The document discusses various security issues related to using the internet and networking. It introduces basic security concepts like confidentiality, integrity and availability. It then examines specific problems such as hijacked web servers, denial of service attacks, unsolicited commercial email, operator errors and natural disasters. It also defines and explains security terms like probes, scans, packet sniffers and malicious code. The overall document provides a high-level overview of internet security risks and challenges.
Cyber Security Awareness Training by Win-ProRonald Soh
Businesses are becoming more vulnerable to Cyber Security Threats.Especially, Small and Medium Businesses (SMB) that may not have the huge budget to spend more security to protect their business. This cyber security presentation will help to understand and help SMB mitigate risks by making some changes in their business.
Cyber security awareness training by cyber security infotech(csi), Information Security,
website development company,
Employee Monitoring System,
Employee Monitoring Software
Cyber Security Awareness Training by Win-ProRonald Soh
Businesses are becoming more vulnerable to Cyber Security Threats.Especially, Small and Medium Businesses (SMB) that may not have the huge budget to spend more security to protect their business. This cyber security presentation will help to understand and help SMB mitigate risks by making some changes in their business.
Cyber security awareness training by cyber security infotech(csi), Information Security,
website development company,
Employee Monitoring System,
Employee Monitoring Software
Cyber-Espionage: Understanding the Advanced Threat LandscapeAaron White
Cutting through the APT hype to help businesses prevent, detect and mitigate advanced threats.
Sophisticated cyber-espionage operations aimed at pilfering
trade secrets and other sensitive data from corporate networks currently present the biggest threat to businesses. Advanced threat actors ranging from nation-state adversaries to organized cyber-crime gangs are using zero-day exploits, customized malware toolkits and clever social engineering tricks to break into corporate networks, avoid detection,
and steal valuable information over an extended period
of time.
In this presentation, we will cut through some of the hype
surrounding Advanced Persistent Threats (APTs), explain the
intricacies of these attacks and present recommendations to
help you improve your security posture through prevention,
detection and mitigation.
Introduction to Cyber Crime is very necessary and useful for Forensic Science students serving in the cybercrime field and also useful for the general public. Types and Examples of Cyber Crime, How to prevent and report cybercrime, investigating cybercrime.
This lecture includes introduction to computers security and privacy. This lecture include basic concepts of terminologies and technologies involve in current securities and privacy needs.
Cyber-Espionage: Understanding the Advanced Threat LandscapeAaron White
Cutting through the APT hype to help businesses prevent, detect and mitigate advanced threats.
Sophisticated cyber-espionage operations aimed at pilfering
trade secrets and other sensitive data from corporate networks currently present the biggest threat to businesses. Advanced threat actors ranging from nation-state adversaries to organized cyber-crime gangs are using zero-day exploits, customized malware toolkits and clever social engineering tricks to break into corporate networks, avoid detection,
and steal valuable information over an extended period
of time.
In this presentation, we will cut through some of the hype
surrounding Advanced Persistent Threats (APTs), explain the
intricacies of these attacks and present recommendations to
help you improve your security posture through prevention,
detection and mitigation.
Introduction to Cyber Crime is very necessary and useful for Forensic Science students serving in the cybercrime field and also useful for the general public. Types and Examples of Cyber Crime, How to prevent and report cybercrime, investigating cybercrime.
This lecture includes introduction to computers security and privacy. This lecture include basic concepts of terminologies and technologies involve in current securities and privacy needs.
This gives insight on how people manipulate online servers to do harm, *without* exposing security risks.This simply explains whats going on during this activity and how to protect yourself.
Presentation of Social Engineering - The Art of Human Hackingmsaksida
Nowadays if you want to hack a corporation or damage a personal "enemy" fast, Social Engineering techniques work every time and more often than not it works the first time. Within the presentation you will be able to learn what social engineering is, types of social engineering and related threats.
Social Engineering - Human aspects of grey and black competitive intelligence. What is social engineering? How it is used in the context of competitive intelligence and industrial espionage? How to recognize HUMINT / social engineering attacks? Which governments are known to use it?
This presentation includes 60+ slides that mainly deals with three Computer Security aspects i.e
1. Security Attacks and Threats
2. Security Services
3. Security Mechanisms
Along with that we've also includes Security Awareness and Security Policies
orientation of CS awareness.orientation of CS awareness.orientation of CS awareness.orientation of CS awareness.orientation of CS awareness.orientation of CS awareness.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
2. Introduction
• As of 1996, the Internet connected an
estimated 13 million computers in 195
countries on every continent, even
Antarctica . The Internet is not a single
network, but a worldwide collection of loosely
connected networks that are accessible by
individual computer hosts in a variety of ways,
including gateways, routers, dial-up
connections, and Internet service providers.
3. Introduction
• The Internet is easily accessible to anyone
with a computer and a network connection.
Individuals and organizations worldwide can
reach any point on the network without
regard to national or geographic boundaries
or time of day.
4. Introduction
• However, along with the convenience and
easy access to information come new risks.
Among them are the risks that valuable
information will be lost, stolen, corrupted, or
misused and that the computer systems will
be corrupted. If information is recorded
electronically and is available on networked
computers, it is more vulnerable than if the
same information is printed on paper and
locked in a file cabinet.
5. Introduction
• Intruders do not need to enter an office or
home, and may not even be in the same
country. They can steal or tamper with
information without touching a piece of paper
or a photocopier. They can create new
electronic files, run their own programs, and
hide evidence of their unauthorized activity.
6. Basic Security Concepts
• Three basic security concepts important to
information on the Internet are
confidentiality, integrity, and availability.
Concepts relating to the people who use that
information are authentication, authorization,
and nonrepudiation.
7. Basic Security Concepts
• Confidentiality - restricting access to
information to authorized users.
• Integrity - ensuring that stored data and data
in transit are not modified unintentionally or
maliciously.
• Availability - ensuring that network services
are not interrupted unintentionally or
maliciously.
8. Internet Security Today
• What are the main security-related problems on
the Internet Today?
– Hijacked web servers
– Denial-of-Service Attacks
– Unsolicited Commercial E-Mail
– Operator Error, Natural Disasters
– Microsoft...
– Probe
– Scan
– Packet Sniffer
– Malicious Code
9. Internet Security Today
• What are not the major security-related
problems?
– Eavesdropped electronic mail.
• (Misdirected email is a problem.)
• (Email swiped from backup tapes is a problem.)
– Sniffed credit card numbers.
• (Credit card numbers stolen from databases is a
problem.)
– Hostile Java & ActiveX applets.
11. Hijacked Web Servers
• FBI
– August 17, 1996 - Attacks on the Communications
Decency Act.
• CIA
– September 18, 1996 - “Central Stupidity Agency”
• NetGuide Live
– “CMP Sucks.”
12. Hijacked Web Servers
• Attacker gains access and changes contents of
web server.
• Usually stunts.
• Can be very bad:
– Attacker can plant hostile applets.
– Attacker can plant data sniffers
– Attacker can use compromised machine to take
over internal system.
13. Hijacked Web Servers
• Usually outsiders.
• (Could be insiders masquerading as outsiders.)
• Nearly impossible to trace.
14. How do they do it?
• Administrative passwords captured by a
password sniffer.
• Utilize known vulnerability:
– sendmail bug.
– Buffer overflow.
• Use web server CGI script to steal /etc/passwd
file, then crack passwords.
• Mount the web server’s filesystem.
15. How do you defend against it?
• Patch known bugs.
• Don’t run unnecessary services on the web
server.
16. How do you defend?
• Practice good host security.
• Monitor system for unauthorized changes.
– Tripwire
• Monitor system for signs of penetration
– Intrusion detection systems
17. How do you defend?
• Make frequent backups.
• Have a hot spare ready.
• Monitor your system frequently.
19. Denial-of-Service
• Publicity is almost as good as changing
somebody’s web server.
– Attack on PANIX
– Attack on CyberPromotions
• Costs real money
– Lost Sales
– Damage to reputation
20. Kinds of Denial-of-Service Attacks
• Direct attack: attack the machine itself.
• Indirect attack: attack something that points
to the machine.
• Reputation attack: attack has nothing to do
with the machine, but references it in some
way.
21. Direct Denial-Of-Service Attack
• Send a lot of requests
(HTTP, finger, SMTP)
– Easy to trace.
– Relatively easy to defend against with TCP/IP
blocking at router.
22. Direct Denial-Of-Service Attack 2
• SYN Flooding
– Subverts the TCP/IP 3-way handshake
• SYN / ACK / ACK
– Hard to trace
• Each SYN has a different return address.
– Defenses now well understood
• Ignore SYNs from impossible addresses.
• Large buffer pools (10 → 1024)
• Random drop, Oldest drop.
23. Indirect Denial-Of-Service Attack
• Attack Routing
• Attack routers (hard)
• Inject bogus routes on BGP4 peering sessions
(easy)
– Accidents have been widely reported.
– Expect to see an actual BGP4 attack sometime this
year.
24. Reputation-based Denial-Of-Service Attack
• Spoofed e-mail
To: everybody@AOL.COM
From: astrology@mail.vineyard.net
Subject: Call Now!
Hello. My name is Jean Dixon …
• We got 3.9MB of angry responses.
26. Unsolicited Commercial E-Mail
• Pits freedom-of-speech against right of
privacy.
• Consumes vast amounts of management time.
• Drain on system resources.
27. Who are the bulk-mailers?
• Advertising for Internet neophytes.
• Advertising for sexually-oriented services.
• Advertising get-rich-quick schemes.
• Advertising bulk-mail service.
28. How do they send out messages?
• Send directly from their site.
• Send through an innocent third party.
• Coming soon:
– Sent with a computer virus or ActiveX applet
29. How did they get my e-mail addresses?
• Usenet & Mailing list archives.
• Collected from online address book.
– AOL registry.
– University directory.
• Guessed
– Sequential CompuServe addresses.
• Break into machine & steal usernames.
31. Operator Error & Natural Disasters
• Still a major source of data loss.
• Hard to get management to take seriously.
– Not sexy.
– Preparation is expensive.
– If nothing happens, money seems misspent.
32. Operator Error
• Accidentally delete a file.
• Accidentally install a bad service.
• Accidentally break a CGI script.
• Psychotic break.
34. Solutions
• Frequent Backups
– Backup to high-speed tape.
– Real-time backup to spare machines.
– Make sure some backups are off-site.
• Recovery plans.
• Recovery center.
• Test your backups & plans!
36. Microsoft
• Danger of homogeneous environment.
• No demonstrated commitment to computer
security.
– Windows 95 is not secure.
– Word Macro Viruses.
– ActiveX
– SMB
• Windows NT …?
37. Probe
• A probe is characterized by unusual attempts
to gain access to a system or to discover
information about the system. One example is
an attempt to log in to an unused account.
Probing is the electronic equivalent of testing
doorknobs to find an unlocked door for easy
entry. Probes are sometimes followed by a
more serious security event, but they are
often the result of curiosity or confusion.
38. Scan
• A scan is simply a large number of probes
done using an automated tool. Scans can
sometimes be the result of a misconfiguration
or other error, but they are often a prelude to
a more directed attack on systems that the
intruder has found to be vulnerable.
39. Packet Sniffer
• A packet sniffer is a program that captures
data from information packets as they travel
over the network. That data may include user
names, passwords, and proprietary
information that travels over the network in
clear text. With perhaps hundreds or
thousands of passwords captured by the
sniffer, intruders can launch widespread
attacks on systems.
40. Malicious Code
• Malicious code is a general term for programs
that, when executed, would cause undesired
results on a system. Users of the system usually
are not aware of the program until they discover
the damage. Malicious code includes Trojan
horses, viruses, and worms. Trojan horses and
viruses are usually hidden in legitimate programs
or files that attackers have altered to do more
than what is expected. Worms are self-replicating
programs that spread with no human
intervention after they are started.
41. Malicious Code
• Viruses are also self-replicating programs, but
usually require some action on the part of the
user to spread inadvertently to other
programs or systems. These sorts of programs
can lead to serious data loss, downtime,
denial of service, and other types of security
incidents.