to our Connector Catalog of popular applications.
We’ll discuss and demo the benefits of UiPath Apps and connectors including:
Creating a compelling user experience for any software, without the limitations of APIs.
Accelerating the app creation process, saving time and effort
Enjoying high-performance CRUD (create, read, update, delete) operations, for
seamless data management.
Speakers:
Russell Alfeche, Technology Leader, RPA at qBotic and UiPath MVP
Charlie Greenberg, host
Introduction of Cybersecurity with OSS at Code Europe 2024Hiroshi SHIBATA
I develop the Ruby programming language, RubyGems, and Bundler, which are package managers for Ruby. Today, I will introduce how to enhance the security of your application using open-source software (OSS) examples from Ruby and RubyGems.
The first topic is CVE (Common Vulnerabilities and Exposures). I have published CVEs many times. But what exactly is a CVE? I'll provide a basic understanding of CVEs and explain how to detect and handle vulnerabilities in OSS.
Next, let's discuss package managers. Package managers play a critical role in the OSS ecosystem. I'll explain how to manage library dependencies in your application.
I'll share insights into how the Ruby and RubyGems core team works to keep our ecosystem safe. By the end of this talk, you'll have a better understanding of how to safeguard your code.
How information systems are built or acquired puts information, which is what they should be about, in a secondary place. Our language adapted accordingly, and we no longer talk about information systems but applications. Applications evolved in a way to break data into diverse fragments, tightly coupled with applications and expensive to integrate. The result is technical debt, which is re-paid by taking even bigger "loans", resulting in an ever-increasing technical debt. Software engineering and procurement practices work in sync with market forces to maintain this trend. This talk demonstrates how natural this situation is. The question is: can something be done to reverse the trend?
3. January 2012 Threat Report
1 Key Highlights
Facebook Attacks
2 Feature – The year in review
Malware, Spam, Web Security,
3 Trends Compromised Websites and
Zombies
5. Key Security Highlights
Average daily spam/phishing
emails sent
101 Billion
Spam levels increased marginally in
November and December 2011
6. Key Security Highlights
Spam Zombie daily turnover
209,000 Zombies
A very large decrease compared to the
336,000 in Q3
(Zombie turnover is the number of zombies turned off and on daily)
7. Key Security Highlights
Most popular blog topic on
user generated content sites
Streaming media/
downloads (22%)
Streaming media & downloads remains in top
spot but dropped 2% from Q3
Includes sites with MP3 files or music related sites such as fan
pages (these might also be categorized as entertainment)
9. Key Security Highlights
Country with the
most Zombies
India (23.5%)
India increased its share in Q4 to nearly one
quarter of the world’s zombies
10. Key Security Highlights
Website category most likely to
be compromised with malware
Parked Domains
“Parked domains” and “Portals” remained in
the top 2 positions with “pornographic sites”
in 3rd position
11. Feature…
Facebook Attacks
– The year in review
12. Facebook Attacks – 2011
Facebook Attacks in 2011
• Continues to be an attractive target for attacks from
malware distributors, scammers and plain old jokers
• Most Facebook attacks ultimately lead victims to
affiliate marketing/survey sites
• Q4 2011 saw increases in free-merchandise scams
13. Lifecycle of Facebook Attacks
The 3 Stages of Facebook Attacks
Stage 1 – The Catch
The
Catch Enticing offer or information inspiring
action by a Facebook user
Spreading Stage 2 – Spreading the Attack
the Ensure the attacks continues/spreads
Attack
Stage 3 – The Goal
The Goal What the cybercriminals wants
to gain or achieve
14. The Catch - 4 Tactics
The 4 ways Facebook users are tricked into “liking”,
following a link or adding add an app
1. Free goods
– Items ranging from
headphones to gift cards
to unreleased Facebook
phones
2. Sensational headlines on current news issues
Examples:
– Death of Osama Bin videos
– Death of Steve Jobs “free
iPad/iPhone” scams
15. The Catch - 4 Tactics
3. Must see tragic/amazing events with call to action
– Users follow a link, or click
on Like to see a shocking
video/photo, or forward a
chain message
The Spanish in the example above translates to “Look what happens”.
4. Must-have Facebook app download
Example of popular attack:
– Mythical app allowing users
to see who has been viewing
their profile and get a
breakdown of boy and girl
views of their profile
16. The Catch – Summary
Summary of Catch Tactics
• Social engineering is the key to the tactics used to “catch”
Facebook victims
• The tactics are spread nearly evenly between the four tactics
described above
– Most used tactic – “must see this” (36%)
– Most common tactic in second half of 2011 – 26 “free stuff” (26%)
17. Spreading Attacks
How Facebook Attacks are Propagated
• Cybercriminals abuse the inherent trust of Facebook
friends
• 4 main methods for spreading attacks:
1. Tricking users into sharing
2. Likejacking
3. Rogue applications
4. Malware and “self-XSS”
18. Spreading Attacks
Tricking users into sharing
• Users aware that they are liking/sharing a page, but
do so under false pretenses
• Example attacks:
– Scams promising free gift cards
in exchange for like/share
– Users post a hoax they believe
to be true warning other users
about a (nonexistent) virus or
telling them the sad tale of a
(nonexistent) abused child
19. Spreading Attacks
Likejacking
• A common tactic is to entice users to see a video
• The video player may be functional but the page includes
scripts that use any mouse click to generate a “like”
• Users unaware that they have liked a page, but the “like” is
used to lead more friends to the video
20. Spreading Attacks
Rogue applications
• Apps users believe provide worthwhile functionality
– Example: An app promising to reveal who has been
viewing your profile
• Users grant these apps permission to access parts of
their user profile as well as post on their wall
– Wall posts are then used
by the rogue app to
spread out further within
Facebook
21. Spreading Attacks
Malware and “self-XSS”
• Malware unwittingly installed a user's PC hijacks
their Facebook session for posts and other activity
• How it works
– Traditional cross site scripting (XSS) attacks rely on a
hidden script within a webpage to hijacks a Facebook
session
– Self-XSS means that malicious script was activated by a
user (the “self”) giving another site access to the Facebook
session
22. Spreading Attacks
– Users are tricked into activating a script by copying it
directly into their browser
– In most cases scripts will direct to an external site (the
“cross-site” of “cross-site scripting”) and then post a wall
post or an event invite, which others view and in turn
help to further
propagate the
attack
23. Goal of Attacks
Goal of the Facebook Attack
The goal of Cybercriminals with Facebook attacks can
be divided into the following categories:
• Marketing affiliate/survey sites
• Chain posts and hoaxes
• Other
24. Goal of Attacks
Marketing affiliate/survey sites
• Benefit to Cybercriminals:
– Affiliate payments for driving users to specific sites
– Collection of personal data to be used in identity theft
• Users are led to believe that
completion of a form will
result in a free gift (iPhone,
gift card, cap, etc.)
• They may also be tricked
into signing up for
unwanted products
25. Goal of Attacks
Chain Posts and Hoaxes
• The Benefit to Cybercriminals:
– Pranksters having a laugh at the expense of unaware
Internet users
• Users like or share stories of abused children or
devastating computer viruses
• Many of the fake stories were email chain emails
many years ago and have been reused
26. Goal of Attacks
Other types of attack
• Defacement
– Benefit to Cybercriminal: Embarrass Facebook
• Spreading malware
– Benefit to Cybercriminal: Spread malware that steal
passwords or sends spam
• Collecting Likes
– Benefit to Cybercriminal: Generate an enormous number
of likes of a page (several hundred thousand in some
cases) but with no clear further malicious purpose
27. Facebook Attacks Summary
Summary of 2011 Facebook Attacks
Some progress made during 2011 to stop attacks
• Various attacks more quickly detected and removed by
Facebook
• Almost no recent reports of rogue applications compared to
the numerous examples from the first half of the year
• Some attack methods, such as the self-XSS, almost completely
eliminated (due to security updates by major browser
vendors)
• “Free merchandise” scams are still common
28. Q4 Malware Trends
For a complete analysis of Facebook attacks
in 2011, download the complete
January 2012 Internet Threats Trend Report
http://www.commtouch.com/threat-report-january-2012
30. Q4 Malware Trends
• The large amounts of email-malware in 2011 were a
surprise to many analysts
• Analysts had predicted the continued demise of
the spam threat vector following a quiet 2010
• The mass Malware-attachment outbreaks of late Q3
subsided in Q4, as can be seen in the chart below
• Multiple “blended threat” email outbreaks were
tracked by Commtouch in Q4
• Involved emails and malware hosted on
compromised websites
32. Q4 Malware Trends
Top 10 Malware of Q4 2011
Rank Malware name Rank Malware name
1 W32/Swizzor-based!Maximus 6 W32/MyWeb.D
2 W32/Brontok.A.gen!Eldorado 7 W32/Tibs.K.gen!Eldorado
3 JS/IFrame.HC.gen 8 W32/Mabezat.A-2
4 W32/Virut.9264 9 W32/Virtumonde.T.gen!Eldorado
5 W32/Heuristic-210!Eldorado 10 W32/Mywebsearch.B.gen!Eldorado
Source: Commtouch
33. Q4 Malware Trends
For a complete analysis of Malware in Q4 and the
specific attacks employed, download the complete
January 2012 Internet Threats Trend Report
http://www.commtouch.com/threat-report-january-2012
35. Q4 Spam Trends
• Spam levels increased marginally in Nov & Dec but
remained at their lowest in years following the Rustock
botnet takedown in March
• Q3 average spam levels approached 101 billion email
messages
Spam levels – Jan to Dec 2011
Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
Source: Commtouch
36. Q4 Spam Trends
• Spam averaged 77% of all emails in Q4 (excluding emails
with malware attachments)
Spam % of all emails - Jan to Dec 2011
Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
Source: Commtouch
37. Q4 Spam Trends
November Spam Tactics
– Sending spam containing URLs not yet registered
• Several hundred million emails sent out with many thousands of
unregistered URLs
How it Works
• Spam filters with URL reputation systems check if URLs are registered and
when they were registered
– Bad sites usually have registrations that are only several hours old
• If a site is not registered when checked, many URL reputation systems will
not blacklist the site and not pursue further checks
• This loophole allows spammers to send out emails linking to unregistered
URLs and then register them an hour
or so after the outbreak in order to
prevent the URLs from being blocked
38. Q4 Spam Trends
Top Faked (Spoofed) Spam Sending Domains*
• Gmail.com once again the
most spoofed domain
• Facebook related addresses
(unsubscribe.facebook.com)
and facebookmail.com both
feature in the top 15 (often
part of phishing or malware
attacks)
* The domains that are used by spammers
Source: Commtouch in the “from” field of the spam emails.
39. Q4 Spam Trends
Spam Topics
• “Pharmacy spam” increases for second straight quarter (about 2% over
Q3) reaching 31% of all spam
• Dating related spam increased from 2.3% to nearly 12% in the last
quarter of the year
Source: Commtouch
40. Q4 Spam Trends
Find out more about Spam Trends in Q4 by
downloading the complete January
Internet Threats Trend Report
http://www.commtouch.com/threat-report-january-2012
42. Q4 Compromised Websites
Trend: Compromised Websites Store Malware
• Most of the emails carrying malware links in Q4 used
compromised websites
• Example:
The “speeding fine”
link directs to
JavaScript malware on
a legitimate site called
“jemgaming.net”.
Source: Commtouch
43. Q4 Compromised Websites
Trend: Compromised sites used as redirect points to
pharmacy and enhancer websites
• Majority of the exploited sites were using the WordPress
content management system
• Spammers exploited a vulnerability in WordPress or in a
plugin in order to hide the redirect pages
• Before being redirected users are shown an initial page
hidden within one of the WordPress subdirectories (see image
below)
44. Q4 Compromised Websites
Compromised
site shows
message before
redirecting
Destination
enhancer site
Homepage of the
compromised
WordPress site
with no change
in functionality
45. Q4 Compromised Websites
Website categories infected with malware
• Parked domains and Portals remained in the top 2 positions
with pornographic sites in 3rd position
(As noted in previous reports, the hosting of malware may well be the
intention of the owners of the parked domains and pornography sites)
Rank Category Rank Category
1 Parked Domains 6 Entertainment
2 Portals 7 Shopping
3 Pornography/Sexually Explicit 8 Health & Medicine
4 Education 9 Travel
5 Business 10 Computers & Technology
Source: Commtouch
Portals category includes sites offering free homepages, which are
often abused to host phishing and malware content or redirects to
other sites with this content
46. Q4 Compromised Websites
Website categories infected with phishing
• This is an analysis of which categories of legitimate Web sites
were most likely to be hiding phishing pages (usually without
the knowledge of the site owner)
• Sites related to games ranked highest in Q4, similar to Q3
Rank Category Rank Category
1 Games 6 Sports
2 Portals 7 Business
3 Shopping 8 Leisure & Recreation
4 Education 9 Entertainment
5 Fashion & Beauty 10 Real Estate
Source: Commtouch
Portals category includes sites offering free homepages, which are
abused to host phishing and malware content.
47. Q4 Compromised Websites
Download the complete January 2012 Internet
Threats Trend Report for more details
http://www.commtouch.com/threat-report-january-2012
49. Q4 Zombie Trends
Daily Turnover of Zombies in Q4
• Q4 saw an average turnover of 209,000 zombies each day
that were newly activated for sending spam
• A very large decrease compared to the 336,000 of Q3 2011
• Average turnover for all of 2011 – 297,500 zombies per day
Daily newly activated spam zombies: Jan to Dec 2011
Source: Commtouch
50. Q4 Zombie Trends
Worldwide Zombie Distribution in Q4
Source: Commtouch
• India again claimed the top zombie producer title, increasing its
share to nearly a quarter of the world’s zombies
• Brazil, once a fixture in first position, continued to drop
– this quarter to 6th position (a further drop of around 3%)
• Peru and Kazakhstan joined the top 15, displacing Saudi Arabia
and Columbia
51. Q4 Zombie Trends
Download the complete January 2012 Internet
Threats Trend Report for more details
http://www.commtouch.com/threat-report-january-2012
53. Q4 Web 2.0 Trends
Web 2.0 Trends
• “Streaming media and downloads” was again the most
popular blog or page topic, but dropped 2% in Q4
Rank Category Percentage Rank Category Percentage
1 Streaming Media & Downloads 22% 8 Arts 5%
2 Computers & Technology 8% 9 Sports 4%
3 Entertainment 7% 10 Education 4%
4 Pornography/Sexually Explicit 6% 11 Leisure & Recreation 3%
5 Fashion & Beauty 5% 12 Health & Medicine 3%
6 Restaurants & Dining 5% 13 Games 3%
7 Religion 5% 14 Sex Education 2%
Source: Commtouch
The streaming media & downloads category includes sites with MP3 files or
music related sites such as fan.
55. Review of Q4 2011
October November December
Lowest Most
spam per Speeding Spam ratio Phony airline spam per Better
ticket email- reaches low Facebook itineraries lead Facebook day: 138 business
day: 60
malware of 73% defacement to malware free gift billion bureau
billion
attack card scams malware
Pizza
Free iPhone Compromised ACH malware
Unregistered “look what
scams WordPress transaction James
domains used happens”
following sites host cancelled Cameron
in spam Facebook
death of malware malware new movie
emails bikini girl
Steve Jobs emails malware
likejacking
Source: Commtouch
56. Download the complete January 2012
Internet Threats Trend Report
at
http://www.commtouch.com/threat-report-january-2012
57. For more information contact:
info@commtouch.com
650 864 2000 (Americas)
+972 9 863 6895 (International)
Web: www.commtouch.com
Blog: http://blog.commtouch.com