How Cyber Attack Works?

Also Visit:
https://www.linkedin.com/pulse/how-cyber-attack-works-pradeep-m-s-?published=t

https://www.linkedin.com/in/pradeep-m-s-699a2522/detail/recent-activity/shares/

Vishing Attack

Vishing Attack

Vishing (voice or VoIP phishing) is an electronic fraud tactic in which individuals are tricked into revealing critical financial or personal information to unauthorized entities. Vishing works like phishing but does not always occur over the Internet and is carried out using voice technology. A vishing attack can be conducted by voice email, VoIP (voice over IP), or landline or cellular telephone.

Probable Root cause:

·      Vishing attacks usually have a recorded message that tells users to call a toll-free number. Attackers use a technique called caller ID spoofing to make it look like calls are coming from a legitimate or known phone number.

·      It's a very similar technique to email spoofing, which makes e-mail addresses look like they are coming from a trusted source. But because people typically trust the phone service and caller ID, spoofing phone numbers can be particularly damaging.

 Probable Recommendations:

Consumers can protect themselves by suspecting any unsolicited message that suggests they are targets of illegal activity, no matter what the medium or apparent source. Rather than calling a number given in any unsolicited message, a consumer should directly call the institution named, using a number that is known to be valid, to verify all recent activity and to ensure that the account information has not been tampered.

Also Refer:

https://www.linkedin.com/pulse/vishing-attack-pradeep-m-s-?published=t

https://www.linkedin.com/in/pradeep-m-s-699a2522/detail/recent-activity/shares/

-->

Facebook page Takeover

Insecure direct object reference vulnerability in Facebook Business Manager

A path traversal attack (also known as directory traversal) aims to access files and directories that are stored outside the web root folder. By manipulating variables that reference files with “dot-dot-slash (../)” sequences and its variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on file system including application source code or configuration and critical system files. This attack is also known as “dot-dot-slash”, “directory traversal”, and “directory climbing and backtracking”.

Probable Root Cause:

·      Incorrectly set file permissions
Index-able directories allow an attacker to easily discover the existence of

·      content on your web server that should remain private.
Temporary files, if exposed to unauthorized users, may expose private and

·      confidential information, or allow an attacker to become an authorized user depending on the level of vulnerability.

·      It is common for system administrators and developers to use editors and other tools which create temporary old files. If the file extensions or access control permissions change, an attacker may be able to read source or configuration data

Possible Recommendations:

·      Validate file paths and names to avoid canonicalization bugs, canonicalize the file name by using the System.IO.Path.GetFullPath method.
Use proper file permissions to ensure that only authorized users can access sensitive files.

·      Filter any user input. Ideally remove everything but the known good data and filter meta-characters from the user input.

·      Prefer working without user input when using file system calls.

·      Manually review web directory contents for unnecessary files which could be discovered by an attacker, such as documentation, template, example files, which could be used by an attacker to identify attackable surface area. 

Also Refer: https://www.linkedin.com/in/pradeep-m-s-699a2522/detail/recent-activity/shares/

https://www.linkedin.com/pulse/facebook-page-takeover-pradeep-m-s-

-->