View
142
Download
2
Category
Tags:
Preview:
DESCRIPTION
Browser Vulnerabilities are the prime source of internet threats these days- i mean it
Citation preview
Your computer vulnerabilities
ONLINE THREATS
JULY MONTH FOCUS ON THE THREAT: BROWSER ATTACKS
A New Security Series program for Evoke: Laws-of-Vulnerabilities
BROWSER EXPLOITS
Browser Exploit Family
• Adware• Internet fraud• Malware• Phishing• Spam • Spyware• --------AND
YOU
Don’t get shocked.As long as you do not LISTEN to
IT Security recommendations, you are also part of it
Where do browser exploits come from?
• When there is a weakness in your browser or if browser security is set low, vulnerabilities can be exploited by cyber crooks.
• For example, ActiveX scripts could install by themselves which can be used to change policies and change a program to make its removal difficult.
• Users can be tricked into downloading and installing a hijack themselves.
• Some browser exploits come in the form of an error report that appears to be from the user's own PC.
• Malicious websites can give instructions to install a particular plug-in to view the site correctly and others make the user believe they are getting a browser enhancement or a system update.
Bogus Alert
Bogus Alert
Bogus Alert
Bogus Alert
Bogus Alert
Bogus Alert
“Browser Pop-Ups!” – Pop-up ads is classified as a malignant adware
program which silently get sneaked and produces numerous malevolent activities to make it corrupt as well as unusable.
– It will block your IP address and utilize all your system resources to make your system unusable.
Bundled Software along with Browsers is a potential threat
That was “ Magneto”
• So do not install Browsers as part of bundled downloads.
• Example: – When you install Adobe Reader they offer Chrome
Download.– And When you are installing Chrome, they offer
“Magneto” installation.– These CHAINED Bundles are highly Dangerous
BE AWAREBE AD-AWAREKNOW YOUR BROWSER
DO YOU WANT TO BECOME A VICTIM?
TOGETHER LET US BUILD A GREAT DEFENSE AGAINST THESE BROWSER ATTACKS
Never DISABLE the firewall which helps you to protect your
computer from incoming attacks as well as programs that try to
transmit data from your computer
Never accept files from someone you don't know
Use caution when downloading files
Scan downloaded software before executing
Disable ActiveX, Java and JavaScript objects if possible
Block pop-up windows, some of which may be malicious and hide attacks. This may block malicious software from being downloaded
to your computer.
Consult website reputation scorecard for more information on
unknown sites
Type the URL/Address
You should see all GREENS
UNINSTALL ANY BROWSER PLUGIN & TOOLBAR
Mega Suggestion
Take this Oath
• I will consult IT for any support, even so small• I will right away UNINSTALL all tool bars• I will Google and find out how to SECURE my
Browsers• This week end is dedicated to my SYSTEM
CLEANUP
Recent Browser Attacks
How IT is building Resilience in next few days for us?
• Hardening OS – We are deploying the following through group Policy– Advancements in security architecture, such as
inclusion of Data Execution Prevention (DEP), Address Space Layout Randomization (ASLR) as a standard item in the operating system and improved memory allocation algorithms.
How IT is building Resilience in next few days for us?
• Inclusion of anti-malware in the operating system.
• CSC systems already have this• ALL Evoke to have it soon
We are actively working on
• Drive-By Downloads:– Drive-by downloads are typically deployed by
hackers who have taken advantage of Web vulnerabilities such as SQL injection that can be exploited to "allow attackers to change the content of a website,”
We are actively working on
• Clickjacking:– The purpose of this attack is to open the target
website in an invisible frame and get the user to click somewhere in the frame when they don't even know they're clicking in that website
• "The pop-up itself is not harmful, but if you click the button, you open the gate to infect your machine,"
We are actively working on• Plug-In- And Script-Enabled Attacks:
– Not only do attackers look for vulnerabilities within the browser itself, they also frequently ferret out bugs in browser plug-ins and scripting programming to help them carry out drive-by downloads and clickjacking attacks.
• In particular, companies should be wary of Java.
• It's one of the most susceptible languages to attack, and Java is a favorite among criminals to begin Web attacks that can get them deep within an enterprise network.
• Unless there's a pressing need for a business application that requires Java, IT should uninstall the plug-in altogether.
SAVE YOURSELF
SAVE OUR ORGANIZATION
Have Gr8 Browsing days ahead
Credits• My Financier– Ramesh Madala
• Themes– Linkin Park– Armin Van Burren– Trivikram ( అత్తా� రిం�టికి దారేది fame)
• Tools– Itubesoft– Youtubedownloader– Xilisoft video cutter
• ThreatPost.com• slate.com• Wired.com• Qualys.com• Fireeye.com• Extremetech.com• Symantec.com• Myot.com (My Web of Trust)• Sans.org• Krebsonsecurity.com• Beefproject.com (Browser Exploitation Framework
Project)• Mozilla Development Team Blog• Chrome Beta Team Blog• Microsoft IE Bulletin Blog• Evoke IT Team
Gladiator Stays Here
Radiator Stays Here
Take a
Wise Choice
I Listen to IT I Don’t Listen
THANK YOU ALL
Recommended